Django DRF未激活的令牌身份验证
我是DRF(Django Rest框架)的初学者。 我试图在api调用中使用带有令牌的身份验证 我已经做到了: 1-创建新用户时:Django DRF未激活的令牌身份验证,django,authentication,django-rest-framework,token,Django,Authentication,Django Rest Framework,Token,我是DRF(Django Rest框架)的初学者。 我试图在api调用中使用带有令牌的身份验证 我已经做到了: 1-创建新用户时: from django.db.models.signals import post_save from django.dispatch import receiver from rest_framework.authtoken.models import Token from django.conf import settings # This code is t
from django.db.models.signals import post_save
from django.dispatch import receiver
from rest_framework.authtoken.models import Token
from django.conf import settings
# This code is triggered whenever a new user has been created and saved to the database
@receiver(post_save, sender=settings.AUTH_USER_MODEL)
def create_auth_token(sender, instance=None, created=False, **kwargs):
if created:
Token.objects.create(user=instance)
2-创建:
./manage.py createsuperuser --email f.user@blahblah.com --username fabrice
这两个表(authtoken\u-token和auth\u-user)正常
但是,当我调用API时,如果a没有添加令牌,则API正在工作:(:
但是,只有此呼叫必须有效,,否??:
http -a fabrice:azerty12 http://127.0.0.1:8000/firerisk/highway/ 'Authorization: Token a840a16a3cd43e346f7a3e1442fce0acdf51d609'
而且,如果我不使用身份验证,它是失败的,并且它是可以的:
$ http http://127.0.0.1:8000/firerisk/highway/
HTTP/1.1 401 Unauthorized
Allow: GET
Content-Length: 58
Content-Type: application/json
Date: Thu, 31 May 2018 12:25:44 GMT
Server: WSGIServer/0.2 CPython/3.5.2
Vary: Accept, Cookie
WWW-Authenticate: Basic realm="api"
X-Frame-Options: SAMEORIGIN
{
"detail": "Informations d'authentification non fournies."
}
更新:
my settings.py:
# the REST Framework
'rest_framework',
'rest_framework.authtoken',
'django_extensions',
]
REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAuthenticated',
),
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework.authentication.BasicAuthentication',
'rest_framework.authentication.SessionAuthentication',
'rest_framework.authentication.TokenAuthentication',
)
}
和一个视图集(ModelViewSet):
我错了
谢谢你的帮助
F.您需要先学习基础知识。什么是HTTP,什么是HTTP头,什么是Django会话(它不是HTTP头,会话的内容不影响头),阅读关于令牌身份验证的Django REST框架文档 如果要在浏览器中测试视图,请在DRF DEFAULT_authentication_CLASSES配置变量中显式允许Django会话身份验证。它可以与令牌身份验证共存 除非您使用诸如RESTClient、DHC或REST-Easy之类的插件,否则无法让普通web浏览器将令牌附加到HTTP请求
您正在向Django会话添加令牌,但您已经在DRF中禁用了会话身份验证,即使您启用了它,DRF也不会从Django会话中读取令牌,因为API客户端无法将令牌添加到Django会话。即使DRF从Django会话中读取令牌,也完全没有意义,因为客户端无法控制th的内容如果我像这样调用api,它似乎正在工作(不提用户名/密码):http“Authorization:Token a840a16a3cd43e346f7a3e1442fce0acdf51d609”。您好,谢谢,但我知道所有这些:)。但不是,整个DRF概念。我没有提到设置.py。我在已安装的应用程序和REST框架变量中添加了所有正确的代码。我上面的评论是有效的。
# the REST Framework
'rest_framework',
'rest_framework.authtoken',
'django_extensions',
]
REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAuthenticated',
),
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework.authentication.BasicAuthentication',
'rest_framework.authentication.SessionAuthentication',
'rest_framework.authentication.TokenAuthentication',
)
}
class HighwayViewSet(viewsets.ModelViewSet):
"""
API endpoint that allows highway to be viewed
"""
serializer_class = HighwaySerializer
# Authentification !
permission_classes = (IsAuthenticated,)
queryset = Highway.objects.all().order_by('name')
# Only 'get' method
http_method_names = ['get']