在我实现令牌身份验证之前,它可以很好地抓取每个用户,
GET: http://localhost:8000/users/1/
{
"url": "http://localhost:8000/users/1/",
"id": 1,
"username": "foo",
"boards": [
"http://localhost:8000/boards/15/"
]
},
在我实现knox令牌认证后,
#settings.py
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': ('knox.auth.TokenAuthentication',),
}
#users/views.py
class UserDetail(generics.RetrieveAPIView):
permission_classes = [permissions.IsAuthenticated]
queryset = User.objects.all()
serializer_class = UserSerializer
def get_object(self):
return self.request.use
#users/urls.py
app_name = 'users'
urlpatterns = [
path('', UserList.as_view(), name='user-list'),
path('<int:pk>/', UserDetail.as_view(), name='user-detail'),
path('accounts/register/', RegistrationAPI.as_view(), name='user-register'),
path('accounts/login/', LoginAPI.as_view(), name='user-login'),
path('accounts/logout/', knox_views.LogoutView.as_view(), name='user-logout'),
]
urlpatterns = format_suffix_patterns(urlpatterns)
# users/serializer.py
class UserSerializer(serializers.HyperlinkedModelSerializer):
boards = serializers.HyperlinkedRelatedField(
view_name='board:board-detail',
lookup_field='pk',
many=True,
queryset=Board.objects.all()
)
url = serializers.HyperlinkedIdentityField(
read_only=True,
lookup_field='pk',
view_name="users:user-detail")
class Meta:
model = User
fields = ('url', 'id', 'username', 'boards')
class CreateSerializer(serializers.HyperlinkedModelSerializer):
url = serializers.HyperlinkedIdentityField(
read_only=True,
lookup_field='pk',
view_name="users:user-detail")
def create(self, validated_data):
user = User.objects.create_user(
validated_data['username'], None, validated_data['password']
)
return user
class Meta:
model = User
fields = ('url', 'id', 'username', 'password')
class LoginUserSerializer(serializers.Serializer):
username = serializers.CharField()
password = serializers.CharField()
def validate(self, data):
user = authenticate(**data)
if user and user.is_active:
return user
raise serializers.ValidationError("unable to log in with provided credential")
# project/urls.py
urlpatterns = [
path('boards/', include('apps.board.urls', namespace='board')),
path('admin/', admin.site.urls),
path('users/', include('apps.users.urls', namespace='users')), # detail of users
path(r'^users/accounts/', include('knox.urls')), # detail of users
]
现在我收到401错误,
GET: http://localhost:8000/users/1/
{
"detail": "Authentication credentials were not provided."
}
甚至,POST:http://localhost:8000/logout/也有同样的401未授权错误。我先尝试login,然后尝试logout,但仍然出现相同的错误。为什么我未经授权
EDIT
一旦我POST登录,我就得到了令牌,并将此令牌传递给
1(获取个人用户(http://localhost:8000/users/1/,
2(POST注销(http://localhost:8000/users/accounts/logout/
但我仍然得到相同的401 Unauthorized状态
对于刚开始使用Postman的人,
- POST登录时获取令牌
- 将模式切换到GET
- 在Headers会话中,密钥:授权值:令牌xxxxx(来自步骤1的令牌(
然后发送此请求。