我同时使用了JWT和会话身份验证中间件。
我发现我无法登录到管理员。后来,当我删除JWT中间件时,它起作用了。
我的网站将同时用作api登录名和常规浏览器登录名。如何将两者同时使用。
剩下的唯一选项是jwt的以下条件。
if request.content_type == 'application/json':
如何解决这个问题
我没有使用DRF创建api端点。那就是为什么我必须创建自定义中间件来验证JWT令牌的原因
Django设置:
MIDDLEWARE = (
'debug_toolbar.middleware.DebugToolbarMiddleware',
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'webarticles.middleware.jwtWebtoken_mod.BaseJSONWebTokenAuthentication_mod',
)
webarticles.middleware.jwtWebtoken_mod.BaseJSONWebTokenAuthentication_mod
from rest_framework_jwt.authentication import JSONWebTokenAuthentication
from rest_framework import exceptions
import json
from django.http import HttpResponse
from rest_framework.settings import api_settings as api_settings2
from rest_framework_jwt.settings import api_settings
jwt_decode_handler = api_settings.JWT_DECODE_HANDLER
jwt_get_username_from_payload = api_settings.JWT_PAYLOAD_GET_USERNAME_HANDLER
class BaseJSONWebTokenAuthentication_mod(JSONWebTokenAuthentication):
"""
Token based authentication using the JSON Web Token standard.
"""
def __init__(self, get_response):
self.get_response = get_response
def __call__(self, request):
# Code to be executed for each request before
# the view (and later middleware) are called.
if request.content_type == 'application/json':
try:
user_auth_tuple = self.authenticate(request)
except exceptions.APIException as e:
self._not_authenticated(request)
hare = e.get_full_details()
#hare = {"e": str(e)}
# return HttpResponse(
# json.dumps(hare),
# content_type="application/json"
# )
return HttpResponse(
json.dumps(hare),
content_type="application/json",
status=e.status_code
)
if user_auth_tuple is not None:
request._authenticator = self
request.user, request.auth = user_auth_tuple
else:
self._not_authenticated(request)
response = self.get_response(request)
# Code to be executed for each request/response after
# the view is called.
return response
def _not_authenticated(self,request):
"""
Set authenticator, user & authtoken representing an unauthenticated request.
Defaults are None, AnonymousUser & None.
"""
request._authenticator = None
if api_settings2.UNAUTHENTICATED_USER:
request.user = api_settings2.UNAUTHENTICATED_USER()
else:
request.user = None
if api_settings2.UNAUTHENTICATED_TOKEN:
request.auth = api_settings2.UNAUTHENTICATED_TOKEN()
else:
request.auth = None
目前,我已经满足以下条件
if request.content_type == 'application/json':
答案 0 :(得分:0)
使用邮递员发出请求,然后您就可以成功发出请求。按下右侧的 code 按钮生成代码。
我已经从邮递员那里制作了这个node.js脚本以登录到特定网站。
var request = require("request");
var options = {
method: 'POST',
url: 'http://abc.xyz.com/',
headers:
{
'postman-token': 'xxxx-xxxx-xx-xx-xxx',
'cache-control': 'no-cache',
authorization: 'Basic xxxxxxxxxxxxxxxxxxxxx',
'content-type': 'application/json'
},
body:
{
username: 'yourusername.com',
password: 'Your@password'
},
json: true
};
request(options, function (error, response, body)
{
if (error) throw new Error(error);
console.log(body);
});