I'm quite new to Django. I want to make some authorization for mobile. I've read docs below: http://www.django-rest-framework.org/api-guide/authentication/#setting-the-authentication-scheme Although I've read and done as it is written thoroughly it does not work. I have obtained a token for one of user but when I want to authenticate with this token there is no result and I get AnonymousUser.
{"token": "e2a9b561fc24a65b607135857d304747a36d0e8d"}
curl -X GET http://<ip:port>/trainer/logToken/ -H "Authorization: Token e2a9b561fc24a65b607135857d304747a36d0e8d"
Results in:
AnonymousUser
My settings.py:
INSTALLED_APPS = (
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'rest_framework',
'rest_framework.authtoken',
'trainer',)
REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAuthenticated',
),
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework.authentication.TokenAuthentication',
'rest_framework.authentication.BasicAuthentication',
)
View:
def logToken(request):
return HttpResponse(request.user)
Any ideas? I tried to log using Basic Authentication but with no result as well
EDIT: When I execute:
curl -viL -H "Authorization: Token e2a9b561fc24a65b607135857d304747a36d0e8d" http://<ip:port>/trainer/logToken/
I get:
* About to connect() to <IP> port 8000 (#0)
* Trying <IP>...
* Adding handle: conn: 0x25b82c0
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x25b82c0) send_pipe: 1, recv_pipe: 0
* Connected to <IP> (<IP>) port 8000 (#0)
> GET /trainer/logToken/ HTTP/1.1
> User-Agent: curl/7.30.0
> Host: <IP>:8000
> Accept: */*
> Authorization: Token e2a9b561fc24a65b607135857d304747a36d0e8d
>
* HTTP 1.0, assume close after body
< HTTP/1.0 200 OK
HTTP/1.0 200 OK
< Date: Thu, 26 Nov 2015 20:52:36 GMT
Date: Thu, 26 Nov 2015 20:52:36 GMT
< Server: WSGIServer/0.2 CPython/3.4.2
Server: WSGIServer/0.2 CPython/3.4.2
< X-Frame-Options: SAMEORIGIN
X-Frame-Options: SAMEORIGIN
< Content-Type: text/html; charset=utf-8
Content-Type: text/html; charset=utf-8
< Vary: Cookie
Vary: Cookie
<
AnonymousUser* Closing connection 0
Line below is added by default
django.contrib.auth.middleware.AuthenticationMiddleware to your MIDDLEWARE_CLASSES
EDIT2:
I added one line to my view and now it looks as below:
@api_view(['GET'])
def logToken(request):
return HttpResponse(request.user)
and it works, but I have no idea why?
Without the api_view
decorator, it's a regular Django view. DRF embeds its own authentication and permission system as to avoid things such as requiring a CSRF even if you are posting data in JSON.
The counter part is that DRF extends the Django request in the APIView
performing authentication, authorization, throttling and a few other things there. Note that the api_view
decorator wraps an APIView
around your function.
Therefore, with the decorator, you'll have the DRF system active while without it simply won't work.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.