stackoom
  简体   繁体   中英

Tastypie recognizes logged in user as AnonymousUser

 原文  2012-05-03 03:26:11       python/ django/ tastypie

Question

I deployed my Django app to a remote server, but tastypie doesn't recognize a logged in user on the remote server.

I have a tastypie resource that filters all objects that belong to the currently logged in user: 

  def apply_authorization_limits(self, request, object_list):
    return object_list.filter(user=request.user)

When I try to do a GET request on the endpoint for the objects, I get the following error: 

int() argument must be a string or a number, not 'AnonymousUser

I am guessing because the login did not work correctly?

Or did it? On a template page, I have the following code: 

{% if user.is_authenticated %}
  Logged in as <strong>{{ user.username }}</strong>
  <a href="/users/logout">Logout</a>
{% else %}
  <a href="/users/signup">Signup</a>
  <a href="/users/login">Login</a>
{% endif %}

And the code correctly displays the user's username (which means that the user has been authenticated). What could be happening? On my local server, I am able to do all HTTP requests to the tastypie API successfully, and I am not known as an AnonymousUser, but on my remote server, I am known as AnonymousUser to Tastypie

Edit: When I have a print statement printing out request.user in any view, I get the correct logged in user. When I have a print statement in my Tastypie api.py that prints out request.user, then I am known as AnonymousUser. Why would I be known as AnonymousUser to Tastypie but not to the rest of the application?

Edit: I am using the following authentication: 

authentication = Authentication()

If I changed the authentication to ApiKeyAuthentication, then I would have to post the username and api key on each GET/POST request to a Resource. The problem with doing that is that I would have to create a new intermediate view which queried for the username and the view and then did the GET/POST to the Tastypie endpoint. Is there another solution for this? The second way is to embed the username and apikey into the webapp and get JS to grab those values and add them to the GET/POST querystring, but this could lead to a security issue. It would be a security issue because a user could pretend to be another user if they had their username and api key.

1 answers

solution1
 1 ACCPTED  2012-05-09 03:43:43

First: APIKeyAuth: It's as much of an issue as if another user gets the username and password, or the session id over an insecure connection.

Second: If you want to use session based authentication (it only works in the browser, for currently logged in users) You would need to create your own authentication backend, which is detailed in the docs at http://django-tastypie.readthedocs.org/en/latest/authentication_authorization.html#implementing-your-own-authentication-authorization

Scroll up a bit from there though, and read the nasty warning about the Authentication method that you have chosen.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Providing 'default' User when not logged in instead of AnonymousUser Get logged in user and value of another model - Tastypie User is set to AnonymousUser after a user_logged_in signal is received in Django with all-auth get user returns “AnonymousUser” on django Django Tastypie User Registration TastyPie throttling - by user or by IP? Where in Django does a user become an AnonymousUser? request.user on AbstractUser gives AnonymousUser TypeError Tastypie - redirect user to new url Not able to authenticate using the django rest framework (request.user = AnonymousUser)
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM