DRF - 令牌身份验证与正常

Question

I have an internal API where all ViewSet s has LoginRequiredMixin because this API is used only by logged in users.我有一个内部 API，其中所有ViewSet都有LoginRequiredMixin因为此 API 仅由登录用户使用。

Now I need to sometimes make it available through auth_token - eg.现在我有时需要通过auth_token使其可用 - 例如。 when the user is not logged in but has a token.当用户未登录但有令牌时。

I've added TokenAuthentication :我添加了TokenAuthentication ：

REST_FRAMEWORK = {
    'DEFAULT_FILTER_BACKENDS': ['django_filters.rest_framework.DjangoFilterBackend',
                                'rest_framework.filters.OrderingFilter'],

    'DEFAULT_AUTHENTICATION_CLASSES': [
        'rest_framework.authentication.TokenAuthentication',
        'rest_framework.authentication.SessionAuthentication',


    ],
}

And tried to access API using Authorization header: Token <MYTOKEN> but it redirects all requests to log in.并尝试使用 Authorization header: Token <MYTOKEN>访问 API，但它重定向了所有登录请求。

How to make it work so the user has to be either authenticated or use an Authorization header?如何使其工作，以便用户必须经过身份验证或使用 Authorization 标头？

This is a ViewSet :这是一个ViewSet ：

class OrderViewSet(LoginRequiredMixin, ModelViewSet):
    serializer_class = OrderSerializer
    filterset_class = OrderFilter

Answer 1

On this problem, i have 2 solution for you关于这个问题，我有 2 个解决方案

1.Remove LoginRequiredMixin , because LoginRequiredMixin used for django View authentication not for django rest framework view (*authentication) 1.移除LoginRequiredMixin ，因为LoginRequiredMixin用于 django View 认证而不是 django rest 框架视图 (*authentication)

class OrderViewSet(ModelViewSet):
    serializer_class = OrderSerializer
    filterset_class = OrderFilter

and then add on setting.py file set the default permission and authentication class of REST_FRAMEWORK , like this然后在setting.py文件中添加REST_FRAMEWORK的默认permission和authentication类，像这样

REST_FRAMEWORK = {
    'DEFAULT_FILTER_BACKENDS': ['django_filters.rest_framework.DjangoFilterBackend',
                            'rest_framework.filters.OrderingFilter'],
    'DEFAULT_AUTHENTICATION_CLASSES': [
        'rest_framework.authentication.TokenAuthentication',
        'rest_framework.authentication.SessionAuthentication',
    ],
    'DEFAULT_PERMISSION_CLASSES': [
        'rest_framework.permissions.IsAuthenticated',
    ]
}

2.if you want to set permission and authentication add on class view, you do not have to setting.py file config. 2.如果你想在类视图上设置permission和authentication添加，你不必在setting.py文件中配置。 Try this尝试这个

from rest_framework.permissions import IsAuthenticated
from rest_framework.authentication import TokenAuthentication, SessionAuthentication

class OrderViewSet(ModelViewSet):
    permission_classes = (IsAuthenticated, )
    authentication_classes = (SessionAuthentication, TokenAuthentication, )
    serializer_class = OrderSerializer
    filterset_class = OrderFilter

Answer 2

You have to include 'rest_framework.authtoken' in your INSTALLED_APPS setting.您必须在 INSTALLED_APPS 设置中包含“rest_framework.authtoken”。

see here TokenAuthentication看这里TokenAuthentication

DRF - 令牌身份验证与正常

问题描述

2 个解决方案

解决方案1
3 已采纳 2019-12-18 11:44:28

解决方案2
0 2019-12-18 11:00:41

DRF - 令牌身份验证与正常

问题描述

2 个解决方案

解决方案1 3 已采纳 2019-12-18 11:44:28

解决方案2 0 2019-12-18 11:00:41

解决方案1
3 已采纳 2019-12-18 11:44:28

解决方案2
0 2019-12-18 11:00:41