[英]DRF - Token authentication alongside normal
I have an internal API where all ViewSet
s has LoginRequiredMixin
because this API is used only by logged in users.我有一个内部 API,其中所有ViewSet
都有LoginRequiredMixin
因为此 API 仅由登录用户使用。
Now I need to sometimes make it available through auth_token
- eg.现在我有时需要通过auth_token
使其可用 - 例如。 when the user is not logged in but has a token.当用户未登录但有令牌时。
I've added TokenAuthentication
:我添加了TokenAuthentication
:
REST_FRAMEWORK = {
'DEFAULT_FILTER_BACKENDS': ['django_filters.rest_framework.DjangoFilterBackend',
'rest_framework.filters.OrderingFilter'],
'DEFAULT_AUTHENTICATION_CLASSES': [
'rest_framework.authentication.TokenAuthentication',
'rest_framework.authentication.SessionAuthentication',
],
}
And tried to access API using Authorization header: Token <MYTOKEN>
but it redirects all requests to log in.并尝试使用 Authorization header: Token <MYTOKEN>
访问 API,但它重定向了所有登录请求。
How to make it work so the user has to be either authenticated or use an Authorization header?如何使其工作,以便用户必须经过身份验证或使用 Authorization 标头?
This is a ViewSet
:这是一个ViewSet
:
class OrderViewSet(LoginRequiredMixin, ModelViewSet):
serializer_class = OrderSerializer
filterset_class = OrderFilter
On this problem, i have 2 solution for you关于这个问题,我有 2 个解决方案
1.Remove LoginRequiredMixin
, because LoginRequiredMixin
used for django View authentication not for django rest framework view (*authentication) 1.移除LoginRequiredMixin
,因为LoginRequiredMixin
用于 django View 认证而不是 django rest 框架视图 (*authentication)
class OrderViewSet(ModelViewSet):
serializer_class = OrderSerializer
filterset_class = OrderFilter
and then add on setting.py
file set the default permission
and authentication
class of REST_FRAMEWORK
, like this然后在setting.py
文件中添加REST_FRAMEWORK
的默认permission
和authentication
类,像这样
REST_FRAMEWORK = {
'DEFAULT_FILTER_BACKENDS': ['django_filters.rest_framework.DjangoFilterBackend',
'rest_framework.filters.OrderingFilter'],
'DEFAULT_AUTHENTICATION_CLASSES': [
'rest_framework.authentication.TokenAuthentication',
'rest_framework.authentication.SessionAuthentication',
],
'DEFAULT_PERMISSION_CLASSES': [
'rest_framework.permissions.IsAuthenticated',
]
}
2.if you want to set permission
and authentication
add on class view, you do not have to setting.py file config. 2.如果你想在类视图上设置permission
和authentication
添加,你不必在setting.py文件中配置。 Try this尝试这个
from rest_framework.permissions import IsAuthenticated
from rest_framework.authentication import TokenAuthentication, SessionAuthentication
class OrderViewSet(ModelViewSet):
permission_classes = (IsAuthenticated, )
authentication_classes = (SessionAuthentication, TokenAuthentication, )
serializer_class = OrderSerializer
filterset_class = OrderFilter
You have to include 'rest_framework.authtoken' in your INSTALLED_APPS setting.您必须在 INSTALLED_APPS 设置中包含“rest_framework.authtoken”。
see here TokenAuthentication看这里TokenAuthentication
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.