Django Rest Framework - Request.user始终是AnonymousUser,request.POST为空

Question

我的身份验证/登录视图遇到问题.这个系统以前工作,但我最近切换到一个新的服务器,无法修复它.

尝试通过身份验证视图登录时,request.user始终是AnonymousUser,就像我没有提供任何身份验证凭据一样.我已经尝试记录request.POST但它似乎是一个空的dict.

我在这里有一个追溯:

Environment:


Request Method: POST
Request URL: http://45.55.149.3:8000/api/auth/

Django Version: 1.8.3
Python Version: 2.7.6
Installed Applications:
('django.contrib.admin',
 'django.contrib.auth',
 'django.contrib.contenttypes',
 'django.contrib.sessions',
 'django.contrib.messages',
 'django.contrib.staticfiles',
 'webapp',
 'rest_framework',
 'djrill')
Installed Middleware:
('django.contrib.sessions.middleware.SessionMiddleware',
 'django.middleware.common.CommonMiddleware',
 'django.middleware.csrf.CsrfViewMiddleware',
 'django.contrib.auth.middleware.AuthenticationMiddleware',
 'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
 'django.contrib.messages.middleware.MessageMiddleware',
 'django.middleware.clickjacking.XFrameOptionsMiddleware',
 'django.middleware.security.SecurityMiddleware')


Traceback:
File "/home/appointments-app/venv/local/lib/python2.7/site-packages/django/core/handlers/base.py" in get_response
  132.                     response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/home/appointments-app/venv/local/lib/python2.7/site-packages/django/views/decorators/csrf.py" in wrapped_view
  58.         return view_func(*args, **kwargs)
File "/home/appointments-app/venv/local/lib/python2.7/site-packages/django/views/generic/base.py" in view
  71.             return self.dispatch(request, *args, **kwargs)
File "/home/appointments-app/venv/local/lib/python2.7/site-packages/rest_framework/views.py" in dispatch
  456.             response = self.handle_exception(exc)
File "/home/appointments-app/venv/local/lib/python2.7/site-packages/rest_framework/views.py" in dispatch
  453.             response = handler(request, *args, **kwargs)
File "/home/appointments-app/appointments/webapp/views.py" in post
  40.         login(request, request.user)
File "/home/appointments-app/venv/local/lib/python2.7/site-packages/django/contrib/auth/__init__.py" in login
  111.     request.session[SESSION_KEY] = user._meta.pk.value_to_string(user)

Exception Type: AttributeError at /api/auth/
Exception Value: 'AnonymousUser' object has no attribute '_meta'

这里我有API auth视图失败:

class AuthView(APIView):
    authentication_classes = (QuietBasicAuthentication,)

    def post(self, request, *args, **kwargs):
        login(request, request.user)
        return Response(OldUserSerializer(request.user).data)

    def delete(self, request, *args, **kwargs):
        logout(request)
        return Response({})

下面是我正在使用的身份验证类:

from rest_framework.authentication import BasicAuthentication

class QuietBasicAuthentication(BasicAuthentication):
    # disclaimer: once the user is logged in, this should NOT be used as a
    # substitute for SessionAuthentication, which uses the django session cookie,
    # rather it can check credentials before a session cookie has been granted.
    def authenticate_header(self, request):
        return 'xBasic realm="%s"' % self.www_authenticate_realm

Answer 1

如果您使用Django REST框架的身份验证类，则不需要登录用户。用户将提前通过 Django REST 框架进行身份验证，并且凭据将在此过程中得到验证。

现在，通过调用login您正在尝试登录当前用户 ( request.user) 并将其与当前请求 ( request) 关联。DRF 会自动为您执行此操作，并且如果能够对用户进行身份验证，request.user则将包含一个实例；如果无法对用户进行身份验证，则将包含一个（您所看到的）实例。UserAnonymousUser

如果您尝试登录用户以执行 Django 请求（不是 DRF 请求，这是不同的），您需要引用存储为request._request.

login(request._request, request.user)