Django的TokenAuthentication缺少“授权”HTTP标头 [英] Django TokenAuthentication missing the 'Authorization' http header
问题描述
我试图用TokenAuthentication与我的观点之一。
作为记录在<一个href=\"http://django-rest-framework.org/api-guide/authentication.html\">http://django-rest-framework.org/api-guide/authentication.html,我想补充我从登录为称为HTTP报头获得令牌:在我发送请求授权
问题是,在我的单元测试验证失败。
展望TokenAuthentication类我看到正在检查的标题是HTTP_AUTHORIZATION'而不是'授权'
我使用的视图:
类DeviceCreate(generics.CreateAPIView):
模型=设备
serializer_class = DeviceSerializer authentication_classes =(TokenAuthentication,)
permission_classes =(IsAuthenticated,)
更改头为'HTTP_AUTHORIZATION似乎工作,但有什么感觉错了。
我缺少什么?
展望TokenAuthentication类我看到正在检查的标题是HTTP_AUTHORIZATION'而不是'授权'
块引用>并不完全正确,请求
META
快译通,它实际上寻找头是用了preceeding做查找时HTTP _
,所以request.META.get('HTTP_AUTHORIZATION','')
的是的居然找了授权
头中的要求。
的问题是,在我的单元测试认证失败
更改头为'HTTP_AUTHORIZATION似乎工作
块引用>我没有带双重检查测试客户端的样子,但我相信,设置
HTTP_AUTHORIZATION
是你需要做的得到实际设置<$ C $相当于什么C>授权头。如果你真的做一个HTTP请求你会发现,设置AUTH头工程完全按照你所期望的。请参阅
request.META
文件位置:<一href=\"https://docs.djangoproject.com/en/dev/ref/request-response/#django.http.Htt$p$pquest.META\">https://docs.djangoproject.com/en/dev/ref/request-response/#django.http.Htt$p$pquest.META修改
在查找头Django文档
request.META
:
使用CONTENT_LENGTH和CONTENT_TYPE的例外,因为上面给出
在请求任何HTTP头转换成由META键
转换所有字符为大写,用替换任何连字符。
强调并添加HTTP_ preFIX的名字。因此,例如,一个
头球称为X-德尔将被映射到META键HTTP_X_BENDER。
块引用>与测试客户端头设置Django文档:
不过,您可以使用关键字参数来设定一些默认头。例如,这将在每个请求发送
用户代理
HTTP头:
C =客户端(HTTP_USER_AGENT ='的Mozilla / 5.0')
块引用>
块引用>
块引用>I'm trying to use the TokenAuthentication with one of my views. As documented in http://django-rest-framework.org/api-guide/authentication.html, I add the token I received from the login as an HTTP header called: 'Authorization' in the request I send.
The problem is that in my unittests the authentication fails. Looking into the TokenAuthentication class I see that the header being checked is 'HTTP_AUTHORIZATION' and not 'Authorization'
The view I'm using:
class DeviceCreate(generics.CreateAPIView): model = Device serializer_class = DeviceSerializer authentication_classes = (TokenAuthentication,) permission_classes = (IsAuthenticated,)
Changing the header to 'HTTP_AUTHORIZATION' seems to work, but something feels wrong.
Am I missing anything?
解决方案Looking into the TokenAuthentication class I see that the header being checked is 'HTTP_AUTHORIZATION' and not 'Authorization'
Not quite true, when doing lookups in the request
META
dict, the headers that it's actually looking for are with out the preceedingHTTP_
, sorequest.META.get('HTTP_AUTHORIZATION', '')
is actually looking up theAuthorization
header in the request.The problem is that in my unittests the authentication fails Changing the header to 'HTTP_AUTHORIZATION' seems to work
I havn't double checked how the test client looks but I believe that setting
HTTP_AUTHORIZATION
is what you need to do get the equivalent of actually setting theAuthorization
header. If you actually made an http request you should find that setting the auth header works exactly as you'd expect.See
request.META
documentation here: https://docs.djangoproject.com/en/dev/ref/request-response/#django.http.HttpRequest.METAEdit:
Django docs on looking up headers in
request.META
:With the exception of CONTENT_LENGTH and CONTENT_TYPE, as given above, any HTTP headers in the request are converted to META keys by converting all characters to uppercase, replacing any hyphens with underscores and adding an HTTP_ prefix to the name. So, for example, a header called X-Bender would be mapped to the META key HTTP_X_BENDER.
Django docs on setting headers with the test client:
However, you can use keywords arguments to specify some default headers. For example, this will send a
User-Agent
HTTP header in each request:c = Client(HTTP_USER_AGENT='Mozilla/5.0')
这篇关于Django的TokenAuthentication缺少“授权”HTTP标头的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!