1

关于 Django 身份验证中间件,我有以下问题:

class AuthenticationMiddleware(MiddlewareMixin):
    def process_request(self, request):
        assert hasattr(request, 'session'), (
            "The Django authentication middleware requires session middleware "
            "to be installed. Edit your MIDDLEWARE setting to insert "
            "'django.contrib.sessions.middleware.SessionMiddleware' before "
            "'django.contrib.auth.middleware.AuthenticationMiddleware'."
        )
        request.user = SimpleLazyObject(lambda: get_user(request))

正如您在此处看到的,中间件从后端调用 get_user 方法(在我的情况下为 simple_jwt)并将此方法放入 a SimpleLazyObject以便稍后进行评估。

def get_user(self, validated_token):
    """
    Attempts to find and return a user using the given validated token.
    """
    try:
        user_id = validated_token[api_settings.USER_ID_CLAIM]
    except KeyError:
        raise InvalidToken(_('Token contained no recognizable user identification'))

    try:
        user = User.objects.get(**{api_settings.USER_ID_FIELD: user_id})
    except User.DoesNotExist:
        raise AuthenticationFailed(_('User not found'), code='user_not_found')

    if not user.is_active:
        raise AuthenticationFailed(_('User is inactive'), code='user_inactive')

    return user

我想要做的是保留request.user = SimpleLazyObject(lambda: get_user(request))以便为使用它的应用程序提供用户实例,但对于我的自定义应用程序,我想添加类似

伪代码

request.user_id = user_id from  user (user_id = validated_token[api_settings.USER_ID_CLAIM])

为了不查询数据库对用户对象的每个请求,以防我只需要user_id我已经直接 get_user在后端的方法中。

问题 - 如何在不评估的情况下传递 from user_id并将 属性设置为请求 ?get_user()AuthenticationMiddleware.process_request()request.user_idSimpleLazyObject

奇怪的是,我无法将属性分配给请求的 class JWTAuthentication(authentication.BaseAuthentication):归属get_user()

谢谢你。

Internal Server Error: /auth/users/me/
Traceback (most recent call last):
  File "C:\ProgramData\Miniconda3\envs\entropy\lib\site-packages\asgiref\sync.py", line 330, in thread_handler
    raise exc_info[1]
  File "C:\ProgramData\Miniconda3\envs\entropy\lib\site-packages\django\core\handlers\exception.py", line 38, in inner
    response = await get_response(request)
  File "C:\ProgramData\Miniconda3\envs\entropy\lib\site-packages\django\utils\deprecation.py", line 126, in __acall__
    response = await sync_to_async(
  File "C:\ProgramData\Miniconda3\envs\entropy\lib\site-packages\asgiref\sync.py", line 296, in __call__
    ret = await asyncio.wait_for(future, timeout=None)
  File "C:\ProgramData\Miniconda3\envs\entropy\lib\asyncio\tasks.py", line 440, in wait_for
    return await fut
  File "C:\ProgramData\Miniconda3\envs\entropy\lib\site-packages\asgiref\current_thread_executor.py", line 23, in run
    result = self.fn(*self.args, **self.kwargs)
  File "C:\ProgramData\Miniconda3\envs\entropy\lib\site-packages\asgiref\sync.py", line 334, in thread_handler
    return func(*args, **kwargs)
  File "C:\ProgramData\Miniconda3\envs\entropy\lib\site-packages\django\contrib\auth\middleware.py", line 26, in process_request
    request.user_id = _get_user_session_key(request)
  File "C:\ProgramData\Miniconda3\envs\entropy\lib\site-packages\django\contrib\auth\__init__.py", line 58, in _get_user_session_key
    return get_user_model()._meta.pk.to_python(request.session[SESSION_KEY])
  File "C:\ProgramData\Miniconda3\envs\entropy\lib\site-packages\django\contrib\sessions\backends\base.py", line 65, in __getitem__
    return self._session[key]
KeyError: '_auth_user_id'
4

1 回答 1

1

您已经拥有可用的用户 ID。它是从 auth.get_user() 中的会话中解码的,您可以将其复制到您自己的中间件:

from django.contrib.auth import _get_user_session_key

request.user_id = _get_user_session_key(request)

这是一个 Django 私有 API,不知道他们为什么将其保密。但你也可以只复制它实现的一个衬里:

request.user_id = get_user_model()._meta.pk.to_python(
    request.session[SESSION_KEY]
)
于 2020-10-29T17:51:01.280 回答