简介
功能: 用session记录登录验证状态
前提: 用户表, django自带的auth_user
创建超级用户: python3 manage.py createsuperuser
API
from django.contrib import auth
验证
验证成功返回user对象, 否则返回None
user = request.POST.get('user')
pwd =request.POST.get('pwd')
user = auth.authenticate(username=user, password=pwd)
'''
user 为前端 input标签里设置的name属性的值, 在后端通过 request.POST.get('user')获得数据
pwd 为前端 input标签里设置的name属性的值, 在后端通过 request.POST.get('pwd')获得数据
'''
登录
auth.login(request, user)
如果user的值不为空, 完成登录; request.user=user ===> 当前登录对象, request.user是一个全局变量, 作用于整个django项目
如果user的值是空的, 则 request.user = AnonymousUser
注销
request.logout(request)
django_session保存的登录记录会被自动删除
判断是否登录
request.user.is_authenticated()
返回的是布尔值, 如果用户登录了, 就返回True; 否则就是False
注册用户
from django.contrib.auth.models import User
User.objects.create_user(username=user, password=pwd)
匿名用户对象
class models.AnonymousUser
django.contrib.auth.model.AnonymousUser 类实现了 django.contrib.auth.model.User接口
| 字段 | 说明 |
|---|---|
| id | 永远为None |
| get_username() | 永远返回字符串 |
| is_staff | 永远为False |
| is_superuser | 永远为False |
| is_active | 永远为False |
| groups | 永远为空 |
| user_permissions | 永远为空 |
| is_anonymous() | 返回True 而不是False |
| is_authenticated() | 返回False而不是True |
| set_password() | 引发 NotImplementedError |
| check_password() | 引发 NotImplementedError |
| save() | 引发 NotImplementedError |
| delete() | 引发 NotImplementedError |
from django.utils.deprecation import CallableFalse, CallableTrue
from django.db.models.manager import EmptyManager
class AnonymousUser(object):
id = None
pk = None
username = ''
is_staff = False
is_active = False
is_superuser = False
_groups = EmptyManager(Group)
_user_permissions = EmptyManager(Permission)
def __init__(self):
pass
def __str__(self):
return 'AnonymousUser'
def save(self):
raise NotImplementedError("Django doesn't provide a DB representation for AnonymousUser.")
def delete(self):
raise NotImplementedError("Django doesn't provide a DB representation for AnonymousUser.")
def set_password(self, raw_password):
raise NotImplementedError("Django doesn't provide a DB representation for AnonymousUser.")
def check_password(self, raw_password):
raise NotImplementedError("Django doesn't provide a DB representation for AnonymousUser.")
@property
def groups(self):
return self._groups
@property
def user_permissions(self):
return self._user_permissions
def get_group_permissions(self, obj=None):
return set()
@property
def is_anonymous(self):
return CallableTrue
@property
def is_authenticated(self):
return CallableFalse
def get_username(self):
return self.username
案例
urls.py
from django.conf.urls import url
from django.contrib import admin
from app01 import views
urlpatterns = [
url(r'^admin/', admin.site.urls),
url(r'^login/', views.login),
url(r'^index/', views.index),
url(r'^logout/', views.logout),
url(r'^reg/', views.reg),
]
templates/index.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Title</title>
</head>
<body>
<h3>Hi, {{ user }}</h3>
<a href="/logout/">注销</a>
</body>
</html>
templates/login.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Title</title>
</head>
<body>
<form action="" method="post">
{% csrf_token %}
用户名 <input type="text" name="user">
密码 <input type="text" name="pwd">
<input type="submit" value="submit">
</form>
</body>
</html>
templates/reg.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>登录</title>
</head>
<body>
<form action="" method="post">
{% csrf_token %}
<h1>注册</h1>
用户名 <input type="text" name="user">
密码 <input type="text" name="pwd">
<input type="submit" value="submit">
</form>
</body>
</html>
登录认证
验证用户是否登录
版本1
测试登录和未登录时候request.user这个对象的属性的返回值
views.py
from django.shortcuts import render, redirect, HttpResponse
from django.contrib import auth
# Create your views here.
def login(request):
if request.method=='POST':
user = request.POST.get('user')
pwd =request.POST.get('pwd')
# if 验证成功返回user对象, 否则返回None
user = auth.authenticate(username=user, password=pwd)
if user:
auth.login(request, user) # request.user=user ===> 当前登录对象
return redirect('/index/')
return render(request, 'login.html')
def index(request):
print("request.user:", request.user)
print("request.user.username:", request.user.username)
print("request.user.get_username():", request.user.get_username())
print("request.is_anonymous():", request.user.is_anonymous())
return render(request, 'index.html')
未登录时候的输出结果
request.user: AnonymousUser
request.user.username:
request.user.get_username():
request.is_anonymous(): True
登录时候的输出结果
request.user: cjw
request.user.username: cjw
request.user.get_username(): cjw
request.is_anonymous(): False
版本2
做判断, 验证用户登录
views.py
from django.shortcuts import render, redirect, HttpResponse
from django.contrib import auth
def login(request):
if request.method=='POST':
user = request.POST.get('user')
pwd =request.POST.get('pwd')
'''if 验证成功返回user对象, 否则返回None'''
user = auth.authenticate(username=user, password=pwd)
if user:
'''request.user=user ===> 当前登录对象, request.user是全局变量, 作用于整个django项目'''
auth.login(request, user)
return redirect('/index/')
return render(request, 'login.html')
def index(request):
if request.user.is_anonymous:
return redirect('/login/')
return render(request, 'index.html')
同一个用户重复登录, django_session表中的 字段 session_key和 session_data值不变
不同的用户第二次再登录, django_session表中的 字段 session_key和 session_data值发生变化
用户1 第一次登录的记录**
用户1 第二次登录的记录
在用户登录的条件下, 用户2第一次登录的记录**
注销用户
当执行 auth.logout(request)的时候, session记录从 django_session表中移除
views.py
def logout(request):
auth.logout(request)
return redirect('/login/')
注册用户
views.py
def reg(request):
if request.method == "POST":
user, pwd = request.POST.get('user'), request.POST.get('pwd')
User.objects.create_user(username=user, password=pwd)
return redirect('/login/')
return render(request, 'reg.html')