0
我使用DRF 1.10和Python 3.5。如何使用Django Rest Framework正確設置令牌認證?
我試圖使用DRF的rest_framework.authtoken.models.Token在登錄時對用戶進行身份驗證。這是我有:
views.py
class LoginView(views.APIView):
serializer_class = LoginSerializer
def post(self, request, **kwargs):
serializer = self.serializer_class(data=request.data)
if serializer.is_valid():
user = User.objects.get(username=serializer.data['username'])
token = Token.objects.create(user=user)
response = {}
response['user'] = serializer.data
response['token'] = token.key
return Response(response, status=status.HTTP_200_OK)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
serializers.py
class LoginSerializer(serializers.Serializer):
username = serializers.CharField()
password = serializers.CharField()
def validate(self, attrs):
username = attrs.get("username").lower()
password = attrs.get("password")
user = authenticate(username=username, password=password)
if user:
attrs["user"] = user
return attrs
else:
raise serializers.ValidationError(
"Unable to login with credentials provided."
)
在登錄我想提供一個令牌用戶和註銷我想刪除令牌。問題是,當我試圖通過令牌的密鑰和與其相關的用戶查找令牌來刪除令牌時,我無法找到該令牌。註銷視圖在這裏:
class LogoutView(views.APIView):
def post(self, request, **kwargs):
try:
token = request.META['HTTP_AUTHORIZATION'].split(" ")[1]
invalidate_token = Token.objects.filter(key=token, user=request.user)
invalidate_token.delete()
return Response({ detail: "Logged out"}, status=status.HTTP_202_ACCEPTED)
except:
return Response({"error": ["Token does not exist!"]}, status=status.HTTP_400_BAD_REQUEST)
我試圖登錄用戶時出現問題。我意識到request.user仍然是AnonymousUser而不是User。我該如何解決這個問題?
這是我在郵遞員頭。
如果您已經安裝Django管理,您可以在那裏查看您的身份驗證令牌。比較它們以確保您使用的令牌仍然存在並與正確的django用戶相關聯。 – Soviut
@Soviut剛剛查看了管理工具。令牌確實存在並與正確的用戶相關聯,但仍然無法正常工作。 –