如何在中间件中修改django的request.user?

von4xj4u  于 2022-11-18  发布在  Go
关注(0)|答案(2)|浏览(292)

我尝试做的是检测登录用户的类型,然后将.profile参数设置为request.user,这样我就可以通过在视图中调用request.user.profile来使用它。
为此,我编写了一个Middleware,如下所示:

  1. class SetProfileMiddleware:
  2.     def __init__(self, get_response):
  3.         self.get_response = get_response
  5.     def __call__(self, request):
  7.         user, token = JWTAuthentication().authenticate(request)
  8.         profile_type = token.payload.get("profile_type", None)
  10.         request.user.profile = User.get_profile(profile_type, request.user)
  11.         request.user.profile_type = profile_type
  12.         
  13.         # Works Here
  14.         print("-" * 20)
  15.         print(type(request.user)) # <class 'django.utils.functional.SimpleLazyObject'>
  16.         print('Process Request ->', request.user.profile)
  18.         response = self.get_response(request)
  20.         # Does not work here
  21.         print("-" * 20)
  22.         print(type(request.user)) #  <class 'users.models.User'>
  23.         print('Process Response ->', request.user.profile)
  25.         return response
  27.     def process_view(self, request, view_func, view_args, view_kwargs):
  28.         # Works here
  29.         print("-" * 20)
  30.         print(type(request.user)) # <class 'django.utils.functional.SimpleLazyObject'>
  31.         print('Process View ->', request.user.profile)

现在我可以在process_view中访问request.user.profile,但它不存在于我的视图中,并导致AttributeError声明'User' object has no attribute 'profile'
似乎我的request.user是被覆盖的地方之前击中的看法。
请注意,我使用的是Django Rest框架,以下是我的观点:

  1. class ProfileAPIView(generics.RetrieveUpdateAPIView):
  2.     serializer_class = ProfileSerializer
  4.     def get_object(self):
  5.         obj = self.request.user.profile # Raise the `AttributeError`
  6.         self.check_object_permissions(self.request, obj)
  7.         return obj

下面是我的settings.py

  1. MIDDLEWARE = [
  2.     "django.middleware.security.SecurityMiddleware",
  3.     "django.contrib.sessions.middleware.SessionMiddleware",
  4.     "django.middleware.common.CommonMiddleware",
  5.     "django.middleware.csrf.CsrfViewMiddleware",
  6.     "django.contrib.auth.middleware.AuthenticationMiddleware",
  7.     "django.contrib.messages.middleware.MessageMiddleware",
  8.     "django.middleware.clickjacking.XFrameOptionsMiddleware",
  9. ]
  11. LOCAL_MIDDLEWARE = [
  12.     "users.middleware.SetProfileMiddleware",
  13. ]
  15. MIDDLEWARE = MIDDLEWARE + LOCAL_MIDDLEWARE
  17. REST_FRAMEWORK = {
  18.     "DEFAULT_PERMISSION_CLASSES": ("rest_framework.permissions.IsAuthenticated",),
  19.     "DEFAULT_RENDERER_CLASSES": (
  20.         "rest_framework.renderers.JSONRenderer",
  21.         "rest_framework.renderers.BrowsableAPIRenderer",
  22.     ),
  23.     "DEFAULT_AUTHENTICATION_CLASSES": [
  24.         "rest_framework_simplejwt.authentication.JWTAuthentication",
  25.     ],
  26. }
  28. SIMPLE_JWT = {
  29.     "SLIDING_TOKEN_REFRESH_LIFETIME": timedelta(minutes=45),
  30.     "AUTH_TOKEN_CLASSES": ("rest_framework_simplejwt.tokens.SlidingToken",),
  31. }
  33. DEFAULT_AUTO_FIELD = "django.db.models.BigAutoField"
  35. AUTH_USER_MODEL = "users.User"
  37. LOGIN_REDIRECT_URL = "admin/"
django

2条答案

按热度按时间
elcex8rz

elcex8rz1#

问题是您无法将新属性添加到User类。
而是尝试将属性直接添加到请求中,如下所示
request.user_profile = User.get_profile(profile_type, request.user)

  1. def set_profile(view_function):
  2.     
  3.     def decorated_function(request, *args, **kwargs):
  5.         user, token = JWTAuthentication().authenticate(request)
  6.         profile_type = token.payload.get("profile_type", None)
  8.         request.user_profile = User.get_profile(profile_type, request.user)
  9.         request.user_profile_type = profile_type
  11.         return view_function(request, *args, **kwargs)
  13.     return decorated_function # No invocation here

然后在基于函数的视图中:

  1. @api_view(["GET", "PUT"])
  2. @set_profile
  3. def my_view(request):
  4.     request.user_profile # Will not throw attribute error
  5.     ...

基于函数的视图和基于类的视图之间的唯一区别是装饰器将接收request参数而不是self

  1. def set_profile(view_function):
  2.     
  3.     def decorated_function(self, *args, **kwargs):
  5.         user, token = JWTAuthentication().authenticate(self.request)
  6.         profile_type = token.payload.get("profile_type", None)
  8.         self.request.user_profile = User.get_profile(profile_type, self.request.user)
  9.         self.request.user_profile_type = profile_type
  11.         return view_function(self, *args, **kwargs)
  13.     return decorated_function # No invocation here

您的类应如下所示:

  1. class ProfileAPIView(generics.RetrieveUpdateAPIView):
  2. serializer_class = ProfileSerializer
  4. @set_profile
  5. def get_object(self):
  6.     obj = self.request.user_profile
  7.     self.check_object_permissions(self.request, obj)
  8.     return obj
展开查看全部
赞(0)分享  回复(0)举报  2022-11-18
lrpiutwd

lrpiutwd2#

在花了几个小时弄清楚发生了什么之后,发现SimpleJWTJWTAuthentication.authenticate()方法在请求到达视图之前被调用,覆盖了request.user属性。
因此,我没有尝试使用中间件将概要文件添加到request.user,而是结束了对JWTAuthentication.authentication()方法的定制:

  1. class CustomAuth(JWTAuthentication):
  2.     def authenticate(self, request):
  4.         user, token = super().authenticate(request)
  6.         profile_type = token.payload.get("profile_type", None)
  7.         user.profile = User.get_profile((profile_type, user)
  8.         user.profile_type = profile_type
  10.         return user, token

settings.py

  1. REST_FRAMEWORK = {
  2.     "DEFAULT_AUTHENTICATION_CLASSES": [
  3.         "users.authentication.CustomAuth"
  4.     ],
  5. }
展开查看全部
赞(0)分享  回复(0)举报  2022-11-18
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com