为什么django rest framework authenticate（）签名不同于django authenticate（）签名_Django_Django Rest Framework

为什么django rest framework authenticate（）签名不同于django authenticate（）签名

django django-rest-framework

为什么django rest framework authenticate（）签名不同于django authenticate（）签名,django,django-rest-framework,Django,Django Rest Framework,我正在用DRF为我的REST api实现正常会话身份验证，但无法使其正常工作，因为DRF身份验证后端有一个签名与普通Django不同的authenticate（）方法以下是我的AuthView和LoginSerializer，它们大多是从DRF的authtoken软件包中复制的： views.py： from django.shortcuts import render from django.template.response import TemplateResponse from dja

我正在用DRF为我的REST api实现正常会话身份验证，但无法使其正常工作，因为DRF身份验证后端有一个签名与普通Django不同的

authenticate（）

方法

以下是我的

AuthView

和

LoginSerializer

，它们大多是从DRF的authtoken软件包中复制的：

views.py

：

from django.shortcuts import render
from django.template.response import TemplateResponse
from django.contrib.auth import login, logout
from django.http import Http404

from rest_framework import viewsets, views
from rest_framework import mixins
from rest_framework import response
from rest_framework import status
from rest_framework import authentication

from serializers import *
from models import *

class AuthView(views.APIView):
    authentication_classes = (authentication.SessionAuthentication, )
    serializer_class = LoginSerializer

    def post(self, request, *args, **kwargs):
        serializer = self.serializer_class(data=request.data)

        if serializer.is_valid(raise_exception=True):
            user = serializer.validated_data['user']
            response_data = UserSerializer(user).data
            return response.Response(response_data)

        return response.Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)

from django.contrib.auth import authenticate
from django.utils.translation import ugettext_lazy as _

from rest_framework import serializers
from rest_framework import relations

from models import *

class LoginSerializer(serializers.Serializer):
    username = serializers.CharField(label=_("Username"))
    password = serializers.CharField(label=_("Password"), style={'input_type': 'password'})

    def validate(self, attrs):
        username = attrs.get('username')
        password = attrs.get('password')

        if username and password:
            import pdb
            pdb.set_trace()
            user = authenticate(username=username, password=password)

            if user:
                if not user.is_active:
                    msg = _('User account is disabled.')
                    raise serializers.ValidationError(msg)
            else:
                msg = _('Unable to log in with provided credentials.')
                raise serializers.ValidationError(msg)
        else:
            msg = _('Must include "username" and "password".')
            raise serializers.ValidationError(msg)

        attrs['user'] = user
        return attrs

serializers.py

：

from django.shortcuts import render
from django.template.response import TemplateResponse
from django.contrib.auth import login, logout
from django.http import Http404

from rest_framework import viewsets, views
from rest_framework import mixins
from rest_framework import response
from rest_framework import status
from rest_framework import authentication

from serializers import *
from models import *

class AuthView(views.APIView):
    authentication_classes = (authentication.SessionAuthentication, )
    serializer_class = LoginSerializer

    def post(self, request, *args, **kwargs):
        serializer = self.serializer_class(data=request.data)

        if serializer.is_valid(raise_exception=True):
            user = serializer.validated_data['user']
            response_data = UserSerializer(user).data
            return response.Response(response_data)

        return response.Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)

from django.contrib.auth import authenticate
from django.utils.translation import ugettext_lazy as _

from rest_framework import serializers
from rest_framework import relations

from models import *

class LoginSerializer(serializers.Serializer):
    username = serializers.CharField(label=_("Username"))
    password = serializers.CharField(label=_("Password"), style={'input_type': 'password'})

    def validate(self, attrs):
        username = attrs.get('username')
        password = attrs.get('password')

        if username and password:
            import pdb
            pdb.set_trace()
            user = authenticate(username=username, password=password)

            if user:
                if not user.is_active:
                    msg = _('User account is disabled.')
                    raise serializers.ValidationError(msg)
            else:
                msg = _('Unable to log in with provided credentials.')
                raise serializers.ValidationError(msg)
        else:
            msg = _('Must include "username" and "password".')
            raise serializers.ValidationError(msg)

        attrs['user'] = user
        return attrs

因此，

LoginSerializer

调用

身份验证（username=username，password=password）

作为一个普通的django身份验证函数

它适用于普通的django

django.contrib.auth.backends.modelbend

，但适用于DRF的

rest\u framework.authentication.SessionAuthentication

由于签名不兼容而失败

所有DRF的身份验证后端都希望

authenticate（）

函数具有签名

authenticate（self，request）

，这对我来说没有多大意义，因为请求还不包含用户信息

我该怎么办？

您可以发布导入内容吗。您应该导入django的身份验证function@KevanS. 是的，我喜欢。从authtoken逐字复制。我应该在DRF中寻找一些特殊的函数吗？Django的

authenticate

正在所有后端上循环，找到

SessionAuthentication

并尝试应用其

authenticate（）

，但由于签名不兼容而失败。身份验证后端可以接受任何一组关键字参数，但。。。DRF的

*身份验证类不是Django使用的身份验证后端。它们在AUTHENTICATION\u BACKENDS
中没有位置，但应该由您的DRF视图/视图集直接使用，或者在DEFAULT\u AUTHENTICATION\u CLASSES
中配置@knbk啊，您是对的-我的错。非常感谢。我应该删除这个问题，还是你会将你的评论作为答案发布？@knbk Hm，在我修复这个问题后，会话id不会存储在cookie中，尽管post返回状态200。