How can I return user ID with token in Django?

2020-02-14 04:30发布

站内问答 / Python
958 3 5

I generate tokens using default view in Django:

url(r'^login/', rest_auth_views.obtain_auth_token),

I have a problem because my front-end doesn't know what is the currently logged in user ID.

Should I return it with token or maybe create some another request?

I know that there is a lot of different ways, but I would like to choose the most optimal solution.

3条回答
Explosion°爆炸
2楼-- · 2020-02-14 05:11

I think the good practice will be to return user details in the response of login api.

If your built_in view doesn't return user details you can may be override the post method of obtain_auth_token. I once did this for djangorestframework-jwt obtain token method

def post(self, request, *args, **kwargs):
    serializer = self.get_serializer(data=request.data)

    if serializer.is_valid():
        user = serializer.object.get('user') or request.user
        token = serializer.object.get('token')
        response_data = {
            'token': token,
            'user': UserSerializer(user).data
        }
        response = Response(response_data, status=status.HTTP_200_OK)
        if api_settings.JWT_AUTH_COOKIE:
            expiration = (datetime.utcnow() +
                          api_settings.JWT_EXPIRATION_DELTA)
            response.set_cookie(api_settings.JWT_AUTH_COOKIE,
                                response.data['token'],
                                expires=expiration,
                                httponly=True)
        return response

    return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)

by default response_data dict only had token details i added user object as well to achieve what you are trying to do.

查看更多
0人赞 添加讨论(0) 举报
爱情/是我丢掉的垃圾
3楼-- · 2020-02-14 05:16

if you need to get user information on a webpage, you need to pass user information in a response of Login API or other API.

While using Token based authentication, after login, access token and refresh token are generated which are shall be given to client in login API response. This access token shall be passed in header as:

Authorization : Bearer <insert token here>

You need to put authentication_classes = [OAuth2Authentication] in your view.

This will validate the if user is logged in also you will get to access logged in user's information by user=request.user.

查看更多
0人赞 添加讨论(0) 举报
对你真心纯属浪费
4楼-- · 2020-02-14 05:19

You could override rest_framework.authtoken.views.ObtainAuthToken.post in order to get the result you want.

myapp/views.py

from rest_framework.authtoken.views import ObtainAuthToken
from rest_framework.authtoken.models import Token
from rest_framework.response import Response


class CustomObtainAuthToken(ObtainAuthToken):
    def post(self, request, *args, **kwargs):
        response = super(CustomObtainAuthToken, self).post(request, *args, **kwargs)
        token = Token.objects.get(key=response.data['token'])
        return Response({'token': token.key, 'id': token.user_id})

myapp/urls.py

from django.conf.urls import url

from .views import CustomObtainAuthToken

urlpatterns = [
    url(r'^authenticate/', CustomObtainAuthToken.as_view()),
]

Sample results

$ http :8000/authenticate/ username=someuser password=secretpassword
HTTP/1.0 200 OK
Allow: POST, OPTIONS
Content-Language: en
Content-Type: application/json
Date: Tue, 22 Mar 2017 18:30:10 GMT
Server: WSGIServer/0.2 CPython/3.5.1
Vary: Accept-Language, Cookie
X-Frame-Options: SAMEORIGIN

{
    "id": 16, 
    "token": "82e0bc9980a6b2c9a70969b0f8dc974418dda399"
}

The idea here is to override the post method of the ObtainAuthToken view class. Here all I have done is call the parent class to get the token, then look up that token to find the associated user id.

Hope that helps.

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(5)