[英]Django: Authentication credentials were not provided
我在这个主题上搜集了十几个类似的SO帖子,并以我所理解的最好的方式实施了他们的解决方案,但它们并没有为我工作。 为什么得到此错误 detail: "Authentication credentials were not provided."
使用AJAX修补程序请求击中Django Rest Framework端点后? 我感谢您的帮助!
一些细节
bookid
,我只想将bookid
添加到api.BookGroup
模型中的ManyToManyField books
字段中 permission_classes = (IsAuthenticated,)
,如果我在发出请求时登录,则应允许补丁请求(是的,我肯定已登录) Ajax标头中的表单数据显示我正确地传递了CSRF令牌和适当的变量:
csrfmiddlewaretoken: UjGnVfQTfcmkZKtWjI0m89zlAJqR0wMmUVdh1T1JaiCdyRe2TiW3LPWt bookid: 1 bookgroupid: 71
AJAX
function AddToBookGroup(bookgroupid,bookid){
$.ajax({
type: "PATCH",
url: '/api/bookgroups/'+bookgroupid+'/',
data: {
csrfmiddlewaretoken: window.CSRF_TOKEN,
bookid: bookid,
bookgroupid: bookgroupid
},
success: function(data){
console.log( 'success, server says '+data);
}
});
}
URLS.py
from django.urls import path, include
from django.conf.urls import url
from . import views
from django.conf import settings
from django.conf.urls.static import static
urlpatterns = [
path('', include(router.urls)),
url(r'bookgroups/\d+/$', views.BookGroupUpdateSet.as_view()),
] + static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)
VIEWS.py
from rest_framework.generics import ListAPIView, DestroyAPIView, UpdateAPIView, RetrieveAPIView
from rest_framework.authentication import TokenAuthentication, SessionAuthentication, BasicAuthentication
from rest_framework.authtoken.serializers import AuthTokenSerializer
from rest_framework.authtoken.views import ObtainAuthToken
from rest_framework.permissions import IsAuthenticatedOrReadOnly, IsAuthenticated
from . import serializers, models, permissions
class BookGroupUpdateSet(UpdateAPIView):
queryset = models.BookGroup.objects.all()
model = models.BookGroup
serializer_class = serializers.BookGroupUpdateSerializer
def patch(self, request, pk=None):
permission_classes = (IsAuthenticated,)
authentication_classes = (TokenAuthentication,)
bookid = request.Patch['bookid']
bookgroupid = request.Patch['bookgroupid']
print("...Print stuff...")
SETTINGS.py
INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'authenticate',
'api',
'rest_framework',
'rest_framework.authtoken',
]
AUTH_USER_MODEL = "api.UserProfile"
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework.authentication.TokenAuthentication',
'rest_framework.authentication.SessionAuthentication',
),
'DEFAULT_PERMISSION_CLASSES': (
# 'rest_framework.permissions.AllowAny', # I've tried this too, same results
'rest_framework.permissions.IsAuthenticated',
)
}
一旦您的API视图要求进行身份验证才能访问,则需要向请求的标头提供Authorization标头: Authorization: Token <token>
那么,您如何获得此令牌? 根据DRF文档,您需要为数据库中的每个用户创建一个令牌。 因此,无论何时创建新用户,您都必须手动执行操作,或者可以通过导入和使用DRF令牌认证视图来使用:
from rest_framework.authtoken.views import ObtainAuthToken
但是我建议您使用django-rest-auth应用程序,它可以简化DRF中的令牌身份验证过程。 https://django-rest-auth.readthedocs.io/en/latest/
在Django Rest Framework视图中,您无需使用CSRF令牌,而可以使用自定义DRF令牌(即rest_framework.authtoken
的用途)。 创建新用户时,必须创建其令牌,如下所示:
def create(self, validated_data):
from rest_framework.authtoken.models import Token
try:
user = models.User.objects.get(email=validated_data.get('email'))
except User.DoesNotExist:
user = models.User.objects.create(**validated_data)
user.set_password(user.password)
user.save()
Token.objects.create(user=user) # -------> Token creation
return user
else:
raise CustomValidation('eMail already in use', 'email', status_code=status.HTTP_409_CONFLICT)
然后,您必须为用户获取令牌,并将其发送到键名称为Authorization
且值为Token <token>
的标头中。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.