python - 带有额外字段的 Django Rest Framework 用户注册

Question

我正在尝试使用 DRF 允许用户通过我的 API 创建新的用户帐户。我有一些可能与规范不同的要求

1. 成功创建后，它需要使用 DRF 的 token 功能返回用户 token
2. 所有 POST 字段都需要验证
3. 我希望能够发布将存储在配置文件模型中的用户电话号码。
4. 名字、姓氏、电子邮件地址和电话号码是必填字段

到目前为止我想到了这个，但是我收到一条错误消息说“Column 'user_id' cannot be null”

查看

@api_view(['POST'])
@permission_classes((AllowAny,))
def register_user(request):
    serialized = UserSerializer(data=request.DATA)
    if serialized.is_valid():
        user = User.objects.create_user(
            email = serialized.init_data['email'],
            username = serialized.init_data['username'],
            password = serialized.init_data['password'],
            first_name = serialized.init_data['first_name'],
            last_name = serialized.init_data['last_name']
        )

        phone_number = request.DATA["phone_number"]  
        #save phone_number to profile model here

        return Response(serialized.data['token'], status=status.HTTP_201_CREATED)
    else:
        return Response(serialized._errors, status=status.HTTP_400_BAD_REQUEST)

序列化器

class UserSerializer(serializers.ModelSerializer):
    token = serializers.SerializerMethodField('get_token')

    class Meta:
        model = User
        fields = ('password', 'username', 'first_name', 'last_name', 'email', 'token', 'phone_number')


    def get_token(self, obj):
        token = Token.objects.create(user=obj)
        return token.key

我的问题是

1. 我如何让它工作？
2. 我是否需要对电话号码、名字、姓氏、电子邮件进行单独验证以确保它们是必需的或由模型处理？
3. 这是处理电话号码 POST 的正确方法吗？
4. 这安全吗？如果不是，我可以做些什么来让它更安全？

堆栈跟踪

Django Version: 1.6.8
Python Version: 2.7.5
Installed Applications:
('django.contrib.sites',
 'django.contrib.admin',
 'django.contrib.admin',
 'django.contrib.auth',
 'django.contrib.contenttypes',
 'django.contrib.sessions',
 'django.contrib.messages',
 'django.contrib.staticfiles',
 'my_app',
 'allauth',
 'allauth.account',
 'allauth.socialaccount',
 'allauth.socialaccount.providers.facebook',
 'debug_toolbar',
 'rest_framework',
 'rest_framework.authtoken',
 'django_extensions')
Installed Middleware:
('django.contrib.sessions.middleware.SessionMiddleware',
 'django.middleware.common.CommonMiddleware',
 'django.middleware.csrf.CsrfViewMiddleware',
 'django.contrib.auth.middleware.AuthenticationMiddleware',
 'django.contrib.messages.middleware.MessageMiddleware',
 'django.middleware.clickjacking.XFrameOptionsMiddleware',
 'debug_toolbar.middleware.DebugToolbarMiddleware')


