Django OAuth自定义身份验证类

时间:2017-03-02 15:24:37

标签: oauth django-rest-framework django-oauth

需要覆盖当前的身份验证视图api / v1 / o / token ,以根据用户名和密码添加自定义错误消息。

1

{
    "status = ok  // need to add this
    "access_token": "xxxx",
    "token_type": "Bearer",
    "expires_in": 60,
    "refresh_token": "xxxxaaaxxxx",
    "scope": "read write"
}

2

status = 'not_active'
detail= 'user not activated'

3

status = 'error'
detail= 'Incorrect username or password'

我想在我的生产主机上禁用应用程序创建。 我怎么能这样做??

1 个答案:

答案 0 :(得分:-1)

这是使用Django Rest Framework创建自定义身份验证类的方法。子类BaseAuthentication并覆盖.authenticate(self, request)方法。

from django.contrib.auth.models import User
from rest_framework import authentication
from rest_framework import exceptions

class CustomAuthentication(authentication.BaseAuthentication):
    def authenticate(self, request):
        """
        Consider the method validate_access_token() takes an access token,
        verify it and return the User.username if the token is valid else None
        """
        username = validate_access_token(request.META.get('X_ACCESS_TOKEN')) 
        if not username:
            return None #return None if User is not authenticated.

        try:
            user = User.objects.get(username=username)
        except User.DoesNotExist:
            raise exceptions.AuthenticationFailed('No such user')

        return (user, None)

然后在设置中更改DEFAULT_AUTHENTICATION_CLASSES以指向自定义身份验证类

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'api.core.auth.CustomAuthentication',
    ),
}