如何将数据存储到与当前用户关联的 model 中?
[英]How to store data into a model associated with the current user?
问题描述
In my frontend i'm logging into another app's api in the browser, I'm then redirected back to my app, that hits a View in my backend which gets a code from the other app's api, sends code back in a post request then receives an access token and stores it in a model associated with the current user.
在我的前端,我在浏览器中登录另一个应用程序的 api,然后我被重定向回我的应用程序,它在我的后端点击一个视图,它从另一个应用程序的 api 获取代码,然后在发布请求中发回代码接收访问令牌并将其存储在与当前用户关联的 model 中。
My problem is that after the user gives permission to other app in the browser it redirects back to my backend view without the users token in the header so if i have permissions_classes set it wont allow user to access that view... but if i take the permissions_classes off, the view won't know who the current user is.我的问题是,在用户向浏览器中的其他应用程序授予权限后,它会在 header 中没有用户令牌的情况下重定向回我的后端视图,所以如果我设置了 permissions_classes,它将不允许用户访问该视图......但是如果我采取permissions_classes 关闭,视图将不知道当前用户是谁。
View #1 that prepares the other app's API url:查看 #1 准备其他应用程序的 API url:
class getAPIAuthURL(APIView):
authentication_class = [authentication.TokenAuthentication]
permission_class = [permissions.IsAuthenticated]
def get(self, request):
scopes = 'scopes'
url = Request('GET', 'https://accounts.api.com/authorize',
params={
'scope': scopes,
'response_type': 'code',
'redirect_uri': REDIRECT_URL,
'client_id': CLIENT_ID
}
).prepare().url
return Response(url, status=status.HTTP_200_OK)
View #2 that gets data and stores it in model (this is the REDIRECT_URL from previous view):获取数据并将其存储在 model 中的视图 #2(这是之前视图中的 REDIRECT_URL):
class APICallback(APIView):
authentication_class = [authentication.TokenAuthentication]
permission_class = [permissions.IsAuthenticated]
def api_callback(request, format=None):
code = request.GET.get('code')
if not code:
return Response({'Error': 'Code not found in request'}, status=status.HTTP_400_BAD_REQUEST)
response = post('https://accounts.api.com/api/token', data={
'code': code,
}).json()
print(response)
user = request.user
access_token = response.get('access_token')
token = APITokenModel(user=user, access_token=access_token)
token.save()
return redirect('frontend')
I have other Views that make requests and it has been able to get the token to know who the user is, but when this View is called I get a 401 Unauthorized error.我有其他发出请求的视图,它已经能够获取令牌以了解用户是谁,但是当调用此视图时,我收到 401 未授权错误。
How do I let Django know the token I'm receiving from the other app's api belongs to the current user?我如何让 Django 知道我从其他应用程序的 api 收到的令牌属于当前用户?
also... when I take off permissions and authentication class from the View it returns the user as Anonymous User还...当我从视图中取消权限和身份验证 class 时,它会将用户作为匿名用户返回
1 个解决方案
解决方案1
0 2022-04-22 08:26:42
First, what authentication class are you using?首先,您使用的是什么身份验证 class? You should know that your TokenAuthentication class uses the Authorization header in your request to authenticate you.你应该知道你的 TokenAuthentication class 在你的请求中使用授权 header 来验证你。 If that's not been passed then you should fix that.如果那没有通过,那么你应该解决这个问题。
It would be worth knowing that you don't send auth tokens as GET and should not be sent as those.值得一提的是,您不会将身份验证令牌作为 GET 发送,也不应作为 GET 发送。 Unless of course you want to write an Authentication class of your own.当然,除非您想编写自己的身份验证 class。
EDIT In lieu of our discuss in the comments, try this redirect...编辑代替我们在评论中的讨论,试试这个重定向......
# import the class
from django.http import HttpResponseRedirect
# now redirect
return HttpResponseRedirect(redirect_to="url", headers=dict)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.