我为两种不同类型的用户创建了自定义身份验证后端。用户可以使用他们的帐户登录和注销。但是,有时它会导致无限循环。导致此类错误的可能原因是什么?
控制台中的部分错误:
"[06/Jul/2016 07:53:41] "GET /dataInfo/login/?next=/dataInfo/login/%3Fnext%3D/dataInfo/login/%253Fnext%253D/dataInfo/login/ HTTP/1.1" 302 0
[06/Jul/2016 07:53:41] "GET /dataInfo/login/?next=/dataInfo/login/%3Fnext%3D/dataInfo/login/%253Fnext%253D/dataInfo/login/%25253Fnext%25253D/dataInfo/login/ HTTP/1.1" 302 0
[06/Jul/2016 07:53:41] "GET /dataInfo/login/?next=/dataInfo/login/%3Fnext%3D/dataInfo/login/%253Fnext%253D/dataInfo/login/%25253Fnext%25253D/dataInfo/login/%2525253Fnext%2525253D/dataInfo/login/ HTTP/1.1" 302 0
"
在我的观点中
@login_required(login_url='/dataInfo/login/')
def login_view(request):
if request.method == 'POST':
username = request.POST['username']
password = request.POST['password']
user = authenticate(name=username,password=password)
if user is not None:
if user.is_active:
login(request,user)
#redirect to user profile
print "suffcessful login!"
# chech the user type
# if it is Customer,redirect to sale view
# if it is Staff,redirect to userprofile
if request.user.get_user_type() == "Customer":
return HttpResponseRedirect('/dataInfo/sale_view')
if request.user.get_user_type() == "Staff":
# set permission to user
request.user.asgin_perm("add_store")
request.user.asgin_perm("add_product")
request.user.asgin_perm("add_sale")
request.user.asgin_perm("change_store")
request.user.asgin_perm("change_product")
request.user.asgin_perm("change_sale")
request.user.asgin_perm("delete_store")
request.user.asgin_perm("delete_product")
request.user.asgin_perm("delete_sale")
return HttpResponseRedirect('/dataInfo/userprofile')
else:
# return a disable account
return HttpResponse("User acount or password is incorrect")
else:
print "Invalid login details: {0}, {1}".format(username, password)
return HttpResponseRedirect('/dataInfo/login')
else:
login_form = LoginForm()
return render_to_response('dataInfo/login.html', {'form': login_form}, context_instance=RequestContext(request))
@login_required(login_url='/dataInfo/login/')
def logout_view(request):
auth.logout(request)
return HttpResponseRedirect('/dataInfo/login')
在我的后端
from .models import Customer,Staff
from django.conf import settings
class CustomerAuthBackend(object):
def authenticate(self, name=None, password=None):
try:
user = Customer.objects.get(name=name)
if password == getattr(user,'password'):
user.is_active = True
# print "is_active: %s" %user.is_active
return user
else:
# Authentication fails if None is returned
return None
except Customer.DoesNotExist:
return None
def get_user(self, user_id):
try:
return Customer.objects.get(pk=user_id)
# TODO: may delete
except Customer.DoesNotExist:
return None
class StaffAuthBackend(object):
def authenticate(self, name=None, password=None):
try:
# TODO : check User is None
user = Staff.objects.get(name=name)
if password == getattr(user,'password'):
Staff.is_active = True
return user
else:
return None
except Staff.DoesNotExist:
return None
def get_user(self, user_id):
try:
return Staff.objects.get(pk=user_id)
# TODO: may delete
except Staff.DoesNotExist:
return None
答案 0 :(得分:1)
您的登录视图要求您登录(@login_required)
因此您永远无法登录,因为您需要登录才能登录,但您尚未登录,因此您无法登录,因为您无法登录该页面让你登录。
因此,如果您希望能够登录,则需要删除装饰器,因此您的登录视图不需要您登录即可登录,因为毕竟,如果您已登录,那么您将无法登录。试图登录。