Fatal编程技术网
  • django/
  • Django DRF未激活的令牌身份验证

Django DRF未激活的令牌身份验证

django authentication django-rest-framework

Django DRF未激活的令牌身份验证,django,authentication,django-rest-framework,token,Django,Authentication,Django Rest Framework,Token,我是DRF(Django Rest框架)的初学者。 我试图在api调用中使用带有令牌的身份验证 我已经做到了: 1-创建新用户时: from django.db.models.signals import post_save from django.dispatch import receiver from rest_framework.authtoken.models import Token from django.conf import settings # This code is t

我是DRF(Django Rest框架)的初学者。 我试图在api调用中使用带有令牌的身份验证

我已经做到了:

1-创建新用户时:

from django.db.models.signals import post_save
from django.dispatch import receiver
from rest_framework.authtoken.models import Token
from django.conf import settings

# This code is triggered whenever a new user has been created and saved to the database
@receiver(post_save, sender=settings.AUTH_USER_MODEL)
def create_auth_token(sender, instance=None, created=False, **kwargs):
    if created:
        Token.objects.create(user=instance)
2-创建:

./manage.py createsuperuser --email f.user@blahblah.com --username fabrice
这两个表(authtoken\u-tokenauth\u-user)正常

但是,当我调用API时,如果a没有添加令牌,则API正在工作:(:

但是,只有此呼叫必须有效,,否??:

http -a fabrice:azerty12 http://127.0.0.1:8000/firerisk/highway/ 'Authorization: Token a840a16a3cd43e346f7a3e1442fce0acdf51d609'
而且,如果我不使用身份验证,它是失败的,并且它是可以的

$ http http://127.0.0.1:8000/firerisk/highway/
HTTP/1.1 401 Unauthorized
Allow: GET
Content-Length: 58
Content-Type: application/json
Date: Thu, 31 May 2018 12:25:44 GMT
Server: WSGIServer/0.2 CPython/3.5.2
Vary: Accept, Cookie
WWW-Authenticate: Basic realm="api"
X-Frame-Options: SAMEORIGIN

{
    "detail": "Informations d'authentification non fournies."
}
更新: my settings.py:

    # the REST Framework
    'rest_framework',
    'rest_framework.authtoken',
    'django_extensions',
]

REST_FRAMEWORK = {
    'DEFAULT_PERMISSION_CLASSES': (
        'rest_framework.permissions.IsAuthenticated',
    ),
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework.authentication.BasicAuthentication',
        'rest_framework.authentication.SessionAuthentication',
        'rest_framework.authentication.TokenAuthentication',
    )
}
和一个视图集(ModelViewSet):

我错了

谢谢你的帮助

F.

您需要先学习基础知识。什么是HTTP,什么是HTTP头,什么是Django会话(它不是HTTP头,会话的内容不影响头),阅读关于令牌身份验证的Django REST框架文档

如果要在浏览器中测试视图,请在DRF DEFAULT_authentication_CLASSES配置变量中显式允许Django会话身份验证。它可以与令牌身份验证共存

除非您使用诸如RESTClient、DHC或REST-Easy之类的插件,否则无法让普通web浏览器将令牌附加到HTTP请求

您正在向Django会话添加令牌,但您已经在DRF中禁用了会话身份验证,即使您启用了它,DRF也不会从Django会话中读取令牌,因为API客户端无法将令牌添加到Django会话。即使DRF从Django会话中读取令牌,也完全没有意义,因为客户端无法控制th的内容

如果我像这样调用api,它似乎正在工作(不提用户名/密码):http“Authorization:Token a840a16a3cd43e346f7a3e1442fce0acdf51d609”。您好,谢谢,但我知道所有这些:)。但不是,整个DRF概念。我没有提到设置.py。我在已安装的应用程序和REST框架变量中添加了所有正确的代码。我上面的评论是有效的。 
    # the REST Framework
    'rest_framework',
    'rest_framework.authtoken',
    'django_extensions',
]

REST_FRAMEWORK = {
    'DEFAULT_PERMISSION_CLASSES': (
        'rest_framework.permissions.IsAuthenticated',
    ),
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework.authentication.BasicAuthentication',
        'rest_framework.authentication.SessionAuthentication',
        'rest_framework.authentication.TokenAuthentication',
    )
}

class HighwayViewSet(viewsets.ModelViewSet):
    """
    API endpoint that allows highway to be viewed
    """
    serializer_class = HighwaySerializer
    # Authentification !
    permission_classes = (IsAuthenticated,)
    queryset = Highway.objects.all().order_by('name')
    # Only 'get' method
    http_method_names = ['get']