auth模块实现功能

通过入口url.py文件中定义的urlpatterns可以看出,auth模块共定义了8个url,分别用于:

  • 登录

  • 注销

  • 修改密码

  • 修改密码完成

  • 密码重置

  • 密码重置完成
  • 密码重置验证
  • 密码重置结束 ```
  1. from django.conf.urls import url
  2. from django.contrib.auth import views

  4. urlpatterns直接是一个list即可

  5. urlpatterns = [
  6. url(r’^login/$’, views.login, name=’login’),
  7. url(r’^logout/$’, views.logout, name=’logout’),
  8. url(r’^password_change/$’, views.password_change, name=’password_change’),
  9. url(r’^password_change/done/$’, views.password_change_done, name=’password_change_done’),
  10. url(r’^password_reset/$’, views.password_reset, name=’password_reset’),
  11. url(r’^password_reset/done/$’, views.password_reset_done, name=’password_reset_done’),
  12. url(r’^reset/(?P[0-9A-Za-z_-]+)/(?P[0-9A-Za-z]{1,13}-[0-9A-Za-z]{1,20})/$’,
  13. views.password_reset_confirm, name=’password_reset_confirm’),
  14. url(r’^reset/done/$’, views.password_reset_complete, name=’password_reset_complete’),
  15. ] 以下仅对登陆, 注销进行了学习.python

class SuccessURLAllowedHostsMixin: success_url_allowed_hosts = set()

  1. def get_success_url_allowed_hosts(self):
  2.     return {self.request.get_host(), *self.success_url_allowed_hosts}

class LoginView(SuccessURLAllowedHostsMixin, FormView): “”” Display the login form and handle the login action. “”” form_class = AuthenticationForm authentication_form = None redirect_field_name = REDIRECT_FIELD_NAME template_name = ‘registration/login.html’ redirect_authenticated_user = False extra_context = None

  1. @method_decorator(sensitive_post_parameters())
  2. @method_decorator(csrf_protect)
  3. @method_decorator(never_cache)
  4. def dispatch(self, request, *args, **kwargs):
  5.     if self.redirect_authenticated_user and self.request.user.is_authenticated:
  6.         redirect_to = self.get_success_url()
  7.         if redirect_to == self.request.path:
  8.             raise ValueError(
  9.                 "Redirection loop for authenticated user detected. Check that "
  10.                 "your LOGIN_REDIRECT_URL doesn't point to a login page."
  11.             )
  12.         return HttpResponseRedirect(redirect_to)
  13.     return super().dispatch(request, *args, **kwargs)
  15. def get_success_url(self):
  16.     url = self.get_redirect_url()
  17.     return url or resolve_url(settings.LOGIN_REDIRECT_URL)
  19. def get_redirect_url(self):
  20.     """Return the user-originating redirect URL if it's safe."""
  21.     redirect_to = self.request.POST.get(
  22.         self.redirect_field_name,
  23.         self.request.GET.get(self.redirect_field_name, '')
  24.     )
  25.     url_is_safe = url_has_allowed_host_and_scheme(
  26.         url=redirect_to,
  27.         allowed_hosts=self.get_success_url_allowed_hosts(),
  28.         require_https=self.request.is_secure(),
  29.     )
  30.     return redirect_to if url_is_safe else ''
  32. def get_form_class(self):
  33.     return self.authentication_form or self.form_class
  35. def get_form_kwargs(self):
  36.     kwargs = super().get_form_kwargs()
  37.     kwargs['request'] = self.request
  38.     return kwargs
  40. def form_valid(self, form):
  41.     """Security check complete. Log the user in."""
  42.     auth_login(self.request, form.get_user())
  43.     return HttpResponseRedirect(self.get_success_url())
  45. def get_context_data(self, **kwargs):
  46.     context = super().get_context_data(**kwargs)
  47.     current_site = get_current_site(self.request)
  48.     context.update({
  49.         self.redirect_field_name: self.get_redirect_url(),
  50.         'site': current_site,
  51.         'site_name': current_site.name,
  52.         **(self.extra_context or {})
  53.     })
  54.     return context

class LogoutView(SuccessURLAllowedHostsMixin, TemplateView): “”” Log out the user and display the ‘You are logged out’ message. “”” next_page = None redirect_field_name = REDIRECT_FIELD_NAME template_name = ‘registration/logged_out.html’ extra_context = None

  1. @method_decorator(never_cache)
  2. def dispatch(self, request, *args, **kwargs):
  3.     auth_logout(request)
  4.     next_page = self.get_next_page()
  5.     if next_page:
  6.         # Redirect to this page until the session has been cleared.
  7.         return HttpResponseRedirect(next_page)
  8.     return super().dispatch(request, *args, **kwargs)
  10. def post(self, request, *args, **kwargs):
  11.     """Logout may be done via POST."""
  12.     return self.get(request, *args, **kwargs)
  14. def get_next_page(self):
  15.     if self.next_page is not None:
  16.         next_page = resolve_url(self.next_page)
  17.     elif settings.LOGOUT_REDIRECT_URL:
  18.         next_page = resolve_url(settings.LOGOUT_REDIRECT_URL)
  19.     else:
  20.         next_page = self.next_page
  22.     if (self.redirect_field_name in self.request.POST or
  23.             self.redirect_field_name in self.request.GET):
  24.         next_page = self.request.POST.get(
  25.             self.redirect_field_name,
  26.             self.request.GET.get(self.redirect_field_name)
  27.         )
  28.         url_is_safe = url_has_allowed_host_and_scheme(
  29.             url=next_page,
  30.             allowed_hosts=self.get_success_url_allowed_hosts(),
  31.             require_https=self.request.is_secure(),
  32.         )
  33.         # Security check -- Ensure the user-originating redirection URL is
  34.         # safe.
  35.         if not url_is_safe:
  36.             next_page = self.request.path
  37.     return next_page
  39. def get_context_data(self, **kwargs):
  40.     context = super().get_context_data(**kwargs)
  41.     current_site = get_current_site(self.request)
  42.     context.update({
  43.         'site': current_site,
  44.         'site_name': current_site.name,
  45.         'title': _('Logged out'),
  46.         **(self.extra_context or {})
  47.     })
  48.     return context

```