Traceback:
File "/home/vagrant/envs/my/lib/python2.7/site-packages/django/core/handlers/base.py" in get_response
  112.                     response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/home/vagrant/envs/my/lib/python2.7/site-packages/django/views/decorators/csrf.py" in wrapped_view
  57.         return view_func(*args, **kwargs)
File "/home/vagrant/envs/my/lib/python2.7/site-packages/django/views/generic/base.py" in view
  69.             return self.dispatch(request, *args, **kwargs)
File "/home/vagrant/envs/my/lib/python2.7/site-packages/rest_framework/views.py" in dispatch
  403.             response = self.handle_exception(exc)
File "/home/vagrant/envs/my/lib/python2.7/site-packages/rest_framework/views.py" in dispatch
  400.             response = handler(request, *args, **kwargs)
File "/home/vagrant/envs/my/lib/python2.7/site-packages/rest_framework/decorators.py" in handler
  50.             return func(*args, **kwargs)
File "/home/vagrant/projects/my_project/my/my_app/api/views.py" in register_user
  60.         return Response(serialized.data['token'], status=status.HTTP_201_CREATED)
File "/home/vagrant/envs/my/lib/python2.7/site-packages/rest_framework/serializers.py" in data
  572.                 self._data = self.to_native(obj)
File "/home/vagrant/envs/my/lib/python2.7/site-packages/rest_framework/serializers.py" in to_native
  351.             value = field.field_to_native(obj, field_name)
File "/home/vagrant/envs/my/lib/python2.7/site-packages/rest_framework/fields.py" in field_to_native
  1041.         value = getattr(self.parent, self.method_name)(obj)
File "/home/vagrant/projects/my_project/my/my_app/api/serializers.py" in get_token
  19.         token = Token.objects.create(user=obj)
File "/home/vagrant/envs/my/lib/python2.7/site-packages/django/db/models/manager.py" in create
  157.         return self.get_queryset().create(**kwargs)
File "/home/vagrant/envs/my/lib/python2.7/site-packages/django/db/models/query.py" in create
  322.         obj.save(force_insert=True, using=self.db)
File "/home/vagrant/envs/my/lib/python2.7/site-packages/rest_framework/authtoken/models.py" in save
  33.         return super(Token, self).save(*args, **kwargs)
File "/home/vagrant/envs/my/lib/python2.7/site-packages/django/db/models/base.py" in save
  545.                        force_update=force_update, update_fields=update_fields)
File "/home/vagrant/envs/my/lib/python2.7/site-packages/django/db/models/base.py" in save_base
  573.             updated = self._save_table(raw, cls, force_insert, force_update, using, update_fields)
File "/home/vagrant/envs/my/lib/python2.7/site-packages/django/db/models/base.py" in _save_table
  654.             result = self._do_insert(cls._base_manager, using, fields, update_pk, raw)
File "/home/vagrant/envs/my/lib/python2.7/site-packages/django/db/models/base.py" in _do_insert
  687.                                using=using, raw=raw)
File "/home/vagrant/envs/my/lib/python2.7/site-packages/django/db/models/manager.py" in _insert
  232.         return insert_query(self.model, objs, fields, **kwargs)
File "/home/vagrant/envs/my/lib/python2.7/site-packages/django/db/models/query.py" in insert_query
  1514.     return query.get_compiler(using=using).execute_sql(return_id)
File "/home/vagrant/envs/my/lib/python2.7/site-packages/django/db/models/sql/compiler.py" in execute_sql
  903.             cursor.execute(sql, params)
File "/home/vagrant/envs/my/lib/python2.7/site-packages/debug_toolbar/panels/sql/tracking.py" in execute
  174.         return self._record(self.cursor.execute, sql, params)
File "/home/vagrant/envs/my/lib/python2.7/site-packages/debug_toolbar/panels/sql/tracking.py" in _record
  104.             return method(sql, params)
File "/home/vagrant/envs/my/lib/python2.7/site-packages/django/db/backends/util.py" in execute
  69.             return super(CursorDebugWrapper, self).execute(sql, params)
File "/home/vagrant/envs/my/lib/python2.7/site-packages/django/db/backends/util.py" in execute
  53.                 return self.cursor.execute(sql, params)
File "/home/vagrant/envs/my/lib/python2.7/site-packages/django/db/backends/mysql/base.py" in execute
  129.                 six.reraise(utils.IntegrityError, utils.IntegrityError(*tuple(e.args)), sys.exc_info()[2])
File "/home/vagrant/envs/my/lib/python2.7/site-packages/django/db/backends/mysql/base.py" in execute
  124.             return self.cursor.execute(query, args)
File "/home/vagrant/envs/my/lib/python2.7/site-packages/MySQLdb/cursors.py" in execute
  205.             self.errorhandler(self, exc, value)
File "/home/vagrant/envs/my/lib/python2.7/site-packages/MySQLdb/connections.py" in defaulterrorhandler
  36.     raise errorclass, errorvalue

Exception Type: IntegrityError at /api/user/register/
Exception Value: (1048, "Column 'user_id' cannot be null")

Answer 1

我建议在 Django REST Framework 中使用基于类的 View 。它们为您提供了许多基于函数的 View 所缺少的额外功能，并且它们得到了更多支持。虽然这对于这种情况不太重要，但这也是一种非常基本的情况，可以避免 Django REST Framework 带来的大部分问题。

Do i need separate validation on the phone number, first_name, last_name, email to make sure they are required or is that handled by the model?

当您调用 serializer.is_valid 时，它应该检查以确保包含在模型中按要求指定的任何字段。尝试一下，如果没有发生，请确保您没有在任何字段上指定 empty=False。如果您无法解决这个问题，您可以覆盖序列化程序上的字段并在那里设置 required=True。

Is this the correct way to handle the POST of the phone number?

序列化程序可以通过调用serializer.save()自动创建用户。如果您在 create_user 管理器中有您需要使用的自定义逻辑，那么您可能无法使用 save。

Is this secure ? If not, what can I do to make it more secure?

Django 会在这里帮助您很多，因此您的代码目前看起来很不错。您可能需要考虑的一件事是，序列化程序中的 init_data 与 request.DATA 中的相同。您可能应该从 serializer.object 访问经过验证的数据(例如 serializer.object.username ，因为任何验证器都可能修改了您的数据以使其对 Django 更友好对象关系管理。