我在验证对Django REST端点的请求时遇到了一些麻烦。我有一个令牌认证URL,它指向rest_framework_jwt.views.obtain_jwt_token,例如:
;WITH explode(ID, ValueID, value) AS
(
SELECT t1.ID, t1.ValueID, f.value
FROM dbo.Table1 t1
CROSS APPLY STRING_SPLIT(t1.ValueID, ',') AS f
)
SELECT x.ID, x.ValueID, STRING_AGG(t2.ValueDescription,',')
FROM explode AS x
INNER JOIN dbo.Table2 AS t2
ON x.value = t2.ValueID
GROUP BY x.ID, x.ValueID
ORDER BY x.ID;
其中CurrentUserView为:
urlpatterns = [
path('token-auth/', obtain_jwt_token),
path('verify-token/', verify_jwt_token),
path('current_user/', CurrentUserView.as_view()),
]
如果我通过访问http://localhost/token-auth/在浏览器中创建令牌,则可以使用以下命令进行验证:
class CurrentUserView(APIView):
def post(self, request):
print(request.user)
serializer = UserSerializer(request.user)
return Response(serializer.data)
然而,调用http://localhost/current_user/的同一请求将返回400代码:
curl -X POST -H "Content-Type: application/json" -d '{"token":<MY_TOKEN>}' http://localhost/verify-token/
框架设置为:
curl -X POST -H "Content-Type: application/json" -d '{"token":<MY_TOKEN>}' http://localhost/current_user/
{"detail":"Authentication credentials were not provided."}
并且Django正在具有以下Dockerfile的容器中运行:
REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAuthenticated',
),
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework_jwt.authentication.JSONWebTokenAuthentication',
),
}
答案 0 :(得分:1)
您应该在请求中提供jwt令牌。这是示例:
curl -X POST -H "Content-Type: application/json" -H "Authorization: jwt <MY_TOKEN>" http://localhost/current_user/
您在数据部分错误地发送了令牌,而应该在授权标头中提供它。