1)authenticate(request=None, **credentials)
**credentials:字典对象,传入的是账号密码;
{'username':'admin','password':'xxxxxxx'}
2)_get_backends()函数中关于settings.AUTHENTICATION_BACKENDS
实际上是settings重写了get方法;
def __getattr__(self, name):
"""Return the value of a setting and cache it in self.__dict__."""
if self._wrapped is empty:
self._setup(name)
val = getattr(self._wrapped, name)
self.__dict__[name] = val
return val
_wrapped在加载时就会从Django的全局配置文件读取内容,全局配置文件在django.conf.global_settings中,默认是
django.contrib.auth.backends.ModelBackend,专门负责处理权限相关。
3)运行时已经读取了settings的内容,getcallargs配置了部分参数,user = backend.authenticate(request, **credentials)时,实际上访问的是'django.contrib.auth.backends.ModelBackend'的authenticate方法,进行密码验证。
4)验证密码时,读取的全局定义的已经读入setting的密码路径序列
['django.contrib.auth.hashers.PBKDF2PasswordHasher', 'django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher', 'django.contrib.auth.hashers.Argon2PasswordHasher', 'django.contrib.auth.hashers.BCryptSHA256PasswordHasher']
5)import_string反射类专用函数
6)get_hashers()获得了反射完的加密对象数组,取第一个进行加解密,默认使用对象PBKDF2PasswordHasher,具体算法是algorithm = "pbkdf2_sha256"
