1. 首頁
  2. 問答
  3. Tastypie登錄

Tastypie登錄

2013-04-27 87 views
0

我想創建登錄資源,但我不能把握怎麼辦呢:(Tastypie登錄

我有我的UserResource,我認爲這將是最好用LoginResource作爲登錄方法。

class UserResource(ModelResource): 
     foreign_key = ForeignKey(ForeignResource, 'foreign_key', null=True) 
     ... 
     class Meta: 
      queryset = User.objects.all() 
      allowed_methods = ['post'] 
      resource_name = 'user' 
      authentication = ApiKeyAuthentication() 
      authorization = Authorization() 

     def obj_create(self, bundle, **kwargs): 
      try: 
       bundle = super(UserResource, self).obj_create(bundle, **kwargs) 
       bundle.obj.set_password(bundle.data.get('password')) 
       bundle.obj.save() 
      except IntegrityError: 
       raise BadRequest(_("A user with that username already exists.")) 
      return bundle

所以,我應該怎麼辦LoginResource實現,這是多遠,我已經得到了:)

class LoginResource(ModelResource): 
    pass

我的願望是發送(POST/GET)/ V1 /登錄/用戶名和密碼然後如果登錄成功返回用戶對象,如果我有GET/v1/user/1 /。

在此先感謝!

來源

2013-04-27 mbogh

回答

0

您需要做的幾件事情,

  1. 限制用戶對象是那些涉及到使用授權類request.user。在資源類
  2. 使用prepend_urls來釘在登錄和註銷的觀點

舉個例子:https://gist.github.com/airtonix/5473873

一些代碼可能是可怕的攻擊性的人比我更能幹,但是這絕對是你想要標題的方向。

來源

2013-04-27 17:44:39 airtonix

+0

雖然你可以這樣做,但對我而言,僅僅使用Apikey athentication和授權類來限制對記錄的訪問會更好。 – airtonix 2013-04-27 17:49:11

0

像這樣的東西應該工作(未經測試):

class UserResource(ModelResource): 
    class Meta: 
     queryset = User.objects.all() 
     fields = ['first_name', 'last_name', 'email'] 
     allowed_methods = ['get', 'post'] 
     resource_name = 'user' 

    def override_urls(self): 
     return [ 
      url(r"^(?P<resource_name>%s)/login%s$" % 
       (self._meta.resource_name, trailing_slash()), 
       self.wrap_view('login'), name="api_login"), 
      url(r'^(?P<resource_name>%s)/logout%s$' % 
       (self._meta.resource_name, trailing_slash()), 
       self.wrap_view('logout'), name='api_logout'), 
     ] 

    def login(self, request, **kwargs): 
     self.method_check(request, allowed=['post']) 

     username = request.POST.get('username', '') 
     password = request.POST.get('password', '') 

     user = authenticate(username=username, password=password) 
     if user: 
      if user.is_active: 
       login(request, user) 
       kwargs = {'pk': user.id, 'api_name': u'v1', 'resource_name': u'user'} 
       return self.get_detail(request, **kwargs) 
      else: 
       return HttpResponse(status=401) 
     else: 
      return HttpResponse(status=401) 

    def logout(self, request, **kwargs): 
     self.method_check(request, allowed=['get']) 
     if request.user and request.user.is_authenticated(): 
      logout(request) 
      return self.create_response(request, { 'success': True }) 
     else: 
      return self.create_response(request, { 'success': False }, HttpUnauthorized)

然後,你可以這樣做:

curl --dump-header - -H "Content-Type: application/json" -X POST --data '{"username" : "me", "password": "l33t"}' http://localhost:8000/api/v1/user/login/

它應該給你成功登錄的用戶對象。

來源

2013-06-29 21:51:25

相關問題

 相關問題