[英]Issue with the Python Eve TokenAuth Feature
I am currently testing the python-eve library since a few days to create a restful API but I'm experiencing some issues when I follow this tutorial to implement a "Token Authentication". 自几天以来,我目前正在测试python-eve库,以创建一个宁静的API,但是当我按照本教程实现“令牌身份验证”时遇到了一些问题。
Here is my user schema: 这是我的用户架构:
users_schema = {
'username': {
'type': 'string',
'required': True,
'unique': True,
},
'password': {
'type': 'string',
'required': True,
},
'roles': {
'type': 'list',
'allowed': ['user', 'sudo', 'admin'],
'required': True,
},
'token': {
'type': 'string',
'required': True,
}
}
Here is my user domain configuration: 这是我的用户域配置:
users = {
'title': 'user',
'additional_lookup': {
'url': 'regex("[\w]+")',
'field': 'username'
},
'cache_control': '',
'cache_expires': 0,
'allowed_roles': ['sudo', 'admin', 'user'],
'extra_response_fields': ['token'],
'schema': users_schema
}
And here is the code I run to test my API: 这是我运行以测试API的代码:
class RolesAuth(TokenAuth):
def check_auth(self, token, allowed_roles, resource, method):
users = app.data.driver.db['users']
lookup = {'token': token}
if allowed_roles:
lookup['roles'] = {'$in': allowed_roles}
user = users.find_one(lookup)
return user
def add_token(documents):
for document in documents:
document["token"] = (''.join(random.choice(string.ascii_uppercase) for x in range(10)))
if __name__ == '__main__':
app = Eve(auth=RolesAuth)
app.on_insert_users += add_token
app.run()
My problem is when I try to make a request on the users endpoint like this 我的问题是,当我尝试在这样的用户端点上发出请求时
curl -X GET "http://localhost:5000/users" -H "Content-Type: application/json" -H "Authorization: Basic <MY_TOKEN>"
With the as the token actually stored in the users collection, I always got the following error: 使用令牌作为实际存储在用户集合中的令牌,我总是会遇到以下错误:
Please provide proper credentials
请提供适当的凭证
And on the API logs: 并在API日志上:
127.0.0.1 - [29/Jun/2014 03:12:32] "GET /users HTTP/1.1" 401 -
127.0.0.1-[2014年6月29日03:12:32]“ GET / users HTTP / 1.1” 401-
Here is a sample of what I have in mongodb for the user's token that I use for this example: 这是我在mongodb中用于此示例的用户令牌的示例:
{
"username" : "cmorent",
"password" : "<MY_PASSWORD>"
"roles" : [
"sudo",
"admin",
"user"
],
"token" : "<MY_TOKEN>"
}
Do you guys have any idea of what I am doing wrong? 你们知道我在做什么错吗? Is this something wrong with the Authorization header that I send?
我发送的授权标头有问题吗?
Thank you guys for your help! 谢谢你们的帮助!
Have you properly encoded the token being sent with your request? 您是否正确编码了随请求一起发送的令牌? Basic/Token auth want it Base64-encoded.
基本/令牌身份验证需要Base64编码。 I suggest you experiment with some kind of client (like Postman in Chrome) so you can see what actually is going on and how the auth token is being encoded.
我建议您尝试使用某种客户端(例如Chrome中的Postman),以了解实际情况以及auth令牌的编码方式。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.