12

我正在使用自定义用户 My models.py 使用 django-rest_framework_simple-jwt 实现用户身份验证:

class UserManager(BaseUserManager):
    def create_user(self, email, username, password, alias=None):
        user = self.model(
        email = self.normalize_email(email),
                username = username,)
        user.set_password(password)
        user.save()
        return user
   def create_superuser(self, email, username, password):
       self.create_user(email, username, password)
       user.is_staff()
       user.is_superuser = True
       user.save()
       return user

class User(AbstractBaseUser, PermissionsMixin):
    email = models.EmailField(null=False, unique=True)
    username = models.CharField(max_length=25, unique=True)
    is_active = models.BooleanField(default=True)
    is_staff = models.BooleanField(default=False)

    objects = UserManager()
    USERNAME_FIELD = "email"
    REQUIRED_FIELDS = ["username",]

所以我正在实现restframework simple-jwt身份验证,我的设置.py如下:

REST_FRAMEWORK={
  'DEFAULT_AUTHENTICATION_CLASSES': [
      'rest_framework_simplejwt.authentication.JWTAuthentication',
   ]}

我的 urls.py:

urlpatterns = [
       url(r'^api/token/$', TokenObtainPairView.as_view(),  name='token_obtain_pair'),
       url(r'^api/token/refresh/$', TokenRefreshView.as_view(), name='token_refresh'),]

在登录过程中,它返回"detail": "No active account found with the given credentials"我的所有用户都处于活动状态的错误。我不知道如何解决这个问题,我需要帮助。在此先感谢。

4

8 回答 8

20

确保在将密码存储到数据库之前对其进行哈希处理。我遇到了同样的问题,发现我的密码是以纯文本形式存储的。将以下内容添加到我的 UserSerializer 解决了这个问题

from django.contrib.auth.hashers import make_password

def validate_password(self, value: str) -> str:
    """
    Hash value passed by user.

    :param value: password of a user
    :return: a hashed version of the password
    """
    return make_password(value)
于 2019-06-18T06:11:40.127 回答
0

从 PyJWT==2.0.0 手动降级到 PyJWT==1.7.1 并解决了我们的问题

pip install PyJWT==1.7.1

我们在 requirements.txt 上使用 djangorestframework==3.12.1 和 djangorestframework-simplejwt==4.4.0 ,这自动给了我们 2.0.0 版本的依赖关系。

于 2021-07-01T15:31:59.943 回答
0

你的密码应该是散列的,它不应该是一个普通的字符串

#import make_password    
from django.contrib.auth.hashers import make_password

make_password(password)

注册时导入 make_password 并散列密码...

于 2021-11-24T05:53:14.713 回答
0

在我看来,存在一个问题,即为序列化程序提供了电子邮件地址和用户名,但期望电子邮件作为身份验证的用户名。我也有同样的错误。我还创建了某种自定义用户并尝试登录以获取几个 json Web 令牌。但我只使用电子邮件,而不是用户名。所以我最终做了什么,它对我有用。也许这个例子解释了认证完成的地方......

像这样的模型和管理器:

from django.db import models
from django.contrib.auth.models import PermissionsMixin
from django.contrib.auth.base_user import (
    AbstractBaseUser, 
    BaseUserManager
    )
from django.utils.translation import gettext_lazy as _
from django.core.exceptions import ObjectDoesNotExist
from rest_framework_simplejwt.tokens import RefreshToken


class CustomUserManager(BaseUserManager):
    def get_or_create(self, email=None, **kwargs):
        allowed_kwargs = ['first_name', 'last_name', 'img', 'about']
        if email is not None:
            try:
                user_obj = super(CustomUserManager, self).get(email=email)
                if kwargs:
                    for k, v in kwargs.items():
                        setattr(user_obj, k, v)
                    user_obj.save()
            except ObjectDoesNotExist:
                email = self.normalize_email(email)
                user_obj = self.model(email=email)
                password = kwargs.pop('password', None)
                if password is not None:
                    user_obj.set_password(password)
                if kwargs:
                    for k, v in kwargs.items():
                        if k in allowed_kwargs:
                            setattr(user_obj, k, v)
                user_obj.save()
        else:
            return False
        return user_obj
        

