0

需要授权。阅读了几篇文章,阅读了所有内置机制,接受并去做。他开始做。

注册拿了module django-registration,自己写了Login,用了lib django.contrib.auth。如下:我在登录页面登录,似乎一切都很好,但是当我转到另一个页面时,授权奇迹般地消失了。据我了解,授权没有写入会话,我只在登录页面获得身份验证。

我做了以下事情:

  1. 在登录页面上授权。
  2. 将整个User对象记录到session.
  3. 在每个页面上,我在页面加载时检查的第一件事是是否有User会话数据,如果有,则从那里读取。

源代码如下所示:

def login_user(request):
state = "Please log in below..."
username = password = ''
if request.POST:
    username = request.POST.get('username')
    password = request.POST.get('password')

    user = authenticate(username=username, password=password)
    if user is not None:
        if user.is_active:
            login(request, user)
            state = "You're successfully logged in!"
        else:
            state = "Your account is not active, please contact the site admin."
    else:
        state = "Your username and/or password were incorrect."
    request.session['user'] = user
    return render(request,'auth.html',{'state':state, 'username': username, 'info':'info'})

和我从中阅读的页面session

@csrf_protect
def home(request):
    if "user" in request.session:
        user = request.session['user']
    else:
        user = None
    return render_to_response('home.html', {'user_name' : user}, context_instance = RequestContext(request))

但我认为,这是一种非常愚蠢的方式。你能推荐一个更合适的方法吗?

4

2 回答 2

1

我不确定你想要达到什么目标。用户登录后,您就可以request.user.is_authenticated()访问以检查您的视图中是否经过身份验证request.user的用户或访问用户本身。

于 2012-08-31T10:23:18.923 回答
0

您不需要将用户添加到会话中;这是由身份验证中间件自动完成的。

您也不需要手动检查用户;使用login_required装饰器

结合这一点,您的登录视图变为:

def login_user(request):
    state = "Please log in below..."
    username = password = ''
    if request.POST:
        username = request.POST.get('username')
        password = request.POST.get('password')
    else:
        return redirect('login/')

    user = authenticate(username=username, password=password)
    if user is not None:
        if user.is_active:
            login(request, user)
            state = "You're successfully logged in!"
        else:
            state = "Your account is not active, please contact the site admin."
    else:
        state = "Your username and/or password were incorrect."
    return render(request,'auth.html',{'state':state, 'info':'info'})

在您的其他观点中:

from django.contrib.auth.decorators import login_required
from django.shortcuts import render

@csrf_protect
@login_required
def home(request):
    return render(request, 'home.html')

在您的模板中(来自文档):

{% if user.is_authenticated %}
    <p>Welcome, {{ user.username }}. Thanks for logging in.</p>
{% else %}
    <p>Welcome, new user. Please log in.</p>
{% endif %}
于 2012-08-31T10:35:20.027 回答