在我的Django应用程序中,我使用REST_FRAMETER创建了一个定制的身份验证类:
from business.models import BusinessToken
from rest_framework.authtoken.models import Token
from rest_framework import authentication, exceptions
class AuthenticationMixin(authentication.BaseAuthentication):
def authenticate(self, request):
raw_token = request.META.get('HTTP_AUTHORIZATION')
if not raw_token:
return None
token_key = raw_token.replace("Token ", "")
user_token = Token.objects.filter(key=token_key).first()
if user_token is not None:
user = user_token.user
request.user = user
return user, None
business_token = BusinessToken.objects.filter(key=token_key).first()
if business_token is not None:
business = business_token.business
request.business = business
user = business.owner
request.user = user
return business, None
raise exceptions.AuthenticationFailed('No such user or business')
如您所见,该类必须基于来自http请求的令牌传递对用户或企业进行身份验证.
如果用户通过API视图中的业务令牌进行身份验证,我必须以business.owner
的身份访问request.user
,并以业务的身份请求.Business,但request.user
被设置为业务,它在某个地方被覆盖.