4

使用普通的 Django 用户处理,一旦用户登录,您将保存一个会话。但是,在读取 userena views.py 文件进行登录后,我看不到如何跟踪用户,因此一旦他们登录在,该站点现在他们已登录。我将来自 userena 的代码放在下面:

def signin(request, auth_form=AuthenticationForm,
       template_name='userena/signin_form.html',
       redirect_field_name=REDIRECT_FIELD_NAME,
       redirect_signin_function=signin_redirect, extra_context=None):
"""
Signin using email or username with password.

Signs a user in by combining email/username with password. If the
combination is correct and the user :func:`is_active` the
:func:`redirect_signin_function` is called with the arguments
``REDIRECT_FIELD_NAME`` and an instance of the :class:`User` whois is
trying the login. The returned value of the function will be the URL that
is redirected to.

A user can also select to be remembered for ``USERENA_REMEMBER_DAYS``.

:param auth_form:
    Form to use for signing the user in. Defaults to the
    :class:`AuthenticationForm` supplied by userena.

:param template_name:
    String defining the name of the template to use. Defaults to
    ``userena/signin_form.html``.

:param redirect_field_name:
    Form field name which contains the value for a redirect to the
    successing page. Defaults to ``next`` and is set in
    ``REDIRECT_FIELD_NAME`` setting.

:param redirect_signin_function:
    Function which handles the redirect. This functions gets the value of
    ``REDIRECT_FIELD_NAME`` and the :class:`User` who has logged in. It
    must return a string which specifies the URI to redirect to.

:param extra_context:
    A dictionary containing extra variables that should be passed to the
    rendered template. The ``form`` key is always the ``auth_form``.

**Context**

``form``
    Form used for authentication supplied by ``auth_form``.

"""
form = auth_form

if request.method == 'POST':
    form = auth_form(request.POST, request.FILES)
    if form.is_valid():
        identification, password, remember_me = (form.cleaned_data['identification'],
                                                 form.cleaned_data['password'],
                                                 form.cleaned_data['remember_me'])
        user = authenticate(identification=identification,
                            password=password)
        if user.is_active:
            login(request, user)
            if remember_me:
                request.session.set_expiry(userena_settings.USERENA_REMEMBER_ME_DAYS[1] * 86400)
            else: request.session.set_expiry(0)

            if userena_settings.USERENA_USE_MESSAGES:
                messages.success(request, _('You have been signed in.'),
                                 fail_silently=True)

            # Whereto now?
            redirect_to = redirect_signin_function(
                request.REQUEST.get(redirect_field_name), user)
            return redirect(redirect_to)
        else:
            return redirect(reverse('userena_disabled',
                                    kwargs={'username': user.username}))

if not extra_context: extra_context = dict()
extra_context.update({
    'form': form,
    'next': request.REQUEST.get(redirect_field_name),
})
return ExtraContextTemplateView.as_view(template_name=template_name,
                                        extra_context=extra_context)(request)
4

1 回答 1

3

用户首先使用

用户=验证(身份=身份,密码=密码)

可以在这里找到https://github.com/django/django/blob/master/django/contrib/auth/backends.py 该方法检查用户是否存在,并检查密码是否正确。

如果一切顺利,就会调用登录方法

登录(请求,用户)

可以在这里找到 https://github.com/django/django/blob/master/django/contrib/auth/views.py

如您所见,这是 Django 附带的两种方法,它们充当 Django 的“默认”身份验证包。

您的站点知道用户已登录,因为您可能会使用中间件(特别是 SessionMiddleware 和 AuthenticationMiddleware),它们将会话和用户对象附加到请求中。上面提到的登录方法将用户 ID 保存到会话中。

有关更多详细信息,请参阅https://docs.djangoproject.com/en/dev/topics/auth/#authentication-in-web-requests

关于您的评论:

您可以使用RequestContext呈现您的模板,或者让您的视图返回一个TemplateResponse。请参阅https://docs.djangoproject.com/en/dev/ref/template-response/#using-templateresponse-and-simpletemplateresponse

这会将用户对象传递给模板处理器。然后,在您的模板中,您可以执行以下操作:

{% if user.is_authenticated %}
 <p>Welcome {{ user.first_name }}</p>
{% else %}
 <p>Please log in</p>
{% endif %}

另请参阅https://docs.djangoproject.com/en/dev/topics/auth/#id8

在我看来,确实很有可能将它的修改版本放在你的 base.html 中。例如,如果用户未登录,则显示登录按钮,并在用户登录时将其替换为将用户带到他/她的个人资料页面的按钮。

于 2012-12-03T15:28:43.257 回答