DRF和axios-令牌验证不使用axios返回令牌,但是使用curl [英] DRF & axios - token auth not returning token with axios, but does with curl
问题描述
如果我运行此curl
命令,它将起作用:
If I run this curl
command, it works:
-> curl -X POST http://localhost:8000/api/token-auth/ --data "username=garfonzo&password=garfonzo"
-> {"token":"79b2428019994713d61bb2f728ae62ae8c8be9ee"}%
但是,如果我对axios执行以下操作,它将失败并返回401
:
But if I do the following with axios, it fails with a 401
returned:
const API_URL = 'http://localhost:8000/api/'
const LOGIN_URL = API_URL + 'token-auth/'
// "creds" in this situation is a dict of { username: 'garfonzo', password: 'garfonzo' }
axios.post(LOGIN_URL, creds).then((response) => {
localStorage.setItem('token', response.data.token)
this.user.authenticated = true
// If a redirect link is provided
if (redirect) {
router.push(redirect)
}
}).catch((err) => {
console.log(err)
})
来自服务器的响应:
->"POST /api/token-auth/ HTTP/1.1" 401 27
我在做什么错了?
编辑:此外,此axios请求正在vueJS项目上完成
Also, this axios request is being done on a vueJS project
编辑,这是通过axios进行请求时Chrome Dev工具的网络"标签上显示的内容:
EDIT This is what the Network tab of the Chrome Dev tools shows when doing the request via axios:
Request URL:http://localhost:8000/api/token-auth/
Request Method:POST
Status Code:401 Unauthorized
Remote Address:127.0.0.1:8000
Referrer Policy:no-referrer-when-downgrade
Response Headers
view source
Access-Control-Allow-Origin:*
Allow:POST, OPTIONS
Content-Type:application/json
Date:Wed, 23 Aug 2017 19:18:00 GMT
Server:WSGIServer/0.1 Python/2.7.12
WWW-Authenticate:Token
X-Frame-Options:SAMEORIGIN
Request Headers
view source
Accept:*/*
Accept-Encoding:gzip, deflate, br
Accept-Language:en-US,en;q=0.8
Authorization:Token null
Connection:keep-alive
Content-Length:27
Content-Type:application/x-www-form-urlencoded;charset=UTF-8
Host:localhost:8000
Origin:http://localhost:8080
Referer:http://localhost:8080/
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.101 Safari/537.36
Form Data
view source
view URL encoded
username:garfonzo
password:garfonzo
Name
jquery-3.1.1.slim.min.js
bootstrap.min.js
vee-validate.js
app.js
?is_brokerage=false
themify.a1ecc3b.woff
__webpack_hmr
token-auth/
推荐答案
我弄清楚了(经过一整天的调试...):
I figured it out (after a whole day of debuggin...):
问题是TokenAuthentication
的DEFAULT_AUTHENTICATION_CLASS
阻止了甚至调用axios
POST
的请求.因为我的axios
调用在标头中不包含令牌(因为...正在尝试获取令牌),所以TokenAuthentication
类将立即使用401代码拒绝它.
The problem was that the DEFAULT_AUTHENTICATION_CLASS
of TokenAuthentication
was preventing the axios
POST
request of even being called. Because my axios
call didn't contain a token in the header (since... it's trying to get a token) the TokenAuthentication
class would reject it immediately, with the 401 code.
所以我要做的是创建一个自定义的SFObtainAuthToken
类,该类将DRF ObtainAuthToken
子类化,但是我用空的authentication_class([])
装饰它.然后,当我将api/token-auth/
URL连接到我的自定义SFObtainAuthToken
时,由于没有绑定到它的身份验证类,因此它将允许该请求.
So what I did was create a custom SFObtainAuthToken
class that subclasses the DRF ObtainAuthToken
but I decorate it with an empty authentication_class([])
. Then when I wire up the api/token-auth/
URL to my custom SFObtainAuthToken
, it will allow the request since there are no authentication classes tied to it.
希望这可以帮助其他人解决这个问题:)
Hope this helps someone else stuck on this issue :)
网址
url(r'^api/token-auth/', SFObtainAuthToken.as_view())
自定义ObtainAuthToken类
from rest_framework.authtoken.views import ObtainAuthToken
from rest_framework.decorators import authentication_classes, permission_classes
@authentication_classes([])
class SFObtainAuthToken(ObtainAuthToken):
def post(self, request, *args, **kwargs):
return super(SFObtainAuthToken, self).post(request, *args, **kwargs)
Django设置
# DRF Auth stuff
REST_FRAMEWORK = {
'DEFAULT_FILTER_BACKENDS': (
'django_filters.rest_framework.DjangoFilterBackend',
),
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework.authentication.TokenAuthentication',
),
}
这篇关于DRF和axios-令牌验证不使用axios返回令牌,但是使用curl的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!