我从我的角度客户端向我的Django后端发送$ http get请求,其中(request.user)给我 Anonymous 。因此我可以在服务器端做任何事情。
我在django端使用 django-rest-auth ,在客户端使用 angular-django-registration-auth 进行身份验证。身份验证本身是成功的 - 我可以登录并检索从服务器发送的客户端的用户名,电子邮件ID。
我的请求如下:
var url = "http://localhost:8000/api/exercises/get_exercise/" + exerciseType + "/";
$http({
url: url,
method: 'GET',
headers: {'X-CSRFToken': $cookies['csrftoken']}
})
.success(function(response){
console.log(response);
});
})
在我的app配置中,我添加了以下行:
$httpProvider.defaults.withCredentials = this.use_session;
从我的Chrome浏览器控制台看到的请求标头如下:
Accept:application/json, text/plain, */*
Accept-Encoding:gzip, deflate, sdch
Accept-Language:de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4,en-GB;q=0.2
Authorization:Token eb979cb6f179dd2d9056023685e2d02e4e65a58e
Connection:keep-alive
Host:localhost:8000
Origin:http://localhost:8100
Referer:http://localhost:8100/
User-Agent:Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.87 Safari/537.36
如果我直接在我的django服务器正在运行的'http://127.0.0.1:8000/api/exercises/get_exercise/2/'处从我的django api端点点击相同的网址,则表示成功,请求标头如下:
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding:gzip, deflate, sdch
Accept-Language:de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4,en-GB;q=0.2
Cache-Control:max-age=0
Connection:keep-alive
Cookie:csrftoken=GDco30gJ9vki6LDtqJSuQh9hGB0aXp84; sessionid=94xfwx9zvr4pgd1wx9r0nemjwmy3mowi
Host:127.0.0.1:8000
Upgrade-Insecure-Requests:1
User-Agent:Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.87 Safari/537.36
我看到的不同之处在于,成功的请求会发送Cookie和会话信息,因为我的角度应用发送的请求中缺少这些信息。
原因和解决方法是什么?
我的Django settings.py有以下内容:
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework.authentication.BasicAuthentication',
'rest_framework.authentication.SessionAuthentication',
'rest_framework.authentication.TokenAuthentication',
),
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAuthenticated',
),
}
我的django视图如下所示:
from django.contrib.auth.models import User
from rest_framework.authentication import TokenAuthentication, SessionAuthentication, BasicAuthentication
from rest_framework.permissions import IsAuthenticated
from rest_framework.response import Response
from rest_framework.views import APIView
from rest_framework.decorators import api_view
from rest_framework.decorators import authentication_classes
from rest_framework.decorators import permission_classes
class JSONResponse(HttpResponse):
authentication_classes = (SessionAuthentication, BasicAuthentication)
permission_classes = (IsAuthenticated,)
"""
An HttpResponse that renders its content into JSON.
"""
def __init__(self, data, **kwargs):
content = JSONRenderer().render(data)
kwargs['content_type'] = 'application/json'
super(JSONResponse, self).__init__(content, **kwargs)
#view to get a specific exercise for a particular user
def get_single_exercise_for_user_id(request, exerciseId):
results = Exercise_state_ui_model.fetch_exercises(request.user.id, exerciseId)
serializer = ExerciseStateSerializer(results, many=True)
return JSONResponse(serializer.data)
答案 0 :(得分:1)
Authorization:Token eb979cb6f179dd2d9056023685e2d02e4e65a58e
让我觉得您需要在该视图上启用令牌身份验证。
#view to get a specific exercise for a particular user
@api_view(('GET',))
def get_single_exercise_for_user_id(request, exerciseId):
results = Exercise_state_ui_model.fetch_exercises(request.user.id, exerciseId)
serializer = ExerciseStateSerializer(results, many=True)
return Response(serializer.data)