在Django请求标头中访问用户名和密码返回None [英] Accessing Username and Password in django request header returns None

问题描述

我正在创建一个视图，希望该机器人在标头中传递用户名和密码来访问该视图. (具体来说，这是一个Google Feed机器人).但是，我似乎永远无法访问用户名和密码来验证机器人的凭据. request.GET.get('username')和request.GET.get('password')都返回None，因为request.GET和request.POST都返回空的QueryDicts.我正在使用具有基本身份验证的Postman来测试我的请求. 这是我来自views.py的代码:

I'm creating a view which is expected to be accessed by a bot passing a username and password in the header. (It's a google feed bot to be specific). However, I can never seem to access the username and password to authenticate the bot's credentials. request.GET.get('username') and request.GET.get('password') both return None since both request.GET and request.POST return empty QueryDicts. I am using Postman with basic authentication to test my requests. Here is my code from views.py:

def authenticate_bot(request):
    username = request.GET.get('username')
    password = request.GET.get('password')
    feed_bot = authenticate(username=username, password=password)

    if feed_bot is not None:
        # Confirmed as user credentials.
        login(request, feed_bot)

如何从基本身份验证标头中检索用户名和密码?

How do I retrieve the username and password from my basic authentication header?

推荐答案

感谢您 nthall 在右边指向我方向-找到request.META词典是关键.

Thank you nthall for pointing me in the right direction - finding the request.META dictionary was key.

由于找不到足够的资源来解释该过程，因此我将在此处发布整个Django进程，以从Authorization标头中检索和验证数据.

Since I couldn't find much in the way of resources which explained the process, I'll post the entire Django process for retrieving and authenticating data from the Authorization header here.

import base64
from django.contrib.auth import authenticate

def header_auth_view(request):
    auth_header = request.META['HTTP_AUTHORIZATION']
    encoded_credentials = auth_header.split(' ')[1]  # Removes "Basic " to isolate credentials
    decoded_credentials = base64.b64decode(encoded_credentials).decode("utf-8").split(':')
    username = decoded_credentials[0]
    password = decoded_credentials[1]
    feed_bot = authenticate(username=username, password=password)
    # if the credentials are correct, then the feed_bot is not None, but is a User object.

Django将大写的"HTTP_"前缀大写并将其附加到请求中传递的任何标头，并且如nthall正确指出的那样，可以通过request.META访问它.

Django capitalizes and affixes the 'HTTP_' prefix to any header passed in the request, and as nthall correctly pointed out, it can be accessed via request.META.

我通过在空间上拆分标头来隔离base64编码的信息，该信息采用'Basic username:password'格式，因此仅为'username:password'.然后，我使用base64进行解码，然后对结果进行解码，以将类似字节的字符串转换为utf-8字符串.然后，只需隔离用户名和密码即可.然后进行身份验证过程.

I isolate the base64 encoded information, which is in the format 'Basic username:password' by splitting the header over the space so it's just 'username:password'. Then I decode using base64 and then decode the result to convert the byte-like string to a utf-8 string. Then it's just a matter of isolating the username and password. Then go through the process of authentication.

这篇关于在Django请求标头中访问用户名和密码返回None的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！