class CustomUser(AbstractBaseUser, PermissionsMixin):
    email = models.EmailField(_('email address'), null=True, unique=True)
    first_name = models.CharField(max_length=150, null=True, blank=True)
    last_name = models.CharField(max_length=150, null=True, blank=True)
    img = models.URLField(null=True, blank=True)
    about = models.TextField(_('about'), max_length=500, blank=True)
    created_at = models.DateTimeField(auto_now_add=True)
    updated_at = models.DateTimeField(auto_now=True)

    is_staff = models.BooleanField(default=False)
    is_superuser = models.BooleanField(default=False)
    is_active = models.BooleanField(default=True)

    objects = CustomUserManager()

    USERNAME_FIELD = 'email'
    REQUIRED_FIELDS = []

    def __str__(self):
        return f'<CustomUser(id={self.id} - email={self.email})>'

    class Meta:
        ordering = ['-created_at']
    
    @property
    def full_name(self):
        if hasattr(self, 'first_name') and hasattr(self, 'last_name'):
            return f'{self.first_name} {self.last_name}'
        return 'No fullname'

    @property
    def jwt_tokens(self):
        refresh = RefreshToken.for_user(self)
        return {
            'refresh': str(refresh),
            'access': str(refresh.access_token),
        }

自定义令牌序列化程序:

from django.contrib.auth import authenticate
from django.contrib.auth.models import update_last_login
from django.core.exceptions import ObjectDoesNotExist
from rest_framework import serializers

class CustomTokenSerializer(serializers.Serializer):
    id = serializers.IntegerField(read_only=True)
    email = serializers.EmailField(required=True)
    password = serializers.CharField(min_length=8, write_only=True)
    def validate(self, email, password):
        try:
            self.user = CustomUser.objects.get(email=email)
        except ObjectDoesNotExist as e:
            message = {'error': f'User with email={email} does not exist.'}
            return message
        check_auth = authenticate(username=email, password=password)
        if check_auth is None:
            message = {'error': 
                       'The user exists, but the password is incorrect.'}
            return message
        data = self.user.jwt_tokens
        update_last_login(None, self.user)
        return data

网址:

urlpatterns += [
    path('login/token/', views.LoginTokenView.as_view(), name='login-token')
]
于 2021-09-10T06:17:57.220 回答
0

您是否记得在设置中进行设置:

AUTH_USER_MODEL = 'your_app_name.User'
于 2019-04-30T20:35:45.743 回答
0

尝试这个

from django.contrib.auth.hashers import make_password

class UserManager(BaseUserManager):
def create_user(self, email, username, password, alias=None):
    user = self.model(
    email = self.normalize_email(email),
            username = username,)
    user.set_password(make_password(password))
    user.save()
    return user
def create_superuser(self, email, username, password):
   self.create_user(email, username, password)
   user.is_staff()
   user.is_superuser = True
   user.save()
   return user
于 2021-03-27T10:12:52.933 回答
0

看来我的错误是由write_only密码字段上的参数引起的

class RegisterSerializer(serializers.ModelSerializer):
    password = serializers.CharField(
        max_length=68, min_length=6, write_only=True)


    class Meta:
        model = User
        fields = ['email', 'username', 'password']

删除它:

class RegisterSerializer(serializers.ModelSerializer):
    password = serializers.CharField(
        max_length=68, min_length=6)


    class Meta:
        model = User
        fields = ['email', 'username', 'password']

之后就是阳光和彩虹:-)

于 2020-11-29T08:46:05.890 回答
0

您没有为 Django 应用程序创建超级用户,或者您提供了错误的身份验证凭据

于 2020-12-04T07:37:41.360 回答