什么是第二个' auth' authentication.BaseAuthentication.authenticate的返回签名中的参数?

时间:2014-04-21 09:01:32

标签: python django authentication django-rest-framework

请参阅http://www.django-rest-framework.org/api-guide/authentication#example

“如果身份验证成功,该方法应返回(用户,身份验证)的两元组...”

return (user, None)

第二个'auth'论点究竟是什么?在所有的例子中,我看到它总是没有。是否存在其他情况?

1 个答案:

答案 0 :(得分:1)

阅读source

我认为auth参数由使用access_tokens的身份验证方法使用。

让我们来看一个例子。

class TokenAuthentication(BaseAuthentication):
    """
    Simple token based authentication.

    Clients should authenticate by passing the token key in the "Authorization"
    HTTP header, prepended with the string "Token ".  For example:

        Authorization: Token 401f7ac837da42b97f613d789819ff93537bee6a
    """

    model = Token
    """
    A custom token model may be used, but must have the following properties.

    * key -- The string identifying the token
    * user -- The user to which the token belongs
    """

    def authenticate(self, request):
        auth = get_authorization_header(request).split()

        if not auth or auth[0].lower() != b'token':
            return None

        if len(auth) == 1:
            msg = 'Invalid token header. No credentials provided.'
            raise exceptions.AuthenticationFailed(msg)
        elif len(auth) > 2:
            msg = 'Invalid token header. Token string should not contain spaces.'
            raise exceptions.AuthenticationFailed(msg)

        return self.authenticate_credentials(auth[1])

    def authenticate_credentials(self, key):
        try:
            token = self.model.objects.get(key=key)
        except self.model.DoesNotExist:
            raise exceptions.AuthenticationFailed('Invalid token')

        if not token.user.is_active:
            raise exceptions.AuthenticationFailed('User inactive or deleted')

        return (token.user, token)

    def authenticate_header(self, request):
        return 'Token'

您将看到authenticate()调用authenticate_credentials(),它返回用户对象和访问令牌。

相关问题
最新问题