Django,DRF令牌认证不起作用,获取匿名用户
[英]Django, DRF Token authentication doesn't work, get Anonymous User
问题描述
I'm quite new to Django. 
我是Django的新手。 I want to make some authorization for mobile. 我想为手机做一些授权。 I've read docs below: http://www.django-rest-framework.org/api-guide/authentication/#setting-the-authentication-scheme Although I've read and done as it is written thoroughly it does not work. 我已阅读以下文档: http : //www.django-rest-framework.org/api-guide/authentication/#setting-the-authentication-scheme尽管我已经阅读并完成了它的编写工作,但它并没有工作。 I have obtained a token for one of user but when I want to authenticate with this token there is no result and I get AnonymousUser. 我已经为一个用户获得了一个令牌,但是当我想使用该令牌进行身份验证时,没有结果,我得到了AnonymousUser。
{"token": "e2a9b561fc24a65b607135857d304747a36d0e8d"}
curl -X GET http://<ip:port>/trainer/logToken/ -H "Authorization: Token e2a9b561fc24a65b607135857d304747a36d0e8d"
Results in: 结果是:
AnonymousUser
My settings.py: 我的settings.py:
INSTALLED_APPS = (
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'rest_framework',
'rest_framework.authtoken',
'trainer',)
REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAuthenticated',
),
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework.authentication.TokenAuthentication',
'rest_framework.authentication.BasicAuthentication',
)
View: 视图:
def logToken(request):
return HttpResponse(request.user)
Any ideas? 有任何想法吗? I tried to log using Basic Authentication but with no result as well 我尝试使用基本身份验证登录,但也没有结果
EDIT: When I execute: 编辑:当我执行:
curl -viL -H "Authorization: Token e2a9b561fc24a65b607135857d304747a36d0e8d" http://<ip:port>/trainer/logToken/
I get: 我得到:
* About to connect() to <IP> port 8000 (#0)
* Trying <IP>...
* Adding handle: conn: 0x25b82c0
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x25b82c0) send_pipe: 1, recv_pipe: 0
* Connected to <IP> (<IP>) port 8000 (#0)
> GET /trainer/logToken/ HTTP/1.1
> User-Agent: curl/7.30.0
> Host: <IP>:8000
> Accept: */*
> Authorization: Token e2a9b561fc24a65b607135857d304747a36d0e8d
>
* HTTP 1.0, assume close after body
< HTTP/1.0 200 OK
HTTP/1.0 200 OK
< Date: Thu, 26 Nov 2015 20:52:36 GMT
Date: Thu, 26 Nov 2015 20:52:36 GMT
< Server: WSGIServer/0.2 CPython/3.4.2
Server: WSGIServer/0.2 CPython/3.4.2
< X-Frame-Options: SAMEORIGIN
X-Frame-Options: SAMEORIGIN
< Content-Type: text/html; charset=utf-8
Content-Type: text/html; charset=utf-8
< Vary: Cookie
Vary: Cookie
<
AnonymousUser* Closing connection 0
Line below is added by default 默认情况下添加以下行
django.contrib.auth.middleware.AuthenticationMiddleware to your MIDDLEWARE_CLASSES
EDIT2: EDIT2:
I added one line to my view and now it looks as below: 我在视图中添加了一行,现在看起来如下:
@api_view(['GET'])
def logToken(request):
return HttpResponse(request.user)
and it works, but I have no idea why? 可以,但是我不知道为什么?
1 个解决方案
解决方案1
2 已采纳 2015-11-27 11:52:59
Without the api_view decorator, it's a regular Django view. 没有api_view装饰器,它是常规的Django视图。 DRF embeds its own authentication and permission system as to avoid things such as requiring a CSRF even if you are posting data in JSON. DRF嵌入了自己的身份验证和权限系统,以免发生诸如要求CSRF之类的事情,即使您以JSON形式发布数据。
The counter part is that DRF extends the Django request in the APIView performing authentication, authorization, throttling and a few other things there. 相对的部分是DRF扩展了APIView的Django请求,在APIView执行身份验证,授权,限制和其他一些操作。 Note that the api_view decorator wraps an APIView around your function. 请注意, api_view装饰器将api_view封装在APIView周围。
Therefore, with the decorator, you'll have the DRF system active while without it simply won't work. 因此,使用装饰器,您将使DRF系统处于活动状态,而没有DRF系统将无法正常工作。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.