Django的TokenAuthentication缺少“授权”HTTP标头 [英] Django TokenAuthentication missing the 'Authorization' http header

问题描述

我试图用TokenAuthentication与我的观点之一。
作为记录在<一个href=\"http://django-rest-framework.org/api-guide/authentication.html\">http://django-rest-framework.org/api-guide/authentication.html,我想补充我从登录为称为HTTP报头获得令牌：在我发送请求授权

问题是，在我的单元测试验证失败。
展望TokenAuthentication类我看到正在检查的标题是HTTP_AUTHORIZATION'而不是'授权'

我使用的视图：

 类DeviceCreate（generics.CreateAPIView）：
    模型=设备
    serializer_class = DeviceSerializer    authentication_classes =（TokenAuthentication，）
    permission_classes =（IsAuthenticated，）
 

更改头为'HTTP_AUTHORIZATION似乎工作，但有什么感觉错了。

我缺少什么？

解决方案

  

展望TokenAuthentication类我看到正在检查的标题是HTTP_AUTHORIZATION'而不是'授权'

并不完全正确，请求 META 快译通，它实际上寻找头是用了preceeding做查找时 HTTP _ ，所以 request.META.get（'HTTP_AUTHORIZATION'，''）的是的居然找了授权头中的要求。

  

的问题是，在我的单元测试认证失败
  更改头为'HTTP_AUTHORIZATION似乎工作

我没有带双重检查测试客户端的样子，但我相信，设置 HTTP_AUTHORIZATION 是你需要做的得到实际设置<$ C $相当于什么C>授权头。如果你真的做一个HTTP请求你会发现，设置AUTH头工程完全按照你所期望的。

请参阅 request.META 文件位置：<一href=\"https://docs.djangoproject.com/en/dev/ref/request-response/#django.http.Htt$p$pquest.META\">https://docs.djangoproject.com/en/dev/ref/request-response/#django.http.Htt$p$pquest.META

修改

在查找头Django文档 request.META ：

  

使用CONTENT_LENGTH和CONTENT_TYPE的例外，因为上面给出
  在请求任何HTTP头转换成由META键
  转换所有字符为大写，用替换任何连字符。
  强调并添加HTTP_ preFIX的名字。因此，例如，一个
  头球称为X-德尔将被映射到META键HTTP_X_BENDER。

与测试客户端头设置Django文档：

  

不过，您可以使用关键字参数来设定一些默认头。例如，这将在每个请求发送用户代理 HTTP头：

  
  

    

      

C =客户端（HTTP_USER_AGENT ='的Mozilla / 5.0'）

    
  

I'm trying to use the TokenAuthentication with one of my views. As documented in http://django-rest-framework.org/api-guide/authentication.html, I add the token I received from the login as an HTTP header called: 'Authorization' in the request I send.

The problem is that in my unittests the authentication fails. Looking into the TokenAuthentication class I see that the header being checked is 'HTTP_AUTHORIZATION' and not 'Authorization'

The view I'm using:

class DeviceCreate(generics.CreateAPIView):
    model = Device
    serializer_class = DeviceSerializer

    authentication_classes = (TokenAuthentication,)
    permission_classes = (IsAuthenticated,)

Changing the header to 'HTTP_AUTHORIZATION' seems to work, but something feels wrong.

Am I missing anything?

解决方案

Looking into the TokenAuthentication class I see that the header being checked is 'HTTP_AUTHORIZATION' and not 'Authorization'

Not quite true, when doing lookups in the request META dict, the headers that it's actually looking for are with out the preceeding HTTP_, so request.META.get('HTTP_AUTHORIZATION', '') is actually looking up the Authorization header in the request.

The problem is that in my unittests the authentication fails Changing the header to 'HTTP_AUTHORIZATION' seems to work

I havn't double checked how the test client looks but I believe that setting HTTP_AUTHORIZATION is what you need to do get the equivalent of actually setting the Authorization header. If you actually made an http request you should find that setting the auth header works exactly as you'd expect.

See request.META documentation here: https://docs.djangoproject.com/en/dev/ref/request-response/#django.http.HttpRequest.META

Edit:

Django docs on looking up headers in request.META:

With the exception of CONTENT_LENGTH and CONTENT_TYPE, as given above, any HTTP headers in the request are converted to META keys by converting all characters to uppercase, replacing any hyphens with underscores and adding an HTTP_ prefix to the name. So, for example, a header called X-Bender would be mapped to the META key HTTP_X_BENDER.

Django docs on setting headers with the test client:

However, you can use keywords arguments to specify some default headers. For example, this will send a User-Agent HTTP header in each request:

c = Client(HTTP_USER_AGENT='Mozilla/5.0')

这篇关于Django的TokenAuthentication缺少“授权”HTTP标头的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！