我正在使用Django rest框架构建一个API,但是我在使用基本身份验证对请求进行身份验证时遇到了问题。出于测试目的,我认为,当通过POST调用并为User模型提供有效的用户名/密码时,应该使用提供的id返回该模型,在这种情况下id=1018
curl -X POST http://<my-url>/api/detail/1018 -u <username>:<password>
{"detail": "Authentication credentials were not provided."}
GET请求正常工作,因为不需要身份验证。我一直在大致关注rest framework tutorial。在每节课中我都有permission_classes = (permissions.IsAuthenticatedOrReadOnly, IsOwnerOrReadOnly,)
并在permissions.py
from rest_framework import permissions
class IsOwnerOrReadOnly(permissions.BasePermission):
def has_object_permission(self, request, view, obj):
# Read permissions are allowed to any request,
# so we'll always allow GET, HEAD or OPTIONS requests.
if request.method in permissions.SAFE_METHODS:
return True
# Write permissions are only allowed to the owner of the account.
# I have commented this out and set it to return True so that I can test
# more easily narrow down the cause of the error.
#obj.owner.id == request.user.id
return True
我甚至不确定它是否是代码问题,因为它说没有提供凭据,而不是凭据错误。
答案 0 :(得分:0)
在深入研究文档之后,我发现了在使用Apache进行部署时的一个警告。 Turns out you have to add a line to your httpd.conf file.