主页 / user-581006

kurenma's questions

Martin Hope
kurenma
Asked: 2024-12-22 00:29:18 +0000 UTC
  • 5

我现在正在使用flusk,我决定使用JWT进行授权。授权本身没有问题 - 输入您的登录名和密码并成功登录。 100%创建了access_token和refresh_token,而我将后者存储在数据库中并在离开配置文件时删除它们。通过开发者工具您可以在Cookie中找到token。

@app.route('/user/create', methods=['GET', 'POST'])
@jwt_required()
def create_user():
    form = CreateUserForm()
    if request.method == 'POST':
        username = request.form['username']
        password = request.form['password']
        password = generate_password_hash(password)
        telegram_user = request.form['user_id']
        new_user_app = UserApp(username=username, password=password)
        user = User.query.filter_by(user_id=telegram_user).first()
        db.session.add(new_user_app)
        db.session.commit()
        user.user_app_id = new_user_app.id
        db.session.add(user)
        db.session.commit()
        return jsonify({'success': 'Пользователь успешно создан'})

    return render_template('create_user.html', form=form, title='Добавить пользователя')

我想进入/user/create带有装饰器的页面,并响应{"msg":"Missing Authorization Header"}

以防万一,授权本身:

@app.route('/login', methods=['GET', 'POST'])
def login():
    if current_user.is_authenticated:
        return redirect(url_for('index'))
    
    form = LoginForm()
    if form.validate_on_submit():
        user = db.session.scalar(
            sa.select(UserApp).where(UserApp.username == form.username.data))
        
        if user is None or not user.check_password(form.password.data):
            flash('Invalid username or password')
            return redirect(url_for('login'))
        
        login_user(user)
        access_token, refresh_token = create_tokens(user.id)
        next_page = request.args.get('next')
        response = make_response(redirect(next_page) if next_page else redirect(url_for('index')))
        response.set_cookie('access_token', access_token, httponly=True, secure=False)
        response.set_cookie('refresh_token', refresh_token, httponly=True, secure=False)
        return response
    return render_template('login.html', title='Авторизация', form=form)

并创建令牌:

def create_tokens(user_id):
    access_token = jwt.encode(
        {'user_id': user_id,
        'exp':  datetime.datetime.now(ZoneInfo('UTC')) + datetime.timedelta(minutes=15)}, app.config['SECRET_KEY'], algorithm='HS256')

    refresh_token = jwt.encode(
        {'user_id': user_id,
        'exp':  datetime.datetime.now(ZoneInfo('UTC')) + datetime.timedelta(days=30)}, app.config['SECRET_KEY'], algorithm='HS256')
    new_refresh_token = RefreshToken(user_id=user_id, token=refresh_token, expires_at=datetime.datetime.now(ZoneInfo('UTC')) + datetime.timedelta(days=30))
    db.session.add(new_refresh_token)
    db.session.commit()
    return access_token, refresh_token
python
Martin Hope
kurenma
Asked: 2024-04-15 05:21:03 +0000 UTC
  • 5

我无法确定到底是什么问题。有一个表格:

