您的位置: 首页  >  技术问答  >  与mongoengine的tastypie中的ApiKey认证

与mongoengine的tastypie中的ApiKey认证

分类: 技术问答 2022-08-25 23:26:49
问题描述:

有没有人成功实现用于mongoengine.django.auth的用户的ApiKey以便与tastypie ApiKeyAuthentication一起使用?与mongoengine的tastypie中的ApiKey认证

我知道以前的帖子关于这个问题,但他们只处理ORM,而我正在尝试将它设置为mongoengine。此外,似乎tastypie自己的ApiKey类严重依赖关系结构(使用相关领域api_key用户)

在此先感谢!

该线程https://github.com/mitar/django-tastypie-mongoengine/issues/25我已经创建MongoUser类API_KEY字段

# models.py (or documents.py) 
from mongoengine.django.auth import User 

class MongoUser(User): 
    """ 
    Subclass of mongoengine.django.auth.User with email as username 
    and API key for authentication. 
    """ 
    USERNAME_FIELD = 'email' 
    REQUIRED_FIELDS = ['password'] 

    api_key = StringField(max_length=256, default='') 
    api_key_created = DateTimeField(help_text=_(u'Created')) 

    def save(self, *args, **kwargs): 
     if not self.api_key: 
      self.set_api_key() 

     return super(MongoUser, self).save(*args, **kwargs) 

    def set_api_key(self): 
     self.api_key = self.generate_key() 
     self.api_key_created = datetime.now() 

    def generate_key(self): 
     new_uuid = uuid.uuid4() 
     return hmac.new(str(new_uuid), digestmod=sha1).hexdigest()

以下加入的信号(通常的):

# resources.py 
from mongoengine import signals 
from myapp import models 
signals.post_save.connect(create_api_key, sender=models.MongoUser)

,然后子类tastypie.ApiKeyAuthentication与下列:

# resources.py 
class CustomApiKeyAuthentication(ApiKeyAuthentication): 
    """ 
    Authenticates everyone if the request is GET otherwise performs 
    ApiKeyAuthentication. 
    """ 
    def is_mongouser_authenticated(self, request): 
     """ 
     Custom solution for MongoUser ApiKey authentication. 
     ApiKey here is not a class (as it is realized in ORM approach), 
     but a field MongoUser class. 
     """ 
     username, api_key = super(CustomApiKeyAuthentication, 
            self).extract_credentials(request) 
     try: 
      models.MongoUser.objects.get(username=username, api_key=api_key) 
     except models.MongoUser.DoesNotExist: 
      return False 

     return True 

    def is_authenticated(self, request, **kwargs): 
     """ 
     Custom solution for `is_authenticated` function: MongoUsers has got 
     authenticated through custom api_key check. 
     """ 
     if request.method == 'GET': 
      return True 
     try: 
      is_authenticated = super(CustomApiKeyAuthentication, 
            self).is_authenticated(request, **kwargs) 
     except TypeError as e: 
      if "MongoUser" in str(e): 
       is_authenticated = self.is_mongouser_authenticated(request) 
      else: 
       is_authenticated = False 
     return is_authenticated

相关推荐