在Django rest框架中使用“ rest_framework.permissions.IsAuthenticated”向匿名用户请求而不是错误401时出现错误500

时间:2019-05-30 12:41:05

标签: python django rest django-rest-framework

我正在构建一个api,用户必须登录才能使用django和django rest框架查看内容。

使用文档中所述的'rest_framework.permissions.IsAuthenticated'rest_framework.authentication.TokenAuthentication

Settings.py 

REST_FRAMEWORK = {
    'DEFAULT_PERMISSION_CLASSES': (
        'rest_framework.permissions.IsAuthenticated',
    ),
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework.authentication.TokenAuthentication',
    ),
}

,它运行良好,不允许匿名用户查看其内容(端点,视图等),但是问题在于它会以错误500而不是应有的401 Unauthorized响应。

我在没有任何令牌的情况下请求时得到了此证明:

TypeError: int() argument must be a string, a bytes-like object or a number, not 'AnonymousUser'

有人知道对IsAuthenticated和TokenAuthentication权限返回401而不是500可以做什么吗?

完整的错误堆栈:

File "/usr/local/lib/python3.6/site-packages/django/core/handlers/exception.py", line 41, in inner
web_1  |     response = get_response(request)
web_1  |   File "/usr/local/lib/python3.6/site-packages/django/core/handlers/base.py", line 187, in _get_response
web_1  |     response = self.process_exception_by_middleware(e, request)
web_1  |   File "/usr/local/lib/python3.6/site-packages/django/core/handlers/base.py", line 185, in _get_response
web_1  |     response = wrapped_callback(request, *callback_args, **callback_kwargs)
web_1  |   File "/usr/local/lib/python3.6/site-packages/django/views/decorators/csrf.py", line 58, in wrapped_view
web_1  |     return view_func(*args, **kwargs)
web_1  |   File "/usr/local/lib/python3.6/site-packages/rest_framework/viewsets.py", line 95, in view
web_1  |     return self.dispatch(request, *args, **kwargs)
web_1  |   File "/usr/local/lib/python3.6/site-packages/rest_framework/views.py", line 494, in dispatch
web_1  |     response = self.handle_exception(exc)
web_1  |   File "/usr/local/lib/python3.6/site-packages/rest_framework/views.py", line 454, in handle_exception
web_1  |     self.raise_uncaught_exception(exc)
web_1  |   File "/usr/local/lib/python3.6/site-packages/rest_framework/views.py", line 482, in dispatch
web_1  |     self.initial(request, *args, **kwargs)
web_1  |   File "/usr/local/lib/python3.6/site-packages/rest_framework/views.py", line 400, in initial
web_1  |     self.check_permissions(request)
web_1  |   File "/usr/local/lib/python3.6/site-packages/rest_framework/views.py", line 333, in check_permissions
web_1  |     if not permission.has_permission(request, self):
web_1  |   File "/qr/qr/permissions.py", line 39, in has_permission
web_1  |     user_company = str(CustomUser.objects.get(user=request.user).seat.company.id)
web_1  |   File "/usr/local/lib/python3.6/site-packages/django/db/models/manager.py", line 85, in manager_method
web_1  |     return getattr(self.get_queryset(), name)(*args, **kwargs)
web_1  |   File "/usr/local/lib/python3.6/site-packages/django/db/models/query.py", line 370, in get
web_1  |     clone = self.filter(*args, **kwargs)
web_1  |   File "/usr/local/lib/python3.6/site-packages/django/db/models/query.py", line 781, in filter
web_1  |     return self._filter_or_exclude(False, *args, **kwargs)
web_1  |   File "/usr/local/lib/python3.6/site-packages/django/db/models/query.py", line 799, in _filter_or_exclude
web_1  |     clone.query.add_q(Q(*args, **kwargs))
web_1  |   File "/usr/local/lib/python3.6/site-packages/django/db/models/sql/query.py", line 1260, in add_q
web_1  |     clause, _ = self._add_q(q_object, self.used_aliases)
web_1  |   File "/usr/local/lib/python3.6/site-packages/django/db/models/sql/query.py", line 1286, in _add_q
web_1  |     allow_joins=allow_joins, split_subq=split_subq,
web_1  |   File "/usr/local/lib/python3.6/site-packages/django/db/models/sql/query.py", line 1216, in build_filter
web_1  |     condition = lookup_class(lhs, value)
web_1  |   File "/usr/local/lib/python3.6/site-packages/django/db/models/lookups.py", line 24, in __init__
web_1  |     self.rhs = self.get_prep_lookup()
web_1  |   File "/usr/local/lib/python3.6/site-packages/django/db/models/fields/related_lookups.py", line 110, in get_prep_lookup
web_1  |     self.rhs = target_field.get_prep_value(self.rhs)
web_1  |   File "/usr/local/lib/python3.6/site-packages/django/db/models/fields/__init__.py", line 962, in get_prep_value
web_1  |     return int(value)
web_1  | TypeError: int() argument must be a string, a bytes-like object or a number, not 'AnonymousUser'

1 个答案:

答案 0 :(得分:0)

正在从您的权限类中引发错误。

当您使用CustomUser检查user_company = str(CustomUser.objects.get(user=request.user).seat.company.id)模型时,request.userAnonymousUser的实例,而不是User,因此失败了。您应该在权限中添加一些代码,以使用以下方法检查匿名用户:

if request.user.is_anonymous:
    raise AuthenticationFailed() # You could also use PermissionDenied to return 403

# Unauthenticated users will receive an unauthorized (401) response

user_company = str(CustomUser.objects.get(user=request.user).seat.company.id)

is_anonymousUserAnonymousUser类的属性,开发人员将使用它们检查用户是否已通过身份验证。

相关问题
最新问题