<form class="form-cr" action="{% url 'events:create_event' %}" method="post" enctype="multipart/form-data" id="MyForm">
                {% csrf_token %}
                <div class="cont-a">
                    <div class="name name">
                        <label for="id_title">Название*</label>
                        <input class="inner-input" type="text" name="title" id="id_title" placeholder="Введите название" required autocomplete="off" value="{% if form.title.value %}{{ form.title.value}}{% endif %}">
                    </div>
                    <div class="url name">
                        <label for="id_slug">Url-адрес*</label>
                        <input class="inner-input" type="text" id="id_slug" name="slug" placeholder="Заполняется автоматически" value="{% if form.slug.value %}{{ form.slug.value}}{% endif %}">
                    </div>
                    <div class="input-file-row">
                        <div>Изображение*</div>
                        <label class="input-file" for="image-input">
                            <div class="input-caption">Вставьте изображение</div>
                            <input class="inner-input-file" type="file" name="poster" id="image-input" value="{% if form.poster.url %}{{ form.poster.url }}{% endif %}" accept="image/*">
                        </label>
                        <div class="upload-preview" id="upload-preview-div">
                            <img class="upload-preview-img" src="{{ form.poster.url }}" alt="" id="image-preview" style="display: none;">
                        </div>
                    </div>
                    <div class="description name">
                        <label for="id_description">Описание</label>
                        <input class="inner-input" type="text" name="description" id="id_description" placeholder="Краткое описание" value="{% if form.description.value %}{{ form.description.value}}{% endif %}">
                    </div>
                    <button class="enter__btn" type="submit">Создать</button>
                </div>
                <div class="cont-b">
                    <div class="age name">
                        <label for="id_age">Возраст</label>
                        <select class="select-age" name="age" id="id_age">
                            {% if form.age.value %}
                            <option value="">{{ form.age.value }}</option>
                            {% endif %}
                            <option value="">Выберите значение</option>
                            <option value="6+">6+</option>
                            <option value="12+">16+</option>
                            <option value="18+">18+</option>
                        </select>
                    </div>
                    <div class="genre name">
                        <label for="id_genre">Жанр</label>
                        <select class="select-genre" id="id_genre" name="genre">
                            {% if form.genre.value %}
                            <option value="">{{ form.genre.value }}</option>
                            {% endif %}
                            <option value="">Выберите значение</option>
                            <option value="Классика">Классика</option>
                            <option value="Драма">Драма</option>
                            <option value="Комедия">Комедия</option>
                            <option value="Детектив">Детектив</option>
                        </select>
                    </div>
                    <div class="date-day name">
                        <label for="id_day">Когда*</label>
                        <input class="time-inp" type="number" name="day" id="id_day" placeholder="день" required value="{% if form.day.value %}{{ form.day.value}}{% endif %}">
                        <input class="time-inp" type="text" name="month" placeholder="месяц" required value="{% if form.month.value %}{{ form.month.value}}{% endif %}" id="id_month">
                        <input class="time-inp" type="text" name="hours" placeholder="время чч:мм" required value="{% if form.hours.value %}{{ form.hours.value}}{% endif %}" id="id_hours">
                    </div>
                </div>
            </form>

表现:

def edit_event(request, slug, day, month, hours):

    if not request.user.has_perm('events.change_events'):
        raise PermissionDenied
        
    event = Events.objects.get(slug=slug, day=day, month=month, hours=hours)
    if request.method == 'POST':
        form = EventForm(request.POST, request.FILES, instance=event)
        if form.is_valid():
            form.save()
            return redirect('events:home')
    else:
        form = EventForm(instance=event)
    context = {
        'title': 'Event - Edit',
        'form': form,
        'event': event
        }
    return render(request, 'events/edit_event.html', context)

当您单击“Create”时,会执行“create_event”函数,但数据不会传输到数据库,并且不会执行“form.save()”之后的重定向,控制台仅显示:“POST /events”。 /创建事件/ HTTP /1.1" 200 56891

python
Martin Hope
kurenma
Asked: 2024-01-20 23:51:49 +0000 UTC
  • 4

必须为授权用户显示“个人资料”按钮,为未授权用户显示“登录”按钮。

基本.html

{% if not request.user.is_authenticated %}
                <div class="auth__div">
                    <a class="a_login" href="{% url 'users:login' %}">
                        <button class="auth__btn">
                            <span class="auth__enter">Войти</span>
                        </button>
                    </a>
                </div>
{% else %}
                <div class="profile">
                    <a class="a_login" href="{% url 'users:profile' %}">
                        <button class="auth__btn">
                            <span class="profile__span">Профиль</span>
                        </button>
                    </a>
                </div>
{% endif %}

问题是授权用户和未授权用户都显示“登录”,但在两种情况下都不显示“个人资料”。如果您删除请求并保留 {% if not user.is_authenticated %} ,则不会发生任何变化。

更新: views.py:

def registration(request):
    if request.method == 'POST':
        form = RegistrationUserForm(data=request.POST)
        if form.is_valid():
                form.save()
                user = form.instance
                auth.login(request, user)
                return HttpResponseRedirect(reverse('home'))
    else:
        form = RegistrationUserForm()
    context = {
        'title': 'Home - Регистрация',
        'form': form
    }
    return render(request, 'users/registration.html', context)



def login(request):
    if request.method == 'POST':
        form = LoginUserForm(data=request.POST)
        if form.is_valid():
            username = request.POST['username']
            password = request.POST['password']
            user = auth.authenticate(username=username, password=password)
            if user:
                auth.login(request, user)
                return HttpResponseRedirect(reverse('home'))
    else:
        form = LoginUserForm()
    context = {
            'title': 'Home - Авторизация',
            'form': form
        }
    return render(request, 'users/login.html', context)


def profile(request):
    p = render_to_string('users/profile.html')
    return HttpResponse(p)  

def logout(request):
    auth.logout(request)
    return redirect(reverse('home'))
django