Django 绕过权限装饰器进行用户注册并请求身份验证
Django bypasses permissions decorator for user registration and asks for authentication
我正在努力为我的 API 服务注册用户。我已经检查了方法,一切都有效,但是在 POST'ing 用户注册数据
时我仍然收到错误代码
错误代码:
{"details": "Authentication credentials not provided"}
Settings.py
我已将基本身份验证、IsAuthenticated 和 TokenAuthentication 添加到框架中
REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAuthenticated',
),
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework.authentication.TokenAuthentication',
'rest_framework.authentication.BasicAuthentication',
)
}
目前唯一可行的是为现有用户获取令牌:
Urls.py
url(r'^auth/', views.obtain_auth_token, name='get_auth_token'),
Url.py
中的其他端点
url(r'^login/', Login.as_view(), name='login'),
url(r'^register/', Register.as_view(), name='signup'),
我认为我没有使用用户注册的最佳做法,或者准备混淆登录和注册。我不确定。
在Views.py
中注册用户方法
# Register User
class Register(APIView):
queryset = User.objects.all()
serializer_class = UserSerializer
# permission_classes = [permissions.IsAuthenticated]
@permission_classes([permissions.IsAuthenticated, ])
@api_view(['POST', ])
def register_user(self, request, *args, **kwargs):
serializer = UserSerializer(data=request.data)
if serializer.is_valid():
self.perform_create(serializer) # serializer.save()
headers = self.get_success_headers(serializer.data)
token, created = Token.objects.get_or_create(user=serializer.instance)
return Response({'token': token.key, 'id': serializer.instance.id}, status=status.HTTP_201_CREATED, headers=headers)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
Views.py
中的登录用户方法
queryset = User.objects.all()
serializer_class = UserSerializer
@api_view(['POST', ])
def login(request):
username = request.POST.get('username')
password = request.POST.get('password')
user = authenticate(username=username, password=password)
if user is not None:
if user.is_active:
login(request, user)
return Response({"success": "User was successfully logged on."},)
else:
return Response({"error": "Login failed, bad request."},)
else:
return Response({"error": "Login failed, invalid username or password"}, status=status.HTTP_401_UNAUTHORIZED)
您的 DRF 设置使得 IsAuthenticated
是每个视图的默认权限之一 类。您遇到问题的视图是 DRF 在存在 none 时检查令牌的结果(不应该)。尝试明确清除这些视图的权限 类:@permission_classes([])
.
obtain_auth_token
有效的原因:https://github.com/encode/django-rest-framework/blob/master/rest_framework/authtoken/views.py#L10
我正在努力为我的 API 服务注册用户。我已经检查了方法,一切都有效,但是在 POST'ing 用户注册数据
时我仍然收到错误代码错误代码:
{"details": "Authentication credentials not provided"}
Settings.py
我已将基本身份验证、IsAuthenticated 和 TokenAuthentication 添加到框架中
REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAuthenticated',
),
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework.authentication.TokenAuthentication',
'rest_framework.authentication.BasicAuthentication',
)
}
目前唯一可行的是为现有用户获取令牌:
Urls.py
url(r'^auth/', views.obtain_auth_token, name='get_auth_token'),
Url.py
中的其他端点url(r'^login/', Login.as_view(), name='login'),
url(r'^register/', Register.as_view(), name='signup'),
我认为我没有使用用户注册的最佳做法,或者准备混淆登录和注册。我不确定。
在Views.py
中注册用户方法# Register User
class Register(APIView):
queryset = User.objects.all()
serializer_class = UserSerializer
# permission_classes = [permissions.IsAuthenticated]
@permission_classes([permissions.IsAuthenticated, ])
@api_view(['POST', ])
def register_user(self, request, *args, **kwargs):
serializer = UserSerializer(data=request.data)
if serializer.is_valid():
self.perform_create(serializer) # serializer.save()
headers = self.get_success_headers(serializer.data)
token, created = Token.objects.get_or_create(user=serializer.instance)
return Response({'token': token.key, 'id': serializer.instance.id}, status=status.HTTP_201_CREATED, headers=headers)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
Views.py
中的登录用户方法queryset = User.objects.all()
serializer_class = UserSerializer
@api_view(['POST', ])
def login(request):
username = request.POST.get('username')
password = request.POST.get('password')
user = authenticate(username=username, password=password)
if user is not None:
if user.is_active:
login(request, user)
return Response({"success": "User was successfully logged on."},)
else:
return Response({"error": "Login failed, bad request."},)
else:
return Response({"error": "Login failed, invalid username or password"}, status=status.HTTP_401_UNAUTHORIZED)
您的 DRF 设置使得 IsAuthenticated
是每个视图的默认权限之一 类。您遇到问题的视图是 DRF 在存在 none 时检查令牌的结果(不应该)。尝试明确清除这些视图的权限 类:@permission_classes([])
.
obtain_auth_token
有效的原因:https://github.com/encode/django-rest-framework/blob/master/rest_framework/authtoken/views.py#L10