django rest auth returns AnonymousUser
django rest auth returns AnonymousUser
我正在使用 django、drf 和 django-rest-auth。我在请求 header
中从前端发送令牌
{'Authorization': 'Token {$Token}'}
但是这个请求似乎未经授权。我想获取用户信息,例如:
def get_user_info(request):
user = request.user
但它 returns 我 AnonymousUser
我的settings.py:
INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'core',
'rest_framework',
'rest_framework.authtoken',
'rest_auth',
'account',
'corsheaders'
]
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework.authentication.TokenAuthentication'
),
'DEFAULT_PERMISSION_CLASSES': [
'rest_framework.permissions.IsAuthenticated',
],
'UNICODE_JSON': True,
'PAGE_SIZE': 0
}
这是我的要求 headers:
POST /auth/check/ HTTP/1.1
Host: localhost:8000
Connection: keep-alive
Content-Length: 0
Pragma: no-cache
Cache-Control: no-cache
Authorization: Token 7d2ee4481ea0e12bd88f46d57e2e6dab3354d4b7
Origin: http://localhost:8080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36
Content-Type: application/json;charset=utf-8
Accept: application/json, text/plain, */*
Referer: http://localhost:8080/
Accept-Encoding: gzip, deflate, br
Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.6,en;q=0.4
以及 headers
的完整服务器响应
HTTP/1.1 401 Unauthorized
Date: Thu, 29 Jun 2017 05:28:06 GMT
Server: WSGIServer/0.2 CPython/3.4.4
Access-Control-Allow-Origin: http://localhost:8080
Vary: Origin, Cookie
Content-Type: application/json
X-Frame-Options: SAMEORIGIN
Transfer-Encoding: chunked
{"message": "Unauthenticated"}
我的视图函数:
@csrf_exempt
def check_auth(request):
if request.method == 'POST':
print(request.user)
if request.user.is_authenticated():
content = {'message': 'Authenticated'}
response = JsonResponse(content, status = 200)
return response
else:
content = {'message': 'Unauthenticated'}
response = JsonResponse(content, status=401)
return response
您没有以正确的方式使用 Django-rest-framework。像这样改变你的看法
class CheckAuth(generics.GenericAPIView):
def post(self, request):
print(request.user)
if request.user.is_authenticated():
content = {'message': 'Authenticated'}
return Response(content, status=200)
else:
content = {'message': 'Unauthenticated'}
return Response(content, status=401)
您可以进一步查看有关视图的 Django-rest 文档 here。
对于我的情况,我必须在函数的开头添加 @api_view(['POST'])
@csrf_exempt
@api_view(['POST'])
def send_message(request):
if request.user.is_authenticated:
我正在使用 django、drf 和 django-rest-auth。我在请求 header
中从前端发送令牌 {'Authorization': 'Token {$Token}'}
但是这个请求似乎未经授权。我想获取用户信息,例如:
def get_user_info(request):
user = request.user
但它 returns 我 AnonymousUser
我的settings.py:
INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'core',
'rest_framework',
'rest_framework.authtoken',
'rest_auth',
'account',
'corsheaders'
]
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework.authentication.TokenAuthentication'
),
'DEFAULT_PERMISSION_CLASSES': [
'rest_framework.permissions.IsAuthenticated',
],
'UNICODE_JSON': True,
'PAGE_SIZE': 0
}
这是我的要求 headers:
POST /auth/check/ HTTP/1.1
Host: localhost:8000
Connection: keep-alive
Content-Length: 0
Pragma: no-cache
Cache-Control: no-cache
Authorization: Token 7d2ee4481ea0e12bd88f46d57e2e6dab3354d4b7
Origin: http://localhost:8080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36
Content-Type: application/json;charset=utf-8
Accept: application/json, text/plain, */*
Referer: http://localhost:8080/
Accept-Encoding: gzip, deflate, br
Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.6,en;q=0.4
以及 headers
的完整服务器响应 HTTP/1.1 401 Unauthorized
Date: Thu, 29 Jun 2017 05:28:06 GMT
Server: WSGIServer/0.2 CPython/3.4.4
Access-Control-Allow-Origin: http://localhost:8080
Vary: Origin, Cookie
Content-Type: application/json
X-Frame-Options: SAMEORIGIN
Transfer-Encoding: chunked
{"message": "Unauthenticated"}
我的视图函数:
@csrf_exempt
def check_auth(request):
if request.method == 'POST':
print(request.user)
if request.user.is_authenticated():
content = {'message': 'Authenticated'}
response = JsonResponse(content, status = 200)
return response
else:
content = {'message': 'Unauthenticated'}
response = JsonResponse(content, status=401)
return response
您没有以正确的方式使用 Django-rest-framework。像这样改变你的看法
class CheckAuth(generics.GenericAPIView):
def post(self, request):
print(request.user)
if request.user.is_authenticated():
content = {'message': 'Authenticated'}
return Response(content, status=200)
else:
content = {'message': 'Unauthenticated'}
return Response(content, status=401)
您可以进一步查看有关视图的 Django-rest 文档 here。
对于我的情况,我必须在函数的开头添加 @api_view(['POST'])
@csrf_exempt
@api_view(['POST'])
def send_message(request):
if request.user.is_authenticated: