All geek questions in one place

Django rest framework: get authentication token using email address instead of username

I am working on a project to enable authentication of the django rest platform for mobile devices. I use the default authentication for tokens to get the user token from the mail request sending username and password.

curl --data "username=username&password=password" http://127.0.0.1:8000/api/api-token-auth/

(api / api-token-auth / is the URL configured with the get_auth_token view)

 urlpatterns = [ url(r'^api/api-token-auth/', obtain_auth_token), url(r'^', include(router.urls)), ]

and the answer is the user token.

 {"token":"c8a8777aca969ea3a164967ec3bb341a3495d234"}

I need to get token user authentication using the email password in the message instead of the username password, or both. I read the user authentication documentation http://www.django-rest-framework.org/api-guide/authentication/#custom-authentication ... but I really don’t really understand. This is very useful for me ... thanks :).

+5
source share
3 answers

Ok, I found a way to get the auth token using email or username ... This is the serializer:

 class AuthCustomTokenSerializer(serializers.Serializer): email_or_username = serializers.CharField() password = serializers.CharField() def validate(self, attrs): email_or_username = attrs.get('email_or_username') password = attrs.get('password') if email_or_username and password: # Check if user sent email if validateEmail(email_or_username): user_request = get_object_or_404( User, email=email_or_username, ) email_or_username = user_request.username user = authenticate(username=email_or_username, password=password) if user: if not user.is_active: msg = _('User account is disabled.') raise exceptions.ValidationError(msg) else: msg = _('Unable to log in with provided credentials.') raise exceptions.ValidationError(msg) else: msg = _('Must include "email or username" and "password"') raise exceptions.ValidationError(msg) attrs['user'] = user return attrs

In the email_or_username field, the user can send an email or username and use the validateEmail () function, we can check whether the user is trying to log in using the email or username. Then we can make a request to get the user instance, if valid, and authenticate it.

This is a view.

 class ObtainAuthToken(APIView): throttle_classes = () permission_classes = () parser_classes = ( parsers.FormParser, parsers.MultiPartParser, parsers.JSONParser, ) renderer_classes = (renderers.JSONRenderer,) def post(self, request): serializer = AuthCustomTokenSerializer(data=request.data) serializer.is_valid(raise_exception=True) user = serializer.validated_data['user'] token, created = Token.objects.get_or_create(user=user) content = { 'token': unicode(token.key), } return Response(content)

and then:

 curl --data "email_or_username=emailorusername&password=password" http://127.0.0.1:8000/api/my-api-token-auth/.

Done.

+19
source

Record these requirements in your settings.py

 ACCOUNT_AUTHENTICATION_METHOD = 'email' ACCOUNT_EMAIL_REQUIRED = True ACCOUNT_USERNAME_REQUIRED = False

To verify, send this json format request to your server:

 { "username":" youremail@mail.domain ", "password":"Pa$$w0rd" }
+2
source

There is a cleaner way to get a user token.

just run the manage.py shell

and then

 from rest_framework.authtoken.models import Token from django.contrib.auth.models import User u = User.objects.get(username='admin') token = Token.objects.create(user=u) print token.key
+1
source

Source: https://habr.com/ru/post/1211563/

More articles:


All Articles