令牌身份验证在Django Rest框架上的生产中不起作用 [英] Token authentication does not work in production on django rest framework

问题描述

我有一个奇怪的问题，我找不到原因.我已经使用django 1.7和django rest框架以及用于api身份验证的令牌auth构建了API.所有这些在本地主机上都可以正常工作，但是当我尝试调用需要在生产计算机上进行身份验证的API端点时，我得到了403状态代码以及以下消息:{"detail":未提供身份验证凭据."}.我在做什么错了?

I have this strange issue and I can't find why. I've build the API using django 1.7 and django rest framework and token auth for api authentication. All works fine on local host, but when I'm trying to call an API endpoint which requires authentication on production machine I'm getting 403 status code along with the following message: {"detail":"Authentication credentials were not provided."}. What I'm doing wrong?

我正在根据文档在标头中发送令牌.这是我的设置文件的样子:

I'm sending the token in the headers as per documentation. Here's how my settings file looks like:

INSTALLED APPLICATIONS = (
    '......',
    'rest_framework',
    'rest_framework.authtoken',
    'rest_framework_swagger',
    'corsheaders',
    '......')

MIDDLEWARE_CLASSES = (
    'corsheaders.middleware.CorsMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.locale.LocaleMiddleware',
    'django.contrib.admindocs.middleware.XViewMiddleware',
    'django.middleware.common.CommonMiddleware',
    'admin_reorder.middleware.ModelAdminReorder',
)

REST_FRAMEWORK = {
    'DEFAULT_PERMISSION_CLASSES': [
        'rest_framework.permissions.AllowAny'
    ],
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework.authentication.SessionAuthentication',
        'rest_framework.authentication.TokenAuthentication',
    ),
    'PAGINATE_BY_PARAM': 'page_size',
    'DEFAULT_PAGINATION_CLASS': 'rest_framework.pagination.PageNumberPagination',
    'DEFAULT_FILTER_BACKENDS': ('rest_framework.filters.DjangoFilterBackend',),
    'VIEW_DESCRIPTION_FUNCTION': 'rest_framework_swagger.views.get_restructuredtext'
}

REST_SESSION_LOGIN = False
CORS_ORIGIN_ALLOW_ALL = True

推荐答案

对我来说，问题是Apache没有将Authorization-Header转发给WSGI-Process.解决方法:

For me, the problem was, that Apache didn't forward the Authorization-Header to the WSGI-Process. Here's the fix:

只需添加

WSGIPassAuthorization on

到您的Apache(vhost)配置.

to your Apache (vhost) config.

这篇关于令牌身份验证在Django Rest框架上的生产中不起作用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！