我觉得这是一个简单的问题,我只是错过了一小步。
我想做以下任意数量(作为下一个参数中的术语):
[not signed in] -> profile -> login?next=/accounts/profile/ -> auth -> profile.
[not signed in] -> newsfeed -> login?next=/newsfeed/` -> auth -> newsfeed.
我目前正在前往:
[not signed in] -> profile -> login?next=/accounts/profile/ -> auth -> loggedin
[not signed in] -> newsfeed -> login?next=/newsfeed/ -> auth -> loggedin
我希望以某种方式将next
参数从login
上的表单传递到auth
并让auth
重定向到此参数
目前我正在尝试login.html
:
<input type='text' name="next" value="{{ next }}">
然而,这并没有获得下一个价值。我可以从调试工具栏中看到:
GET data
Variable Value
u'next' [u'/accounts/profile/']
views
:
def auth_view(request):
username = request.POST.get('username', '')
password = request.POST.get('password', '')
user = auth.authenticate(username=username, password=password)
if user is not None:
auth.login(request, user)
print request.POST
return HttpResponseRedirect(request.POST.get('next'),'/accounts/loggedin')
else:
return HttpResponseRedirect('/accounts/invalid')
login.html
:
{% extends "base.html" %}
{% block content %}
{% if form.errors %}
<p class="error"> Sorry, you have entered an incorrect username or password</p>
{% endif %}
<form action="/accounts/auth/" method="post">{% csrf_token %}
<label for="username">User name:</label>
<input type="text" name="username" value="" id="username">
<label for="password">Password:</label>
<input type="password" name="password" value="" id="password">
<input type='text' name="next" value="{{ request.GET.next }}">
<input type="submit" value="login">
</form>
{% endblock %}
settings
:
from django.conf.urls import patterns, include, url
from django.contrib import admin
admin.autodiscover()
urlpatterns = patterns('',
# Examples:
url(r'^admin/', include(admin.site.urls)),
('^accounts/', include('userprofile.urls')),
url(r'^accounts/login/$', 'django_yunite.views.login'),
url(r'^accounts/auth/$', 'django_yunite.views.auth_view'),
url(r'^accounts/logout/$', 'django_yunite.views.logout'),
url(r'^accounts/loggedin/$', 'django_yunite.views.loggedin'),
url(r'^accounts/invalid/$', 'django_yunite.views.invalid_login'),
)
settings
:
# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
import os
BASE_DIR = os.path.dirname(os.path.dirname(__file__))
# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = True
TEMPLATE_DEBUG = True
ALLOWED_HOSTS = []
# Application definition
INSTALLED_APPS = (
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'debug_toolbar',
'userprofile',
)
MIDDLEWARE_CLASSES = (
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
)
ROOT_URLCONF = 'django_yunite.urls'
WSGI_APPLICATION = 'django_yunite.wsgi.application'
# Internationalization
# https://docs.djangoproject.com/en/1.6/topics/i18n/
LANGUAGE_CODE = 'en-ca'
TIME_ZONE = 'EST'
USE_I18N = True
USE_L10N = True
USE_TZ = True
# Static files (CSS, JavaScript, Images)
# https://docs.djangoproject.com/en/1.6/howto/static-files/
STATIC_URL = '/static/'
STATICFILES_DIRS = (
('assets', '/home/user/GitHub/venv_yunite/django_yunite/static/'),
)
TEMPLATE_DIRS = (
'./templates',
'/article/templates',
)
STATIC_ROOT = "/home/user/Documents/static/"
AUTH_PROFILE_MODULE = 'userprofile.UserProfile'
打印陈述显示空u'next'
答案 0 :(得分:13)
查询字符串隐式传递给任何视图,无需编写任何特殊代码。
您所要做的就是确保next
密钥从实际登录表单(在您的情况下,这是在/accounts/login/
中呈现的表单)传递给{{ 1}}查看。
为此,您需要确保在设置中启用了请求模板上下文处理器(/accounts/auth
)。要执行此操作,首先需要导入django.core.context_processors.request
的默认值,然后在TEMPLATE_CONTEXT_PROCESSORS
中将请求处理器添加到其中,如下所示:
settings.py
然后是以下形式:
from django.conf import global_settings
TEMPLATE_CONTEXT_PROCESSORS = global_settings.TEMPLATE_CONTEXT_PROCESSORS + (
"django.core.context_processors.request",
)
现在,在<form method="POST" action="/accounts/auth">
{% csrf_token %}
<input type="hidden" name="next" value="{{ request.GET.next }}" />
{{ login_form }}
<input type="submit">
</form>
视图中:
/accounts/auth
答案 1 :(得分:3)
您要找的是login decorator。
在 views.py
中from django.contrib.auth.decorators import login_required
@login_required(login_url="/accounts/login/")
def profile( request ):
"""your view code here"""
return HttpResponse("boo ya", "text/html")
然后在 urls.py 中添加身份验证网址
(r'^accounts/login/$', 'django.contrib.auth.views.login'),
最后:确保已安装的应用中安装了django.contrib.auth,并安装了AuthenticationMiddleware。
<强> settings.py 强>
INSTALLED_APPS = (
-- snip --,
'django.contrib.auth',
)
MIDDLEWARE_CLASSES = (
-- snip --,
'django.contrib.auth.middleware.AuthenticationMiddleware',
)
templates / registration / login.html
<form method="POST" action="/accounts/login/">
{% csrf_token %}
<input type="hidden" name="next" value="{{ next }}" />
{{ login_form }}
<input type="submit">
</form>
答案 2 :(得分:1)
某个时候面临类似的情况。为了解决这个问题,我写了自己的装饰师 -
def validate_request_for_login(f):
def wrap(request):
if not request.user.is_authenticated():
return redirect("/login?next=" + request.path)
return f(request)
return wrap
以上装饰器检查用户身份验证。如果用户未经过身份验证,则通过从请求对象传递url
将用户重定向到登录页面。
答案 3 :(得分:0)
我最终做的是以下内容。对我来说,这似乎是一个黑客工作。有没有更好的方法来使用csrf登录?
views
:
def login(request):
c={}
c.update(csrf(request))
if 'next' in request.GET:
c['next'] = request.GET.get('next')
return render_to_response('login.html', c)
def auth_view(request):
username = request.POST.get('username', '')
password = request.POST.get('password', '')
user = auth.authenticate(username=username, password=password)
if user is not None:
auth.login(request, user)
if request.POST.get('next') != '':
return HttpResponseRedirect(request.POST.get('next'))
else:
return HttpResponseRedirect('/accounts/loggedin')
else:
return HttpResponseRedirect('/accounts/invalid')
login.html
:
<input type="hidden" name="next" value="{{ next }}"/>
答案 4 :(得分:0)
def login_user(request):
if request.method=='POST':
print(request.POST,request.GET.get('next'))
username=request.POST['email']
password=request.POST['password']
user = authenticate(request,username=username,password=password)
if user:
login(request,user)
else:
print('user not found')
messages.error(request,'Invalid Credentials')
return render(request, "login.html")
return redirect(request.GET.get('next','/'))
return render(request, "login.html")