"""

Provides various authentication policies.

"""

import base64

import binascii

# 后续讲解如下包

from django.contrib.auth import authenticate, get_user_model

from django.middleware.csrf import CsrfViewMiddleware

from django.utils.translation import gettext_lazy as _

from rest_framework import HTTP_HEADER_ENCODING, exceptions

# 获取请求头

def get_authorization_header(request):

    """

    Return request's 'Authorization:' header, as a bytestring.

    以字符串的形式返回请求的Authorization

    Hide some test client ickyness where the header can be unicode.

    """

    auth = request.META.get('HTTP_AUTHORIZATION', b'')

    # 获取请求头中的AUTHORIZATION

    if isinstance(auth, str):

        # 判断auth是否为字符串类型

        # Work around django test client oddness

        auth = auth.encode(HTTP_HEADER_ENCODING)

    #

    return auth

class CSRFCheck(CsrfViewMiddleware):

    def _reject(self, request, reason):

        # Return the failure reason instead of an HttpResponse

        return reason

# 基类

class BaseAuthentication:

    """

    All authentication classes should extend BaseAuthentication.

    认证,必须重写authenticate

    """

    def authenticate(self, request):

        """

        Authenticate the request and return a two-tuple of (user, token).

        """

        raise NotImplementedError(".authenticate() must be overridden.")

    def authenticate_header(self, request):

        """

        Return a string to be used as the value of the `WWW-Authenticate`

        header in a `401 Unauthenticated` response, or `None` if the

        authentication scheme should return `403 Permission Denied` responses.

        """

        pass

# 返回用户user,基于用户名密码验证

class BasicAuthentication(BaseAuthentication):

    """

    HTTP Basic authentication against username/password.

    针对用户名/密码的HTTP基本身份验证。

    """

    www_authenticate_realm = 'api'

    def authenticate(self, request):

        """

        Returns a `User` if a correct username and password have been supplied

        using HTTP Basic authentication.  Otherwise returns `None`.

        如果提供了正确的用户名和密码,则返回“用户”。 否则返回“None”。

        """

        auth = get_authorization_header(request).split()

        # 获取请求头传入的参数,并以空格切割

        if not auth or auth[0].lower() != b'basic':

            # 判断是否接受到,长度为2

            return None

        # 对长度进行验证,抛出异常

        if len(auth) == 1:

            msg = _('Invalid basic header. No credentials provided.')

            raise exceptions.AuthenticationFailed(msg)

        elif len(auth) > 2:

            msg = _('Invalid basic header. Credentials string should not contain spaces.')

            raise exceptions.AuthenticationFailed(msg)

        try:

            # 对请求头解码,获取用户ID和密码

            auth_parts = base64.b64decode(auth[1]).decode(HTTP_HEADER_ENCODING).partition(':')

        except (TypeError, UnicodeDecodeError, binascii.Error):

            msg = _('Invalid basic header. Credentials not correctly base64 encoded.')

            raise exceptions.AuthenticationFailed(msg)

        userid, password = auth_parts[0], auth_parts[2]

        return self.authenticate_credentials(userid, password, request)

    def authenticate_credentials(self, userid, password, request=None):

        """

        Authenticate the userid and password against username and password

        with optional request for context.

        """

        # 获取用户模型

        credentials = {

            get_user_model().USERNAME_FIELD: userid,

            'password': password

        }

        # 获取用户

        user = authenticate(request=request, **credentials)

        # 验证

        if user is None:

            raise exceptions.AuthenticationFailed(_('Invalid username/password.'))

        if not user.is_active:

            raise exceptions.AuthenticationFailed(_('User inactive or deleted.'))

        # 返回

        return (user, None)

    def authenticate_header(self, request):

        return 'Basic realm="%s"' % self.www_authenticate_realm

# session,经过csrf

class SessionAuthentication(BaseAuthentication):

    """

    Use Django's session framework for authentication.

    """

    def authenticate(self, request):

        """

        Returns a `User` if the request session currently has a logged in user.

        Otherwise returns `None`.

        """

        # Get the session-based user from the underlying HttpRequest object

        # 调用Django request,

        user = getattr(request._request, 'user', None)

        # Unauthenticated, CSRF validation not required

        if not user or not user.is_active:

            return None

        self.enforce_csrf(request)

        # CSRF passed with authenticated user

        return (user, None)

    # 经过中间件验证,复杂,前后端分离基本不用,有空分析

    def enforce_csrf(self, request):

        """

        Enforce CSRF validation for session based authentication.

        """

        check = CSRFCheck()

        # populates request.META['CSRF_COOKIE'], which is used in process_view()

        check.process_request(request)

        reason = check.process_view(request, None, (), {})

        if reason:

            # CSRF failed, bail with explicit error message

            raise exceptions.PermissionDenied('CSRF Failed: %s' % reason)

# token验证

class TokenAuthentication(BaseAuthentication):

    """

    Simple token based authentication.

    Clients should authenticate by passing the token key in the "Authorization"

    HTTP header, prepended with the string "Token ".  For example:

    客户应通过在“授权”中传递令牌密钥进行身份验证

     HTTP标头,以字符串“ Token”开头。

        Authorization: Token 401f7ac837da42b97f613d789819ff93537bee6a

    """

    keyword = 'Token'

    model = None

    def get_model(self):

        if self.model is not None:

            return self.model

        from rest_framework.authtoken.models import Token

        return Token

    """

    A custom token model may be used, but must have the following properties.

    * key -- The string identifying the token

    * user -- The user to which the token belongs

    """

    # 上述相同

    def authenticate(self, request):

        auth = get_authorization_header(request).split()

        if not auth or auth[0].lower() != self.keyword.lower().encode():

            return None

        if len(auth) == 1:

            msg = _('Invalid token header. No credentials provided.')

            raise exceptions.AuthenticationFailed(msg)

        elif len(auth) > 2:

            msg = _('Invalid token header. Token string should not contain spaces.')

            raise exceptions.AuthenticationFailed(msg)

        try:

            token = auth[1].decode()

        except UnicodeError:

            msg = _('Invalid token header. Token string should not contain invalid characters.')

            raise exceptions.AuthenticationFailed(msg)

        return self.authenticate_credentials(token)

    def authenticate_credentials(self, key):

        model = self.get_model()

        try:

            # 获取token值,model为token表获取到的token模型

            # model.objects.get类似,'user'传入的字段,

            token = model.objects.select_related('user').get(key=key)

        except model.DoesNotExist:

            raise exceptions.AuthenticationFailed(_('Invalid token.'))

        if not token.user.is_active:

            raise exceptions.AuthenticationFailed(_('User inactive or deleted.'))

        # 返回

        return (token.user, token)

    def authenticate_header(self, request):

        return self.keyword

# 远程验证

class RemoteUserAuthentication(BaseAuthentication):

    """

    REMOTE_USER authentication.

    To use this, set up your web server to perform authentication, which will

    set the REMOTE_USER environment variable. You will need to have

    'django.contrib.auth.backends.RemoteUserBackend in your

    AUTHENTICATION_BACKENDS setting

    远程验证,如果需要,则setting配置AUTHENTICATION_BACKENDS,

    调用代码:

    backends = []

    for backend_path in settings.AUTHENTICATION_BACKENDS:

        backend = load_backend(backend_path)

        backends.append((backend, backend_path) if return_tuples else backend)

    """

    # Name of request header to grab username from.  This will be the key as

    # used in the request.META dictionary, i.e. the normalization of headers to

    # all uppercase and the addition of "HTTP_" prefix apply.

    header = "REMOTE_USER"

    def authenticate(self, request):

        user = authenticate(remote_user=request.META.get(self.header))

        if user and user.is_active:

            return (user, None)

解读 authentication.py的更多相关文章

  1. keras系列︱Application中五款已训练模型、VGG16框架(Sequential式、Model式)解读(二)

    引自:http://blog.csdn.net/sinat_26917383/article/details/72859145 中文文档:http://keras-cn.readthedocs.io/ ...

  2. REST、DRF(View源码解读、APIView源码解读)

    一 . REST            前言 1 . 编程 : 数据结构和算法的结合 .小程序如简单的计算器,我们输入初始数据,经过计算,得到最终的数据,这个过程中,初始数据和结果数据都是数据,而计算 ...

  3. Restful 1 -- REST、DRF(View源码解读、APIView源码解读)及框架实现

    一.REST 1.什么是编程? 数据结构和算法的结合 2.什么是REST? - url用来唯一定位资源,http请求方式来区分用户行为 首先回顾我们曾经做过的图书管理系统,我们是这样设计url的,如下 ...

