我在使用django的基本身份验证时遇到问题,这是我的配置:
MIDDLEWARE_CLASSES = [
'request_id.middleware.RequestIdMiddleware',
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.auth.middleware.RemoteUserMiddleware', # <<<<<===
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
AUTHENTICATION_BACKENDS = [
'django.contrib.auth.backends.RemoteUserBackend',
'django.contrib.auth.backends.ModelBackend',
]
和我的观点:
def api_list_things(request, intake_id=None):
if not request.user.is_authenticated():
return JsonResponse({'message': 'Not authenticated'}, status=403)
return JsonResponse({'message': 'ok'})
但是当我curl -v http://user:pass@localhost:8000/api/list_things/
时,我得到了未经身份验证的错误:
* Hostname was NOT found in DNS cache
* Trying ::1...
* connect to ::1 port 8000 failed: Connection refused
* Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 8000 (#0)
* Server auth using Basic with user 'd'
> GET /trs/api/intakes/ HTTP/1.1
> Authorization: Basic dXNlcjpwYXNz
> User-Agent: curl/7.38.0
> Host: localhost:8000
> Accept: */*
>
* HTTP 1.0, assume close after body
< HTTP/1.0 403 Forbidden
< Vary: Cookie
< X-Frame-Options: SAMEORIGIN
< Content-Type: application/json
< Connection: close
< Server: Werkzeug/0.11.10 Python/3.4.2
< Date: Wed, 20 Jul 2016 14:16:32 GMT
<
* Closing connection 0
{"message": "Not authenticated"}%
我没有看到我错在哪里,也许有人可以帮助我?
答案 0 :(得分:2)
Django 不支持支持基本HTTP身份验证,文档中描述了django.contrib.auth.backends.RemoteUserBackend
实际执行的操作。
通过此设置,RemoteUserMiddleware将检测用户名 request.META ['REMOTE_USER']并将验证并自动登录 用户使用RemoteUserBackend。
REMOTE_USER
env变量应该由位于Django前面的Web服务器设置(例如.apache)。
如果您只想支持Authorization标头,则此自定义身份验证后端可能有所帮助:https://www.djangosnippets.org/snippets/243/(来自here)
答案 1 :(得分:1)
class AdminLiveOnSiteController extends Controller
{
public function update(Request $request, $id)
{
$prop = Properties::findorFail($id);
$validated = $request->validate(['sitelive' => 'required']);
$prop->sitelive = $validated['sitelive'];
$prop->save();
$request->session()->flash('alert-class', 'alert-success');
$request->session()->flash('message', 'Live status updated!');
return redirect()->route('Admin.Admin', [ 'Property', 'All' ]);
}
}