gpt4 book ai didi

python - Django REST API 自定义 token 身份验证无法识别 future 请求中的 token

转载 作者:行者123 更新时间:2023-11-28 22:41:08 24 4
gpt4 key购买 nike

我的 Django 应用程序和 django-rest-framework 目前遇到以下问题。

我根据以下内容编写了一个 CustomAuthToken View : Django rest framework: Obtain auth token using email instead username

账户/views.py

class UserView(APIView):

def get(self, request):
users = Customer.objects.all()
serializer = CustomerSerializer(users, many=True)
return Response(serializer.data)


class ObtainAuthToken(APIView):
throttle_classes = ()
permission_classes = ()
parser_classes = (
FormParser,
MultiPartParser,
JSONParser,
)

renderer_classes = (JSONRenderer,)

def post(self, request):
# Authenticate User
c_auth = CustomAuthentication()
customer = c_auth.authenticate(request)
token, created = Token.objects.get_or_create(user=customer)

content = {
'token': unicode(token.key),
}

return Response(content)

我的主要 urls.py:

    from rest_framework.urlpatterns import format_suffix_patterns

from account import views as user_view

urlpatterns = [
url(r'users/$', user_view.UserView.as_view()),
url(r'^api-token-auth/', user_view.ObtainAuthToken.as_view()),
url(r'^auth/', include('rest_framework.urls',
namespace='rest_framework')),
]

urlpatterns = format_suffix_patterns(urlpatterns)

我的自定义认证.py:

    from django.contrib.auth.hashers import check_password

from rest_framework import authentication
from rest_framework import exceptions

from usercp.models import Customer


class CustomAuthentication(authentication.BaseAuthentication):
def authenticate(self, request):
email = request.POST.get('email')
password = request.POST.get('password')
if not email:
return None
if not password:
return None

try:
user = Customer.objects.get(email=email)
if check_password(password, user.password):
if not user.is_active:
msg = _('User account is disabled.')
customer = user
else:
msg = _('Unable to log in with provided credentials.')
customer = None

except Customer.DoesNotExist:
msg = 'No such user'
raise exceptions.AuthenticationFailed(msg)

return customer

并取 self 的 settings.py:

REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES': [
'rest_framework.permissions.IsAuthenticated'
],
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework.authentication.TokenAuthentication',
)
}

当我发送 curl 请求时:

curl -H "Accept: application/json; indent=4" -H "Authorization: Token bd97803941a1ede303e4fda9713f7120a1af656c" http://127.0.0.1:8000/users

我收到“访问被拒绝”的回复。

登录正常,我收到了上述 token 。

但是,我无法访问我的用户 View 。我不太确定问题出在哪里。我需要更改 TokenAuthentication 的设置吗?我不这么认为。由于用户在数据库中设置正确,即使我使用从 AbstractUser 继承的自定义用户对象。从文档 ( http://www.django-rest-framework.org/api-guide/authentication/#setting-the-authentication-scheme ) 我认为我做的一切都是正确的,因为他们使用相同的请求 header ,间距是正确的,我认为没有任何编码问题。

最佳答案

在解决之后, token 没有在我的 WSGI 配置中转发,我重新仔细阅读了文档。

http://www.django-rest-framework.org/api-guide/authentication/#apache-mod_wsgi-specific-configuration

明确指出需要为 WSGI 配置 WSGIPassAuthorization On

关于python - Django REST API 自定义 token 身份验证无法识别 future 请求中的 token ,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/32874965/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com