Django无法正常工作的基本身份验证

时间:2016-07-20 14:23:26

标签: python django basic-authentication http-basic-authentication

我在使用django的基本身份验证时遇到问题,这是我的配置:

MIDDLEWARE_CLASSES = [
    'request_id.middleware.RequestIdMiddleware',
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.auth.middleware.RemoteUserMiddleware', # <<<<<===
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
]

AUTHENTICATION_BACKENDS  = [
    'django.contrib.auth.backends.RemoteUserBackend',
    'django.contrib.auth.backends.ModelBackend',
]

和我的观点:

def api_list_things(request, intake_id=None):
    if not request.user.is_authenticated():
        return JsonResponse({'message': 'Not authenticated'}, status=403)
    return JsonResponse({'message': 'ok'})

但是当我curl -v http://user:pass@localhost:8000/api/list_things/时,我得到了未经身份验证的错误:

* Hostname was NOT found in DNS cache                    
*   Trying ::1...                                        
* connect to ::1 port 8000 failed: Connection refused    
*   Trying 127.0.0.1...                                  
* Connected to localhost (127.0.0.1) port 8000 (#0)      
* Server auth using Basic with user 'd'                  
> GET /trs/api/intakes/ HTTP/1.1                         
> Authorization: Basic dXNlcjpwYXNz                              
> User-Agent: curl/7.38.0                                
> Host: localhost:8000                                   
> Accept: */*                                            
>                                                        
* HTTP 1.0, assume close after body                      
< HTTP/1.0 403 Forbidden                                 
< Vary: Cookie                                           
< X-Frame-Options: SAMEORIGIN                            
< Content-Type: application/json                         
< Connection: close                                      
< Server: Werkzeug/0.11.10 Python/3.4.2                  
< Date: Wed, 20 Jul 2016 14:16:32 GMT                    
<                                                        
* Closing connection 0                                   
{"message": "Not authenticated"}%                        

我没有看到我错在哪里,也许有人可以帮助我?

2 个答案:

答案 0 :(得分:2)

Django 不支持支持基本HTTP身份验证,文档中描述了django.contrib.auth.backends.RemoteUserBackend实际执行的操作。

  

通过此设置,RemoteUserMiddleware将检测用户名   request.META ['REMOTE_USER']并将验证并自动登录   用户使用RemoteUserBackend。

REMOTE_USER env变量应该由位于Django前面的Web服务器设置(例如.apache)。

如果您只想支持Authorization标头,则此自定义身份验证后端可能有所帮助:https://www.djangosnippets.org/snippets/243/(来自here

答案 1 :(得分:1)

class AdminLiveOnSiteController extends Controller
{    
    public function update(Request $request, $id)
    {
        $prop = Properties::findorFail($id);    
        $validated = $request->validate(['sitelive' => 'required']);
        $prop->sitelive = $validated['sitelive'];        
        $prop->save();

        $request->session()->flash('alert-class', 'alert-success');
        $request->session()->flash('message', 'Live status updated!');

        return redirect()->route('Admin.Admin',  [ 'Property', 'All' ]);            
    }
}