2.3 用內建的方法實現登入與退出
阿新 • • 發佈:2020-11-16
目錄
1.定位到 內部login logout方法/usr/local/python3/lib/python3.6/site-packages/django/contrib/auth/views.py
def login 方法,其實已經過時了.....
內部實現是Calss_based_view 呼叫 as_view -> diapatch -> post 方法來實現的
class LoginView(SuccessURLAllowedHostsMixin, FormView): """ Displays the login form and handles the login action.""" form_class = AuthenticationForm authentication_form = None redirect_field_name = REDIRECT_FIELD_NAME template_name = 'registration/login.html' redirect_authenticated_user = False extra_context = None @method_decorator(sensitive_post_parameters()) @method_decorator(csrf_protect) @method_decorator(never_cache)def dispatch(self, request, *args, **kwargs): if self.redirect_authenticated_user and self.request.user.is_authenticated: redirect_to = self.get_success_url() if redirect_to == self.request.path: raise ValueError( "Redirection loop for authenticated user detected. Check that" "your LOGIN_REDIRECT_URL doesn't point to a login page." ) return HttpResponseRedirect(redirect_to) return super(LoginView, self).dispatch(request, *args, **kwargs) def get_success_url(self): """Ensure the user-originating redirection URL is safe.""" redirect_to = self.request.POST.get( self.redirect_field_name, self.request.GET.get(self.redirect_field_name, '') ) url_is_safe = is_safe_url( url=redirect_to, allowed_hosts=self.get_success_url_allowed_hosts(), require_https=self.request.is_secure(), ) if not url_is_safe: return resolve_url(settings.LOGIN_REDIRECT_URL) return redirect_to def get_form_class(self): return self.authentication_form or self.form_class def get_form_kwargs(self): kwargs = super(LoginView, self).get_form_kwargs() kwargs['request'] = self.request return kwargs def form_valid(self, form): """Security check complete. Log the user in.""" auth_login(self.request, form.get_user()) return HttpResponseRedirect(self.get_success_url()) def get_context_data(self, **kwargs): context = super(LoginView, self).get_context_data(**kwargs) current_site = get_current_site(self.request) context.update({ self.redirect_field_name: self.get_success_url(), 'site': current_site, 'site_name': current_site.name, }) if self.extra_context is not None: context.update(self.extra_context) return context @deprecate_current_app def login(request, *args, **kwargs): warnings.warn( 'The login() view is superseded by the class-based LoginView().', RemovedInDjango21Warning, stacklevel=2 ) return LoginView.as_view(**kwargs)(request, *args, **kwargs)
def logout 方法
也是過時的.....,內部實現和 login方法一樣,都是用的 class_based_view
class LogoutView(SuccessURLAllowedHostsMixin, TemplateView): """ Logs out the user and displays 'You are logged out' message. """ next_page = None redirect_field_name = REDIRECT_FIELD_NAME template_name = 'registration/logged_out.html' extra_context = None @method_decorator(never_cache) def dispatch(self, request, *args, **kwargs): auth_logout(request) next_page = self.get_next_page() if next_page: # Redirect to this page until the session has been cleared. return HttpResponseRedirect(next_page) return super(LogoutView, self).dispatch(request, *args, **kwargs) def get_next_page(self): if self.next_page is not None: next_page = resolve_url(self.next_page) elif settings.LOGOUT_REDIRECT_URL: next_page = resolve_url(settings.LOGOUT_REDIRECT_URL) else: next_page = self.next_page if (self.redirect_field_name in self.request.POST or self.redirect_field_name in self.request.GET): next_page = self.request.POST.get( self.redirect_field_name, self.request.GET.get(self.redirect_field_name) ) url_is_safe = is_safe_url( url=next_page, allowed_hosts=self.get_success_url_allowed_hosts(), require_https=self.request.is_secure(), ) # Security check -- Ensure the user-originating redirection URL is # safe. if not url_is_safe: next_page = self.request.path return next_page def get_context_data(self, **kwargs): context = super(LogoutView, self).get_context_data(**kwargs) current_site = get_current_site(self.request) context.update({ 'site': current_site, 'site_name': current_site.name, 'title': _('Logged out'), }) if self.extra_context is not None: context.update(self.extra_context) return context @deprecate_current_app def logout(request, *args, **kwargs): warnings.warn( 'The logout() view is superseded by the class-based LogoutView().', RemovedInDjango21Warning, stacklevel=2 ) return LogoutView.as_view(**kwargs)(request, *args, **kwargs)