为什么django rest framework authenticate()签名不同于django authenticate()签名
我正在用DRF为我的REST api实现正常会话身份验证,但无法使其正常工作,因为DRF身份验证后端有一个签名与普通Django不同的为什么django rest framework authenticate()签名不同于django authenticate()签名,django,django-rest-framework,Django,Django Rest Framework,我正在用DRF为我的REST api实现正常会话身份验证,但无法使其正常工作,因为DRF身份验证后端有一个签名与普通Django不同的authenticate()方法 以下是我的AuthView和LoginSerializer,它们大多是从DRF的authtoken软件包中复制的: views.py: from django.shortcuts import render from django.template.response import TemplateResponse from dja
authenticate()
方法
以下是我的AuthView
和LoginSerializer
,它们大多是从DRF的authtoken软件包中复制的:
views.py
:
from django.shortcuts import render
from django.template.response import TemplateResponse
from django.contrib.auth import login, logout
from django.http import Http404
from rest_framework import viewsets, views
from rest_framework import mixins
from rest_framework import response
from rest_framework import status
from rest_framework import authentication
from serializers import *
from models import *
class AuthView(views.APIView):
authentication_classes = (authentication.SessionAuthentication, )
serializer_class = LoginSerializer
def post(self, request, *args, **kwargs):
serializer = self.serializer_class(data=request.data)
if serializer.is_valid(raise_exception=True):
user = serializer.validated_data['user']
response_data = UserSerializer(user).data
return response.Response(response_data)
return response.Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
from django.contrib.auth import authenticate
from django.utils.translation import ugettext_lazy as _
from rest_framework import serializers
from rest_framework import relations
from models import *
class LoginSerializer(serializers.Serializer):
username = serializers.CharField(label=_("Username"))
password = serializers.CharField(label=_("Password"), style={'input_type': 'password'})
def validate(self, attrs):
username = attrs.get('username')
password = attrs.get('password')
if username and password:
import pdb
pdb.set_trace()
user = authenticate(username=username, password=password)
if user:
if not user.is_active:
msg = _('User account is disabled.')
raise serializers.ValidationError(msg)
else:
msg = _('Unable to log in with provided credentials.')
raise serializers.ValidationError(msg)
else:
msg = _('Must include "username" and "password".')
raise serializers.ValidationError(msg)
attrs['user'] = user
return attrs
serializers.py
:
from django.shortcuts import render
from django.template.response import TemplateResponse
from django.contrib.auth import login, logout
from django.http import Http404
from rest_framework import viewsets, views
from rest_framework import mixins
from rest_framework import response
from rest_framework import status
from rest_framework import authentication
from serializers import *
from models import *
class AuthView(views.APIView):
authentication_classes = (authentication.SessionAuthentication, )
serializer_class = LoginSerializer
def post(self, request, *args, **kwargs):
serializer = self.serializer_class(data=request.data)
if serializer.is_valid(raise_exception=True):
user = serializer.validated_data['user']
response_data = UserSerializer(user).data
return response.Response(response_data)
return response.Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
from django.contrib.auth import authenticate
from django.utils.translation import ugettext_lazy as _
from rest_framework import serializers
from rest_framework import relations
from models import *
class LoginSerializer(serializers.Serializer):
username = serializers.CharField(label=_("Username"))
password = serializers.CharField(label=_("Password"), style={'input_type': 'password'})
def validate(self, attrs):
username = attrs.get('username')
password = attrs.get('password')
if username and password:
import pdb
pdb.set_trace()
user = authenticate(username=username, password=password)
if user:
if not user.is_active:
msg = _('User account is disabled.')
raise serializers.ValidationError(msg)
else:
msg = _('Unable to log in with provided credentials.')
raise serializers.ValidationError(msg)
else:
msg = _('Must include "username" and "password".')
raise serializers.ValidationError(msg)
attrs['user'] = user
return attrs
因此,LoginSerializer
调用身份验证(username=username,password=password)
作为一个普通的django身份验证函数
它适用于普通的djangodjango.contrib.auth.backends.modelbend
,但适用于DRF的rest\u framework.authentication.SessionAuthentication
由于签名不兼容而失败
所有DRF的身份验证后端都希望authenticate()
函数具有签名authenticate(self,request)
,这对我来说没有多大意义,因为请求还不包含用户信息
我该怎么办?您可以发布导入内容吗。您应该导入django的身份验证function@KevanS. 是的,我喜欢。从authtoken逐字复制。我应该在DRF中寻找一些特殊的函数吗?Django的
authenticate
正在所有后端上循环,找到SessionAuthentication
并尝试应用其authenticate()
,但由于签名不兼容而失败。身份验证后端可以接受任何一组关键字参数,但。。。DRF的*身份验证类不是Django使用的身份验证后端。它们在AUTHENTICATION\u BACKENDS
中没有位置,但应该由您的DRF视图/视图集直接使用,或者在DEFAULT\u AUTHENTICATION\u CLASSES
中配置@knbk啊,您是对的-我的错。非常感谢。我应该删除这个问题,还是你会将你的评论作为答案发布?@knbk Hm,在我修复这个问题后,会话id不会存储在cookie中,尽管post返回状态200。