Django Rest Framework - 未提供身份验证凭据

Question

我正在使用Django Rest Framework开发API.我正在尝试列出或创建一个"订单"对象,但是当我尝试访问控制台时给出了这个错误:

{"detail": "Authentication credentials were not provided."}

浏览次数:

from django.shortcuts import render
from rest_framework import viewsets
from django.contrib.auth.models import User
from rest_framework.renderers import JSONRenderer, YAMLRenderer
from rest_framework.response import Response
from rest_framework.views import APIView
from order.models import *
from API.serializers import *
from rest_framework.permissions import IsAuthenticated

class OrderViewSet(viewsets.ModelViewSet):
    model = Order
    serializer_class = OrderSerializer
    permission_classes = (IsAuthenticated,)

串行:

class OrderSerializer(serializers.HyperlinkedModelSerializer):

    class Meta:
        model = Order
        fields = ('field1', 'field2')

我的网址:

# -*- coding: utf-8 -*-
from django.conf.urls import patterns, include, url
from django.conf import settings
from django.contrib import admin
from django.utils.functional import curry
from django.views.defaults import *
from rest_framework import routers
from API.views import *

admin.autodiscover()

handler500 = "web.views.server_error"
handler404 = "web.views.page_not_found_error"

router = routers.DefaultRouter()
router.register(r'orders', OrdersViewSet)

urlpatterns = patterns('',
    url(r'^api-auth/', include('rest_framework.urls', namespace='rest_framework')),
    url(r'^api-token-auth/', 'rest_framework.authtoken.views.obtain_auth_token'),
    url(r'^api/', include(router.urls)),
)

然后我在控制台中使用此命令:

curl -X GET http://127.0.0.1:8000/api/orders/ -H 'Authorization: Token 12383dcb52d627eabd39e7e88501e96a2sadc55'

错误说:

{"detail": "Authentication credentials were not provided."}

Answer 1

如果你使用mod_wsgi在Apache上运行Django你必须添加

WSGIPassAuthorization On

在你的httpd.conf中.否则,mod_wsgi将剥离授权标头.

Answer 2

通过在我的settings.py中添加"DEFAULT_AUTHENTICATION_CLASSES"来解决此问题

REST_FRAMEWORK = {
   'DEFAULT_AUTHENTICATION_CLASSES': (
       'rest_framework.authentication.TokenAuthentication',
   ),
   'DEFAULT_PERMISSION_CLASSES': (
        'rest_framework.permissions.IsAdminUser'
   ),
}

Answer 3

这有助于我在settings.py中没有"DEFAULT_PERMISSION_CLASSES"

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework.authentication.TokenAuthentication',
        'rest_framework.authentication.SessionAuthentication',
    ),
    'PAGE_SIZE': 10
}

Answer 4

对于其他登陆此处且出现相同错误的人来说,如果您request.user是AnonymousUser而非正确授权访问该URL的用户,则可能会出现此问题.你可以看到通过打印的价值request.user.如果它确实是匿名用户,这些步骤可能会有所帮助:

1. 请确保您有 'rest_framework.authtoken'在INSTALLED_APPS你的settings.py.

2. 确保你在某处settings.py:

   REST_FRAMEWORK = {
   
       'DEFAULT_AUTHENTICATION_CLASSES': (
           'rest_framework.authentication.TokenAuthentication',
           # ...
       ),
   
       # ...
   }
   

3. 确保您拥有登录用户的正确令牌.如果您没有令牌,请了解如何在此处获取令牌.基本上,POST如果您提供正确的用户名和密码,您需要向视图发出请求,该视图会为您提供令牌.例:

   curl -X POST -d "user=Pepe&password=aaaa"  http://localhost:8000/
   

4. 确保您尝试访问的视图具有以下内容:

   class some_fancy_example_view(ModelViewSet): 
   """
   not compulsary it has to be 'ModelViewSet' this can be anything like APIview etc, depending on your requirements.
   """
       permission_classes = (IsAuthenticated,) 
       authentication_classes = (TokenAuthentication,) 
       # ...
   

5. curl现在就这样使用:

   curl -X (your_request_method) -H  "Authorization: Token <your_token>" <your_url>
   

例:

    curl -X GET http://127.0.0.1:8001/expenses/  -H "Authorization: Token 9463b437afdd3f34b8ec66acda4b192a815a15a8"

Answer 5

如果您在命令行中玩游戏(使用curl或HTTPie等),您可以使用BasicAuthentication来测试/使用您的API

    REST_FRAMEWORK = {
        'DEFAULT_PERMISSION_CLASSES': [
            'rest_framework.permissions.IsAuthenticated',
        ],
        'DEFAULT_AUTHENTICATION_CLASSES': (
            'rest_framework.authentication.BasicAuthentication',  # enables simple command line authentication
            'rest_framework.authentication.SessionAuthentication',
            'rest_framework.authentication.TokenAuthentication',
        )
    }

然后你可以使用curl

curl --user user:password -X POST http://example.com/path/ --data "some_field=some data"

或httpie(眼睛更容易):

http -a user:password POST http://example.com/path/ some_field="some data"

或其他类似Advanced Rest Client(ARC)的东西

Answer 6

对我来说，我必须在 Django DRF 上使用“JWT”而不是“Bearer”或“Token”来添加我的授权标头。然后它开始工作。例如——

Authorization: JWT asdflkj2ewmnsasdfmnwelfkjsdfghdfghdv.wlsfdkwefojdfgh

Answer 7

试试这个，它对我有用。

在设置.py

SIMPLE_JWT = {
     ....
     ...
     # Use JWT 
     'AUTH_HEADER_TYPES': ('JWT',),
     # 'AUTH_HEADER_TYPES': ('Bearer',),
     ....
     ...
}

也添加这个

REST_FRAMEWORK = {
    ....
    ...
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework_simplejwt.authentication.JWTAuthentication',
    )
    ...
    ..
}

Answer 8

我也遇到了同样的事情，因为我错过了添加

authentication_classes =（令牌认证）

在我的API视图类中。

class ServiceList(generics.ListCreateAPIView):
    authentication_classes = (SessionAuthentication, BasicAuthentication, TokenAuthentication)
    queryset = Service.objects.all()
    serializer_class = ServiceSerializer
    permission_classes = (IsAdminOrReadOnly,)

除了上述内容外，我们还需要在settings.py文件中向Django明确告知Authentication。

REST_FRAMEWORK = {
   'DEFAULT_AUTHENTICATION_CLASSES': (
   'rest_framework.authentication.TokenAuthentication',
   )
}

Answer 9

我遇到了邮递员这个问题。将此添加到标题中...