如何检查已经从tastypie验证的用户？

When user authenticates in Django, how do I check that from tastypie?

当用户在Django中进行身份验证时，如何从tastypie中检查？

Once user logs on, the view includes some JS that pulls data from API, which is backed by tastypie.

用户登录后，视图中包含一些从API中提取数据的JS，该数据由tastypie支持。

I have basic authentication/djangoauthorisation set up on my resources, so the browser pops up http auth window. Is there any way to avoid this?

我在我的资源上设置了基本身份验证/ djangoauthorisation，因此浏览器会弹出http auth窗口。有什么方法可以避免这种情况吗？

My idea so far is to extend BasicAuthentication so that it first checks session data and when it doesn't find it, it falls back to http auth? AFAIK AJAX calls include session cookies, so this in theory should work? Has anybody done something similar?

到目前为止，我的想法是扩展BasicAuthentication，以便它首先检查会话数据，当它找不到它时，它会回退到http auth？ AFAIK AJAX调用包括会话cookie，所以这在理论上应该有用吗？有没有人做过类似的事情？

4 个解决方案

#1

I have this solution so far:

到目前为止我有这个解决方案：

class MyBasicAuthentication(BasicAuthentication):
    def __init__(self, *args, **kwargs):
        super(MyBasicAuthentication, self).__init__(*args, **kwargs)

    def is_authenticated(self, request, **kwargs):
        from django.contrib.sessions.models import Session
        if 'sessionid' in request.COOKIES:
            s = Session.objects.get(pk=request.COOKIES['sessionid'])
            if '_auth_user_id' in s.get_decoded():
                u = User.objects.get(id=s.get_decoded()['_auth_user_id'])
                request.user = u
                return True
        return super(MyBasicAuthentication, self).is_authenticated(request, **kwargs)

which seems to do what I want. If user is logged on, then session contains _auth_user_id, if not, the key is missing.

这似乎做我想要的。如果用户已登录，则会话包含_auth_user_id，否则，密钥将丢失。

Anyone can think of any problems this approach may cause?

任何人都可以想到这种方法可能导致的任何问题？

#2

You may want to check out this ticket on tastypie's GitHub:

您可以在tastypie的GitHub上查看此票证：

https://github.com/toastdriven/django-tastypie/issues/197

The author suggests a very clean approach to authenticate the call with both the session and the API key methods.

作者提出了一种非常干净的方法来使用会话和API密钥方法来验证调用。

There goes the snippet:

有片段：

class ApiKeyPlusWebAuthentication(ApiKeyAuthentication):
def is_authenticated(self, request, **kwargs):
    if request.user.is_authenticated():
        return True

    return super(ApiKeyPlusWebAuthentication, self).is_authenticated(request, **kwargs)

def get_identifier(self, request):
    if request.user.is_authenticated():
        return request.user.username
    else:
        return super(ApiKeyPlusWebAuthentication, self).get_identifier(request)

#3

Once the user is logged in through your API, you have a Django user session. If you want to check if the user is still logged in (on page refresh for example). You can do:

一旦用户通过您的API登录，您就拥有了Django用户会话。如果要检查用户是否仍然登录（例如，在页面刷新时）。你可以做：

from tastypie.resources import Resource

class LoggedInResource(Resource):
    class Meta:
        pass

    def get_list(self, request, **kwargs):

        from django.http import HttpResponse

        if request.user.is_authenticated():
            return HttpResponse(status=200)
        else:
            return HttpResponse(status=401)

Client check:

客户检查：

$.ajax({
    type: "GET",
    url: '/api/loggedin/',
    success: function(data) {
        // logged in
    },
    error: function() {
        // not logged in
    }
});

#4

Pulegium

Why not just as simple as the following:

为什么不像以下一样简单：

class CommAuthentication(BasicAuthentication):
    def __init__(self, *args, **kwargs):
        super(CommAuthentication, self).__init__(*args, **kwargs)

    def is_authenticated(self, request, **kwargs):
        return request.user.is_authenticated()

I just start to learn tastypie. the above code seemed works for me. Any advantage of your solution ?

我刚开始学习tastypie。上面的代码似乎对我有用。您的解决方案的任何优势？

#1