我使用DRF 1.10和Python 3.5。如何使用Django Rest Framework正确设置令牌认证?
我试图使用DRF的rest_framework.authtoken.models.Token
在登录时对用户进行身份验证。这是我有:
views.py
class LoginView(views.APIView):
serializer_class = LoginSerializer
def post(self, request, **kwargs):
serializer = self.serializer_class(data=request.data)
if serializer.is_valid():
user = User.objects.get(username=serializer.data['username'])
token = Token.objects.create(user=user)
response = {}
response['user'] = serializer.data
response['token'] = token.key
return Response(response, status=status.HTTP_200_OK)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
serializers.py
class LoginSerializer(serializers.Serializer):
username = serializers.CharField()
password = serializers.CharField()
def validate(self, attrs):
username = attrs.get("username").lower()
password = attrs.get("password")
user = authenticate(username=username, password=password)
if user:
attrs["user"] = user
return attrs
else:
raise serializers.ValidationError(
"Unable to login with credentials provided."
)
在登录我想提供一个令牌用户和注销我想删除令牌。问题是,当我试图通过令牌的密钥和与其相关的用户查找令牌来删除令牌时,我无法找到该令牌。注销视图在这里:
class LogoutView(views.APIView):
def post(self, request, **kwargs):
try:
token = request.META['HTTP_AUTHORIZATION'].split(" ")[1]
invalidate_token = Token.objects.filter(key=token, user=request.user)
invalidate_token.delete()
return Response({ detail: "Logged out"}, status=status.HTTP_202_ACCEPTED)
except:
return Response({"error": ["Token does not exist!"]}, status=status.HTTP_400_BAD_REQUEST)
我试图登录用户时出现问题。我意识到request.user
仍然是AnonymousUser
而不是User
。我该如何解决这个问题?
这是我在邮递员头。
如果您已经安装Django管理,您可以在那里查看您的身份验证令牌。比较它们以确保您使用的令牌仍然存在并与正确的django用户相关联。 – Soviut
@Soviut刚刚查看了管理工具。令牌确实存在并与正确的用户相关联,但仍然无法正常工作。 –