Authentication 如何在Django REST框架中禁用身份验证
我在一个商店网站上工作,那里的每个用户都是匿名的(好吧,至少在该付费之前),我试图使用Django REST Framework为产品API提供服务,但它一直在抱怨:Authentication 如何在Django REST框架中禁用身份验证,authentication,django-rest-framework,Authentication,Django Rest Framework,我在一个商店网站上工作,那里的每个用户都是匿名的(好吧,至少在该付费之前),我试图使用Django REST Framework为产品API提供服务,但它一直在抱怨: "detail": "Authentication credentials were not provided." 我找到了一些与身份验证相关的设置,但找不到类似ENABLE\u authentication=True的设置。如何简单地禁用身份验证,并允许站点的任何访问者访问API?您可以在设置中为和类提供空的默认值 REST_
"detail": "Authentication credentials were not provided."
我找到了一些与身份验证相关的设置,但找不到类似
ENABLE\u authentication=TrueREST_FRAMEWORK = {
# other settings...
'DEFAULT_AUTHENTICATION_CLASSES': [],
'DEFAULT_PERMISSION_CLASSES': [],
}
您还可以禁用特定类或方法的身份验证,只需将特定方法的装饰符保留为空即可
from rest_framework.decorators import authentication_classes, permission_classes
@api_view(['POST'])
@authentication_classes([])
@permission_classes([])
def items(request):
return Response({"message":"Hello world!"})
如果使用APIView,则可以为该视图创建权限,示例如下: url.py
url(r'^my-endpoint', views.MyEndpoint.as_view())
class PublicEndpoint(permissions.BasePermission):
def has_permission(self, request, view):
return True
from permissions import PublicEndpoint
class MyEndpoint(APIView):
permission_classes = (PublicEndpoint,)
def get(self, request, format=None):
return Response({'Info':'Public Endpoint'})
from rest_framework.permissions import AllowAny
from .serializers import CategorySerializer
from catalogue.models import Category
@permission_classes((AllowAny, ))
class CategoryList(generics.ListAPIView):
serializer_class = serializers.CategorySerializer
queryset = Category.objects.all()
REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES': [
'rest_framework.permissions.AllowAny'
]
}
url(r'^my-endpoint', views.MyEndpoint.as_view())
class PublicEndpoint(permissions.BasePermission):
def has_permission(self, request, view):
return True
from permissions import PublicEndpoint
class MyEndpoint(APIView):
permission_classes = (PublicEndpoint,)
def get(self, request, format=None):
return Response({'Info':'Public Endpoint'})
from rest_framework.permissions import AllowAny
from .serializers import CategorySerializer
from catalogue.models import Category
@permission_classes((AllowAny, ))
class CategoryList(generics.ListAPIView):
serializer_class = serializers.CategorySerializer
queryset = Category.objects.all()
REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES': [
'rest_framework.permissions.AllowAny'
]
}
url(r'^my-endpoint', views.MyEndpoint.as_view())
class PublicEndpoint(permissions.BasePermission):
def has_permission(self, request, view):
return True
from permissions import PublicEndpoint
class MyEndpoint(APIView):
permission_classes = (PublicEndpoint,)
def get(self, request, format=None):
return Response({'Info':'Public Endpoint'})
from rest_framework.permissions import AllowAny
from .serializers import CategorySerializer
from catalogue.models import Category
@permission_classes((AllowAny, ))
class CategoryList(generics.ListAPIView):
serializer_class = serializers.CategorySerializer
queryset = Category.objects.all()
REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES': [
'rest_framework.permissions.AllowAny'
]
}
您还可以通过将其应用于类或方法,将其应用于一个特定端点。只需对特定的方法或类应用django rest framework AllowAny权限即可 视图.py
url(r'^my-endpoint', views.MyEndpoint.as_view())
class PublicEndpoint(permissions.BasePermission):
def has_permission(self, request, view):
return True
from permissions import PublicEndpoint
class MyEndpoint(APIView):
permission_classes = (PublicEndpoint,)
def get(self, request, format=None):
return Response({'Info':'Public Endpoint'})
from rest_framework.permissions import AllowAny
from .serializers import CategorySerializer
from catalogue.models import Category
@permission_classes((AllowAny, ))
class CategoryList(generics.ListAPIView):
serializer_class = serializers.CategorySerializer
queryset = Category.objects.all()
REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES': [
'rest_framework.permissions.AllowAny'
]
}
通过为权限设置使用空列表或元组,您可以获得相同的结果,但您可能会发现指定此类很有用,因为这样可以明确目的。要全局启用身份验证,请将其添加到django设置文件中:
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework.authentication.TokenAuthentication',
),
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAuthenticated',
),
from rest_framework.decorators import authentication_classes, permission_classes
@api_view(['POST'])
@authentication_classes([])
@permission_classes([])
def register(request):
try:
username = request.data['username']
email = request.data['email']
password = request.data['password']
User.objects.create_user(username=username, email=email, password=password)
return Response({ 'result': 'ok' })
except Exception as e:
raise APIException(e)
以下是一种简单地启用API表单进行开发的替代方法: 设置.py
url(r'^my-endpoint', views.MyEndpoint.as_view())
class PublicEndpoint(permissions.BasePermission):
def has_permission(self, request, view):
return True
from permissions import PublicEndpoint
class MyEndpoint(APIView):
permission_classes = (PublicEndpoint,)
def get(self, request, format=None):
return Response({'Info':'Public Endpoint'})
from rest_framework.permissions import AllowAny
from .serializers import CategorySerializer
from catalogue.models import Category
@permission_classes((AllowAny, ))
class CategoryList(generics.ListAPIView):
serializer_class = serializers.CategorySerializer
queryset = Category.objects.all()
REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES': [
'rest_framework.permissions.AllowAny'
]
}
Django REST framework v3.11.0如果要禁用某个基于类的视图的身份验证,则可以使用
class PublicEndPoint(APIView):
authentication_classes = [] #disables authentication
permission_classes = [] #disables permission
def get(self, request):
pass
当您只想将特定端点公开时,这非常有用。如何跳过中一个类的身份验证DRF@roanjain添加属性
authentication\u classes=[]'DEFAULT\u AUTHENTICATION\u CLASSES'=['YourAuthenticationClass']AUTHENTICATION\u CLASSES=[]@api\u viewPublicEndpoint