  4. 《Django By Example》第四章 中文 翻译 (个人学习,渣翻)

    书籍出处:https://www.packtpub.com/web-development/django-example 原作者:Antonio Melé (译者注:祝大家新年快乐,这次带来<D ...

  5. Python开发程序:ATM+购物商城

    一.程序要求 模拟实现一个ATM + 购物商城程序 额度 15000或自定义 实现购物商城,买东西加入 购物车,调用信用卡接口结账 可以提现,手续费5% 每月22号出账单,每月10号为还款日,过期未还 ...

  6. restful framework 认证源码流程

    一.请求到来之后,都要先执行dispatch方法,dispatch方法方法根据请求方式的不同触发get/post/put/delete等方法 注意,APIView中的dispatch方法有很多的功能 ...

  7. Flask 学习 十三 应用编程接口

    最近这些年,REST已经成为web services和APIs的标准架构,很多APP的架构基本上是使用RESTful的形式了. REST的六个特性: 客户端-服务器(Client-Server)服务器 ...

  8. drf相关问题

    drf自定义用户认证: 登录默认 使用django的ModelBackend,对用户名和密码进行验证.但我们平时登录网站时除了用户名也可以用邮箱或手机进行登录,这就需要我们自己扩展backend 一. ...

  9. python-nmap的函数学习

    简介 python-nmap是一个使用nmap进行端口扫描的python库,它可以很轻易的生成nmap扫描报告,并且可以帮助系统管理员进行自动化扫描任务和生成报告.同时,它也支持nmap脚本输出. 可 ...

随机推荐

  1. 经典c程序100例==31--40

    [程序31] 题目:请输入星期几的第一个字母来判断一下是星期几,如果第一个字母一样,则继续 判断第二个字母. 1.程序分析:用情况语句比较好,如果第一个字母一样,则判断用情况语句或if语句判断第二个字 ...

  2. 第05组 Alpha冲刺(4/6)

    .th1 { font-family: 黑体; font-size: 25px; color: rgba(0, 0, 255, 1) } #ka { margin-top: 50px } .aaa11 ...

  3. ngx instance

    首先看下 连接池的获取以及释放 ngx_connection_t * ngx_get_connection(ngx_socket_t s, ngx_log_t *log) //从连接池中获取一个ngx ...

  4. 论文学习笔记 - 高光谱 和 LiDAR 融合分类合集

    A³CLNN: Spatial, Spectral and Multiscale Attention ConvLSTM Neural Network for Multisource Remote Se ...

  5. LVM划分磁盘及扩容缩容

    lvm:logical volume monitor 逻辑卷管理器 作用: 采用lvm划分磁盘:磁盘空间不够时,方便扩展磁盘.物理卷加到卷组时被划分等大的pe,即pv是由众多pe构成.pe是卷组的最小 ...

  6. diamond收集插件的自定义

    diamond是与graphite配合使用的一个数据收集的软件,关于这个配置的资料很多,使用起来也比较简单,详细的安装和配置会在后面的关于整套监控系统的文章里面写到,本篇是专门讲解怎么自定义这个数据收 ...

  7. vue+node+mysql

    准备工作 安装node,这是必须的 新版node自带npm,安装Node.js时会一起安装,npm的作用就是对Node.js依赖的包进行管理,也可以理解为用来安装/卸载Node.js需要装的东西.验证 ...

  8. jsonp和普通的ajax区别

    1.请求类型.返回类型不一样 2.返回数据类型

  9. 工作三年终于社招进字节跳动!字节跳动,阿里,腾讯Java岗面试经验汇总

    前言 我大概我是从去年12月份开始看书学习,到今年的6月份,一直学到看大家的面经基本上百分之90以上都会,我就在5月份开始投简历,边面试边补充基础知识等.也是有些辛苦.终于是在前不久拿到了字节跳动的o ...

  10. 去年去阿里面试,被问到java 多线程,我是这样手撕面试官的

    1.多线程的基本概念 1.1进程与线程 程序:是为完成特定任务,用某种语言编写的一组指令的集合,即一段静态代码,静态对象. 进程:是程序的一次执行过程,或是正在运行的一个程序,是一个动态的过程,每个程 ...