我的Django项目是一个具有以下目录结构的网站:
project
-- main_folder
-- settings.py
-- views.py
-- urls.py [1]
-- ...
-- app_folder
-- views.py
-- urls.py [2]
-- ...
-- not_app_folder
-- views.py
-- urls.py [3]
-- ...
-- manage.py
我在urls.py [1]中使用此代码对用户进行身份验证:
from django.contrib.auth import views as auth_views
...
urlpatterns = [
url(r'^login/$', auth_views.login),
...
]
我的代码已成功处理了Django 1.9的所有网站页面(模板方法{% if user.is_authenticated %}在所有网页上都返回true)。
升级后的身份验证在urls.py [1]文件的所有网址上运行良好,但是当我移动到urls.py [2](它是应用程序目录)或urls.py [3]中提到的页面时(这很简单)目录),模板方法{% if user.is_authenticated %}返回false(我对所有页面都有相同的模板)。
Django 1.10中有哪些变化以及如何在网站的任何页面上保持身份验证?
答案 0 :(得分:0)
升级Django时应该非常小心。许多功能已被弃用但仍在工作,而不是预期的。
这段代码在Django 1.9中运行良好:
vars = RequestContext(request, {'key': 'value'})
return render_to_response('template.html', vars)
但render_to_response很快就会被弃用,对于Django 1.10,你应该写:
return render(request, 'template.html', {'key': 'value'})
您拥有的应用程序或views.py个文件数量没有差异。用户身份验证现在可以正常工作。
答案 1 :(得分:-1)
我使用我在https://djangosnippets.org/snippets/2845/找到的这个中间件。
它甚至在URL(LOGIN_EXEMPT_URLS)上有正则表达式白名单
# -*- coding: UTF-8 -*-
# django dependencies
from django.contrib.auth.views import redirect_to_login
from django.contrib.auth import REDIRECT_FIELD_NAME
from django.conf import settings
# python dependencies
from re import compile
#---#
EXEMPT_URLS = [compile(settings.LOGIN_URL.lstrip('/'))]
if hasattr(settings, 'LOGIN_EXEMPT_URLS'):
EXEMPT_URLS += [compile(expr) for expr in settings.LOGIN_EXEMPT_URLS]
#---#
class LoginRequiredMiddleware:
"""
Middleware that requires a user to be authenticated to view any page other
than LOGIN_URL. Exemptions to this requirement can optionally be specified
in settings via a list of regular expressions in LOGIN_EXEMPT_URLS (which
you can copy from your urls.py).
Requires authentication middleware and template context processors to be
loaded. You'll get an error if they aren't.
"""
def process_request(self, request):
assert hasattr(request, 'user'), ("The Login Required middleware "
"requires authentication middleware to be installed. Edit "
"your MIDDLEWARE_CLASSES setting to insert "
"'django.contrib.auth.middlware.AuthenticationMiddleware'. "
"If that doesn't work, ensure your "
"TEMPLATE_CONTEXT_PROCESSORS setting includes "
"'django.core.context_processors.auth'.")
if not request.user.is_authenticated():
path = request.path_info.lstrip('/')
if not any(m.match(path) for m in EXEMPT_URLS):
path = request.get_full_path()
return redirect_to_login(path, settings.LOGIN_URL,
REDIRECT_FIELD_NAME)
只需将django.contrib.auth.middleware.*AuthenticationMiddleware放在MIDDLEWARE_CLASSES的设置中即可。如果你没有它,你必须添加它。
MIDDLEWARE_CLASSES = (
'django.middleware.security.SecurityMiddleware',
...
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
'sis_tools.middleware.LoginRequiredMiddleware', # <-- HERE
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'django.middleware.cache.FetchFromCacheMiddleware',
)
白名单与urls.py类似,因此您可以像这样使用它:
LOGIN_EXEMPT_URLS = ( r'^about.html$', r'^legal/',)
这样,用户就可以访问页面sample.com/about.html以及sample.com/legal/*
此外,您必须在设置LOGIN_URL中设置您的登录页面,如下所示:
LOGIN_PAGE = "/accounts/login"
如果用户在登录页面上进入网站,将LOGIN_REDIRECT_URL url设置为跳转位置也很方便。
LOGIN_REDIRECT_URL = "/"