Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Django の認証処理実装パターン / Django Authentication Patterns

13,119 views

Published on

Django の認証処理実装パターン at DjangoCongress JP 2018
解説記事
http://nwpct1.hatenablog.com/entry/django-auth-patterns

Published in: Technology
  • Be the first to comment

Django の認証処理実装パターン / Django Authentication Patterns

  1. 1. 2018.05.19 Django Masashi SHIBATA c-bata c_bata_! "
  2. 2. Pythonista who loves Django Masashi SHIBATA c-bata c_bata_! "
  3. 3. Django django.contrib.auth.forms django.contrib.auth.views KEYWORDS
  4. 4.
  5. 5.
  6. 6. : Built-in Auth Forms / Built-in Auth View Classes
  7. 7. : Built-in Auth Forms / Built-in Auth View Classes Web
  8. 8. : Built-in Auth Forms / Built-in Auth View Classes view 1.11 Deprecated
  9. 9. Authentication Backend Email/Password Authentication KEYWORDS
  10. 10. Authentication Backend 1 AUTHENTICATION_BACKENDS = [ ‘django.contrib.auth.backends.ModelBackend', ‘accounts.backends.EmailAuthBackend’, # ]
  11. 11. Authentication Backend 1 AUTHENTICATION_BACKENDS = [ ‘django.contrib.auth.backends.ModelBackend', ‘accounts.backends.EmailAuthBackend’, # ] ModelBackend username/password
  12. 12. Authentication Backend 1 AUTHENTICATION_BACKENDS = [ ‘django.contrib.auth.backends.ModelBackend', ‘accounts.backends.EmailAuthBackend’, # ] EmailAuthBackend email/password
  13. 13. Authentication Backend 1 AUTHENTICATION_BACKENDS = [ ‘django.contrib.auth.backends.ModelBackend', ‘accounts.backends.EmailAuthBackend’, # ]
  14. 14. • authenticate(request, **credentials):
 HttpRequest • get_user(user_id):
  15. 15. from django.contrib.auth import get_user_model from django.contrib.auth.backends import ModelBackend UserModel = get_user_model() class EmailAuthBackend(ModelBackend): def authenticate(self, username="", password="", **kwargs): if username is None: username = kwargs.get(UserModel.USERNAME_FIELD) try: user = UserModel.objects.get(email=username) except UserModel.DoesNotExist: return None else: if user.check_password(password) and self.user_can_authenticate(user): return user
  16. 16. from django.contrib.auth import get_user_model from django.contrib.auth.backends import ModelBackend UserModel = get_user_model() class EmailAuthBackend(ModelBackend): def authenticate(self, username="", password="", **kwargs): if username is None: username = kwargs.get(UserModel.USERNAME_FIELD) try: user = UserModel.objects.get(email=username) except UserModel.DoesNotExist: return None else: if user.check_password(password) and self.user_can_authenticate(user): return user Github
  17. 17. from django.contrib.auth import get_user_model from django.contrib.auth.backends import ModelBackend UserModel = get_user_model() class EmailAuthBackend(ModelBackend): def authenticate(self, username="", password="", **kwargs): if username is None: username = kwargs.get(UserModel.USERNAME_FIELD) try: user = UserModel.objects.get(email=username) except UserModel.DoesNotExist: return None else: if user.check_password(password) and self.user_can_authenticate(user): return user username validation username @
  18. 18. https://github.com/c-bata/django-auth-example/pull/2
  19. 19. Django’s User Model AbstractUser / AbstractBaseUser KEYWORDS ASCIIUsernameValidator
  20. 20. class UserProfile(models.Model): user = models.OneToOneField(settings.AUTH_USER_MODEL) some_additional_columns1 = models.SomethingField(...) : 

  21. 21. https://github.com/c-bata/django-auth-example/pull/3
  22. 22. U+0061
 LATIN SMALL LETTER A U+0430
 CYRILLIC SMALL LETTER A
  23. 23. class User(AbstractBaseUser, PermissionsMixin): username_validator = ASCIIUsernameValidator() username = models.CharField(_(‘username'), validators=[username_validator], ... ) :
  24. 24. >>> import unicodedata >>> unicodedata.normalize('NFKC', ' ') ' ' >>> unicodedata.normalize('NFKC', ' ') ' ' >>> unicodedata.normalize('NFKC', '9⁹₉ ') '9999' >>> unicodedata.normalize('NFKC', 'Hℍℌ') 'HHH'
  25. 25. python-social-auth OAuth 2.0 social-auth-core / social-auth-app-django KEYWORDS from scratch without python-social-auth
  26. 26. Python
  27. 27. https://github.com/c-bata/django-auth-example/pull/4
  28. 28. https://github.com/c-bata/django-auth-example/pull/1 https://github.com/c-bata/django-auth-example/pull/4
  29. 29. THANK YOU

×