angularjs – Django Rest Framework – Request.user始终是Anon
发布时间:2020-12-17 18:08:37 所属栏目:安全 来源:网络整理
导读:我的身份验证/登录视图遇到问题.这个系统以前工作,但我最近切换到一个新的服务器,无法修复它. 尝试通过身份验证视图登录时,request.user始终是AnonymousUser,就像我没有提供任何身份验证凭据一样.我已经尝试记录request.POST但它似乎是一个空的dict. 我在这
|
我的身份验证/登录视图遇到问题.这个系统以前工作,但我最近切换到一个新的服务器,无法修复它.
尝试通过身份验证视图登录时,request.user始终是AnonymousUser,就像我没有提供任何身份验证凭据一样.我已经尝试记录request.POST但它似乎是一个空的dict. 我在这里有一个追溯: Environment:
Request Method: POST
Request URL: http://45.55.149.3:8000/api/auth/
Django Version: 1.8.3
Python Version: 2.7.6
Installed Applications:
('django.contrib.admin','django.contrib.auth','django.contrib.contenttypes','django.contrib.sessions','django.contrib.messages','django.contrib.staticfiles','webapp','rest_framework','djrill')
Installed Middleware:
('django.contrib.sessions.middleware.SessionMiddleware','django.middleware.common.CommonMiddleware','django.middleware.csrf.CsrfViewMiddleware','django.contrib.auth.middleware.AuthenticationMiddleware','django.contrib.auth.middleware.SessionAuthenticationMiddleware','django.contrib.messages.middleware.MessageMiddleware','django.middleware.clickjacking.XFrameOptionsMiddleware','django.middleware.security.SecurityMiddleware')
Traceback:
File "/home/appointments-app/venv/local/lib/python2.7/site-packages/django/core/handlers/base.py" in get_response
132. response = wrapped_callback(request,*callback_args,**callback_kwargs)
File "/home/appointments-app/venv/local/lib/python2.7/site-packages/django/views/decorators/csrf.py" in wrapped_view
58. return view_func(*args,**kwargs)
File "/home/appointments-app/venv/local/lib/python2.7/site-packages/django/views/generic/base.py" in view
71. return self.dispatch(request,*args,**kwargs)
File "/home/appointments-app/venv/local/lib/python2.7/site-packages/rest_framework/views.py" in dispatch
456. response = self.handle_exception(exc)
File "/home/appointments-app/venv/local/lib/python2.7/site-packages/rest_framework/views.py" in dispatch
453. response = handler(request,**kwargs)
File "/home/appointments-app/appointments/webapp/views.py" in post
40. login(request,request.user)
File "/home/appointments-app/venv/local/lib/python2.7/site-packages/django/contrib/auth/__init__.py" in login
111. request.session[SESSION_KEY] = user._meta.pk.value_to_string(user)
Exception Type: AttributeError at /api/auth/
Exception Value: 'AnonymousUser' object has no attribute '_meta'
这里我有API auth视图失败: class AuthView(APIView):
authentication_classes = (QuietBasicAuthentication,)
def post(self,request,**kwargs):
login(request,request.user)
return Response(OldUserSerializer(request.user).data)
def delete(self,**kwargs):
logout(request)
return Response({})
下面是我正在使用的身份验证类: from rest_framework.authentication import BasicAuthentication
class QuietBasicAuthentication(BasicAuthentication):
# disclaimer: once the user is logged in,this should NOT be used as a
# substitute for SessionAuthentication,which uses the django session cookie,# rather it can check credentials before a session cookie has been granted.
def authenticate_header(self,request):
return 'xBasic realm="%s"' % self.www_authenticate_realm
解决方法
如果您使用的是Django REST框架的身份验证类,则无需登录用户.用户将提前通过Django REST框架进行身份验证,并在此过程中验证凭据.
现在通过调用login,您正在尝试登录当前用户(request.user)并将它们与当前请求(请求)相关联. DRF将自动为您执行此操作,request.user将包含一个User实例,如果它能够验证用户和AnonymousUser(您看到的),如果它不能. 如果您尝试登录用户以获取Django请求(而不是DRF请求,which is different),则需要引用存储为request._request的Django请求. login(request._request,request.user) (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |