angularjs – Django Rest Framework – Request.user始终是Anon
发布时间:2020-12-17 18:08:37 所属栏目:安全 来源:网络整理
导读:我的身份验证/登录视图遇到问题.这个系统以前工作,但我最近切换到一个新的服务器,无法修复它. 尝试通过身份验证视图登录时,request.user始终是AnonymousUser,就像我没有提供任何身份验证凭据一样.我已经尝试记录request.POST但它似乎是一个空的dict. 我在这
我的身份验证/登录视图遇到问题.这个系统以前工作,但我最近切换到一个新的服务器,无法修复它.
尝试通过身份验证视图登录时,request.user始终是AnonymousUser,就像我没有提供任何身份验证凭据一样.我已经尝试记录request.POST但它似乎是一个空的dict. 我在这里有一个追溯: Environment: Request Method: POST Request URL: http://45.55.149.3:8000/api/auth/ Django Version: 1.8.3 Python Version: 2.7.6 Installed Applications: ('django.contrib.admin','django.contrib.auth','django.contrib.contenttypes','django.contrib.sessions','django.contrib.messages','django.contrib.staticfiles','webapp','rest_framework','djrill') Installed Middleware: ('django.contrib.sessions.middleware.SessionMiddleware','django.middleware.common.CommonMiddleware','django.middleware.csrf.CsrfViewMiddleware','django.contrib.auth.middleware.AuthenticationMiddleware','django.contrib.auth.middleware.SessionAuthenticationMiddleware','django.contrib.messages.middleware.MessageMiddleware','django.middleware.clickjacking.XFrameOptionsMiddleware','django.middleware.security.SecurityMiddleware') Traceback: File "/home/appointments-app/venv/local/lib/python2.7/site-packages/django/core/handlers/base.py" in get_response 132. response = wrapped_callback(request,*callback_args,**callback_kwargs) File "/home/appointments-app/venv/local/lib/python2.7/site-packages/django/views/decorators/csrf.py" in wrapped_view 58. return view_func(*args,**kwargs) File "/home/appointments-app/venv/local/lib/python2.7/site-packages/django/views/generic/base.py" in view 71. return self.dispatch(request,*args,**kwargs) File "/home/appointments-app/venv/local/lib/python2.7/site-packages/rest_framework/views.py" in dispatch 456. response = self.handle_exception(exc) File "/home/appointments-app/venv/local/lib/python2.7/site-packages/rest_framework/views.py" in dispatch 453. response = handler(request,**kwargs) File "/home/appointments-app/appointments/webapp/views.py" in post 40. login(request,request.user) File "/home/appointments-app/venv/local/lib/python2.7/site-packages/django/contrib/auth/__init__.py" in login 111. request.session[SESSION_KEY] = user._meta.pk.value_to_string(user) Exception Type: AttributeError at /api/auth/ Exception Value: 'AnonymousUser' object has no attribute '_meta' 这里我有API auth视图失败: class AuthView(APIView): authentication_classes = (QuietBasicAuthentication,) def post(self,request,**kwargs): login(request,request.user) return Response(OldUserSerializer(request.user).data) def delete(self,**kwargs): logout(request) return Response({}) 下面是我正在使用的身份验证类: from rest_framework.authentication import BasicAuthentication class QuietBasicAuthentication(BasicAuthentication): # disclaimer: once the user is logged in,this should NOT be used as a # substitute for SessionAuthentication,which uses the django session cookie,# rather it can check credentials before a session cookie has been granted. def authenticate_header(self,request): return 'xBasic realm="%s"' % self.www_authenticate_realm 解决方法
如果您使用的是Django REST框架的身份验证类,则无需登录用户.用户将提前通过Django REST框架进行身份验证,并在此过程中验证凭据.
现在通过调用login,您正在尝试登录当前用户(request.user)并将它们与当前请求(请求)相关联. DRF将自动为您执行此操作,request.user将包含一个User实例,如果它能够验证用户和AnonymousUser(您看到的),如果它不能. 如果您尝试登录用户以获取Django请求(而不是DRF请求,which is different),则需要引用存储为request._request的Django请求. login(request._request,request.user) (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |