禁止:/api/v1.0/user/create-user/ & { "detail": "Authentication credentials were not provided." } DJANGO
Forbidden: /api/v1.0/user/create-user/ & { "detail": "Authentication credentials were not provided." } DJANGO
我正在为我的 Python Django 后端创建登录功能,“创建用户”功能之前工作正常。但是在登录完全编码后,创建用户停止工作。
我的 urls.py 文件:
from django.urls import path
from .views import TestView, UserView, UserLoginView
from rest_framework_jwt.views import refresh_jwt_token, verify_jwt_token
urlpatterns = [
path('test', TestView.as_view()),
path('create-user/', UserView.as_view()),
path('get-user', UserLoginView.as_view()),
path('login-user/', UserLoginView.as_view()),
]
我的 views.py 文件:
from rest_framework.views import APIView
from rest_framework.response import Response
from .serializers import UserSerializer
from django.contrib.auth.models import User
from django.contrib.auth import authenticate
class TestView(APIView):
def get(self, request, format=None):
print("API called")
return Response("You did it!", status=200)
class UserView(APIView):
def post(self, request, format=None):
print("Creating User")
user_data = request.data
print(request.data)
user_serializer = UserSerializer(data=user_data)
if user_serializer.is_valid(raise_exception=False):
user_serializer.save()
return Response({'user': user_serializer.data}, status=200)
return Response({'msg': "error: no user created"}, status=400)
class UserLoginView(APIView):
# convert user token to user data
def get(self, request, format=None):
if request.user.is_authenticated == False or request.user.is_active == False:
return Response('Invalid credentials', status=403)
user = UserSerializer(request.user)
print(user.data)
return Response("Testing", status=200)
def post(self, request, format=None):
print("Login class")
# Looking for user's email or username
user_obj = User.objects.filter(email=request.data['email']).first(
) or User.objects.filter(username=request.data['username']).first()
# if user is valid, returns user data in credentials
if user_obj is not None:
credentials = {
'username': user_obj.username,
'password': request.data['password']
}
user = authenticate(**credentials)
# if user is valid and active, logs user in
if user and user.is_active:
user_serializer = UserSerializer(user)
return Response("Login successful", user_serializer.data, status=200)
return Response("Invalid credentials", status=403)
我的 serializers.py 文件:
from rest_framework import serializers
from django.contrib.auth.models import User
from rest_framework.validators import UniqueValidator
from rest_framework_jwt.settings import api_settings
class UserSerializer(serializers.ModelSerializer):
token = serializers.SerializerMethodField()
email = serializers.EmailField(
required=True,
validators=[UniqueValidator(queryset=User.objects.all())]
)
username = serializers.CharField(
required=True,
max_length=32,
validators=[UniqueValidator(queryset=User.objects.all())]
)
first_name = serializers.CharField(
required=True,
max_length=32
)
last_name = serializers.CharField(
required=True,
max_length=32
)
password = serializers.CharField(
required=True,
min_length=8,
write_only=True
)
def create(self, validated_data):
password = validated_data.pop('password', None)
instance = self.Meta.model(**validated_data)
if password is not None:
instance.set_password(password)
instance.save()
return instance
def get_token(self, obj):
jwt_payload_handler = api_settings.JWT_PAYLOAD_HANDLER
jwt_encode_handler = api_settings.JWT_ENCODE_HANDLER
payload = jwt_payload_handler(obj)
token = jwt_encode_handler(payload)
return token
class Meta:
model = User
fields = (
'token',
'username',
'password',
'first_name',
'last_name',
'email',
'id'
)
我项目的 settings.py 文件:
"""
Django settings for AIOHA_backend project.
Generated by 'django-admin startproject' using Django 4.0.3.
For more information on this file, see
https://docs.djangoproject.com/en/4.0/topics/settings/
For the full list of settings and their values, see
https://docs.djangoproject.com/en/4.0/ref/settings/
"""
from pathlib import Path
import datetime
# Build paths inside the project like this: BASE_DIR / 'subdir'.
BASE_DIR = Path(__file__).resolve().parent.parent
# Quick-start development settings - unsuitable for production
# See https://docs.djangoproject.com/en/4.0/howto/deployment/checklist/
# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = 'django-insecure-8dz4fx@zy9&parzic^-v5%*r^w^fncmjtd2my1b)(c-e0bgs8^'
# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = True
ALLOWED_HOSTS = ['localhost']
# Application definition
INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'rest_framework',
'corsheaders',
'userAPI',
]
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'corsheaders.middleware.CorsMiddleware',
]
ROOT_URLCONF = 'AIOHA_backend.urls'
TEMPLATES = [
{
'BACKEND': 'django.template.backends.django.DjangoTemplates',
'DIRS': [],
'APP_DIRS': True,
'OPTIONS': {
'context_processors': [
'django.template.context_processors.debug',
'django.template.context_processors.request',
'django.contrib.auth.context_processors.auth',
'django.contrib.messages.context_processors.messages',
],
},
},
]
WSGI_APPLICATION = 'AIOHA_backend.wsgi.application'
# Database
# https://docs.djangoproject.com/en/4.0/ref/settings/#databases
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.sqlite3',
'NAME': BASE_DIR / 'db.sqlite3',
}
}
# Password validation
# https://docs.djangoproject.com/en/4.0/ref/settings/#auth-password-validators
AUTH_PASSWORD_VALIDATORS = [
{
'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
},
{
'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
},
{
'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
},
{
'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
},
]
# Internationalization
# https://docs.djangoproject.com/en/4.0/topics/i18n/
LANGUAGE_CODE = 'en-us'
TIME_ZONE = 'UTC'
USE_I18N = True
USE_TZ = True
# Static files (CSS, JavaScript, Images)
# https://docs.djangoproject.com/en/4.0/howto/static-files/
STATIC_URL = 'static/'
# Default primary key field type
# https://docs.djangoproject.com/en/4.0/ref/settings/#default-auto-field
DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField'
REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.AllowAny',
'rest_framework.permissions.IsAuthenticated',
),
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework.authentication.SessionAuthentication',
'rest_framework.authentication.BasicAuthentication',
'rest_framework_simplejwt.authentication.JWTAuthentication',
'rest_framework_jwt.authentication.JSONWebTokenAuthentication',
),
}
JWT_AUTH = {
# how long the original token is valid for
'JWT_EXPIRATION_DELTA': datetime.timedelta(days=3),
# allow refreshing of tokens
'JWT_ALLOW_REFRESH': True,
}
邮递员请求:
当我尝试登录现有用户时,我得到了同样的结果,之后我尝试创建一个新用户,以为我忘记了密码。
命令行如下所示:
我错过了什么或做错了什么?请指导!
您需要在 UserView
中添加 permission_classes
。它应该包含 AllowAny
以便允许 api 未经身份验证。
from rest_framework.permissions import AllowAny
class UserView(APIView):
permission_classes = [AllowAny]
def post(self, request, format=None):
...
我正在为我的 Python Django 后端创建登录功能,“创建用户”功能之前工作正常。但是在登录完全编码后,创建用户停止工作。
我的 urls.py 文件:
from django.urls import path
from .views import TestView, UserView, UserLoginView
from rest_framework_jwt.views import refresh_jwt_token, verify_jwt_token
urlpatterns = [
path('test', TestView.as_view()),
path('create-user/', UserView.as_view()),
path('get-user', UserLoginView.as_view()),
path('login-user/', UserLoginView.as_view()),
]
我的 views.py 文件:
from rest_framework.views import APIView
from rest_framework.response import Response
from .serializers import UserSerializer
from django.contrib.auth.models import User
from django.contrib.auth import authenticate
class TestView(APIView):
def get(self, request, format=None):
print("API called")
return Response("You did it!", status=200)
class UserView(APIView):
def post(self, request, format=None):
print("Creating User")
user_data = request.data
print(request.data)
user_serializer = UserSerializer(data=user_data)
if user_serializer.is_valid(raise_exception=False):
user_serializer.save()
return Response({'user': user_serializer.data}, status=200)
return Response({'msg': "error: no user created"}, status=400)
class UserLoginView(APIView):
# convert user token to user data
def get(self, request, format=None):
if request.user.is_authenticated == False or request.user.is_active == False:
return Response('Invalid credentials', status=403)
user = UserSerializer(request.user)
print(user.data)
return Response("Testing", status=200)
def post(self, request, format=None):
print("Login class")
# Looking for user's email or username
user_obj = User.objects.filter(email=request.data['email']).first(
) or User.objects.filter(username=request.data['username']).first()
# if user is valid, returns user data in credentials
if user_obj is not None:
credentials = {
'username': user_obj.username,
'password': request.data['password']
}
user = authenticate(**credentials)
# if user is valid and active, logs user in
if user and user.is_active:
user_serializer = UserSerializer(user)
return Response("Login successful", user_serializer.data, status=200)
return Response("Invalid credentials", status=403)
我的 serializers.py 文件:
from rest_framework import serializers
from django.contrib.auth.models import User
from rest_framework.validators import UniqueValidator
from rest_framework_jwt.settings import api_settings
class UserSerializer(serializers.ModelSerializer):
token = serializers.SerializerMethodField()
email = serializers.EmailField(
required=True,
validators=[UniqueValidator(queryset=User.objects.all())]
)
username = serializers.CharField(
required=True,
max_length=32,
validators=[UniqueValidator(queryset=User.objects.all())]
)
first_name = serializers.CharField(
required=True,
max_length=32
)
last_name = serializers.CharField(
required=True,
max_length=32
)
password = serializers.CharField(
required=True,
min_length=8,
write_only=True
)
def create(self, validated_data):
password = validated_data.pop('password', None)
instance = self.Meta.model(**validated_data)
if password is not None:
instance.set_password(password)
instance.save()
return instance
def get_token(self, obj):
jwt_payload_handler = api_settings.JWT_PAYLOAD_HANDLER
jwt_encode_handler = api_settings.JWT_ENCODE_HANDLER
payload = jwt_payload_handler(obj)
token = jwt_encode_handler(payload)
return token
class Meta:
model = User
fields = (
'token',
'username',
'password',
'first_name',
'last_name',
'email',
'id'
)
我项目的 settings.py 文件:
"""
Django settings for AIOHA_backend project.
Generated by 'django-admin startproject' using Django 4.0.3.
For more information on this file, see
https://docs.djangoproject.com/en/4.0/topics/settings/
For the full list of settings and their values, see
https://docs.djangoproject.com/en/4.0/ref/settings/
"""
from pathlib import Path
import datetime
# Build paths inside the project like this: BASE_DIR / 'subdir'.
BASE_DIR = Path(__file__).resolve().parent.parent
# Quick-start development settings - unsuitable for production
# See https://docs.djangoproject.com/en/4.0/howto/deployment/checklist/
# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = 'django-insecure-8dz4fx@zy9&parzic^-v5%*r^w^fncmjtd2my1b)(c-e0bgs8^'
# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = True
ALLOWED_HOSTS = ['localhost']
# Application definition
INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'rest_framework',
'corsheaders',
'userAPI',
]
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'corsheaders.middleware.CorsMiddleware',
]
ROOT_URLCONF = 'AIOHA_backend.urls'
TEMPLATES = [
{
'BACKEND': 'django.template.backends.django.DjangoTemplates',
'DIRS': [],
'APP_DIRS': True,
'OPTIONS': {
'context_processors': [
'django.template.context_processors.debug',
'django.template.context_processors.request',
'django.contrib.auth.context_processors.auth',
'django.contrib.messages.context_processors.messages',
],
},
},
]
WSGI_APPLICATION = 'AIOHA_backend.wsgi.application'
# Database
# https://docs.djangoproject.com/en/4.0/ref/settings/#databases
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.sqlite3',
'NAME': BASE_DIR / 'db.sqlite3',
}
}
# Password validation
# https://docs.djangoproject.com/en/4.0/ref/settings/#auth-password-validators
AUTH_PASSWORD_VALIDATORS = [
{
'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
},
{
'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
},
{
'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
},
{
'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
},
]
# Internationalization
# https://docs.djangoproject.com/en/4.0/topics/i18n/
LANGUAGE_CODE = 'en-us'
TIME_ZONE = 'UTC'
USE_I18N = True
USE_TZ = True
# Static files (CSS, JavaScript, Images)
# https://docs.djangoproject.com/en/4.0/howto/static-files/
STATIC_URL = 'static/'
# Default primary key field type
# https://docs.djangoproject.com/en/4.0/ref/settings/#default-auto-field
DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField'
REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.AllowAny',
'rest_framework.permissions.IsAuthenticated',
),
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework.authentication.SessionAuthentication',
'rest_framework.authentication.BasicAuthentication',
'rest_framework_simplejwt.authentication.JWTAuthentication',
'rest_framework_jwt.authentication.JSONWebTokenAuthentication',
),
}
JWT_AUTH = {
# how long the original token is valid for
'JWT_EXPIRATION_DELTA': datetime.timedelta(days=3),
# allow refreshing of tokens
'JWT_ALLOW_REFRESH': True,
}
邮递员请求:
当我尝试登录现有用户时,我得到了同样的结果,之后我尝试创建一个新用户,以为我忘记了密码。
命令行如下所示:
我错过了什么或做错了什么?请指导!
您需要在 UserView
中添加 permission_classes
。它应该包含 AllowAny
以便允许 api 未经身份验证。
from rest_framework.permissions import AllowAny
class UserView(APIView):
permission_classes = [AllowAny]
def post(self, request, format=None):
...