Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/django/23.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181

Warning: file_get_contents(/data/phpspider/zhask/data//catemap/5/ember.js/4.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Django不认识我的代币?_Django_Ember.js_Django Rest Framework_Django Rest Auth - Fatal编程技术网
Fatal编程技术网
  • django/
  • Django不认识我的代币?

Django不认识我的代币?

django ember.js django-rest-framework

Django不认识我的代币?,django,ember.js,django-rest-framework,django-rest-auth,Django,Ember.js,Django Rest Framework,Django Rest Auth,我在后端使用Django Rest框架,在前端使用ember cli应用程序。身份验证工作正常,但授权中似乎存在漏洞 # settings.py REST_FRAMEWORK = { 'DEFAULT_PERMISSION_CLASSES': ( 'rest_framework.permissions.AllowAny', ), 'DEFAULT_AUTHENTICATION_CLASSES': ( 'rest_framework.auth

我在后端使用Django Rest框架,在前端使用ember cli应用程序。身份验证工作正常,但授权中似乎存在漏洞

# settings.py
REST_FRAMEWORK = {
    'DEFAULT_PERMISSION_CLASSES': (
        'rest_framework.permissions.AllowAny',
    ),
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework.authentication.TokenAuthentication',
    ),
}

# views.py
class CurrentUserView(APIView):
    "get the data for the current authenticatd user"
    permission_classes = (IsAuthenticated,)

    def get_queryset(self, request):
        queryset = User.objects.filter(username=request.user.username)
        return queryset

    def get(self, request):
        serializer = UserSerializer(request.user)
        return Response(serializer.data)
当我向这个端点/v1/me/发出请求时,它会以403作为响应。当我关闭permission类时,我返回{id:null,username:,is_active:false},因为它不知道我是谁

另外,当我使用可浏览的API时,/v1/meURL可以正常工作

在余烬方面,我使用我的帐户登录,并正确地取回我的令牌。在请求中,正在传递授权:令牌asdf1234asdf1234asdf1234。我想Django拿走了那个令牌,知道我是谁?我遗漏了什么吗?

试试类似的方法

from rest_framework import authentication
class TokenAuthView(APIView):
    authentication_classes = (authentication.TokenAuthentication,)
那么

在设置中,您需要添加身份验证令牌

# settings.py
   INSTALLED_APP = ('rest_framework.authtoken',)
您不需要在每个视图上都添加身份验证类。

没有TokenGETAuthentication,但我添加了该身份验证类,它可以正常工作。我不知道为什么,因为这应该是我的默认身份验证类,应该自动应用?我从我的系统复制粘贴了它,我重命名为:。已更新 
# settings.py
   INSTALLED_APP = ('rest_framework.authtoken',)