我正在使用Django rest框架构建一个API,但在使用基本身份验证对请求进行身份验证时遇到了问题。出于测试目的,我认为,当通过POST
调用并为User
模型提供有效的用户名/密码时,应该返回具有所提供的id
的模型,在本例中为id=1018
curl -X POST http://<my-url>/api/detail/1018 -u <username>:<password>
{"detail": "Authentication credentials were not provided."}
GET
请求工作正常,因为不需要身份验证。我大致遵循了rest框架教程。在每一类中,我都有permission_classes = (permissions.IsAuthenticatedOrReadOnly, IsOwnerOrReadOnly,)
在permissions.py
中
from rest_framework import permissions
class IsOwnerOrReadOnly(permissions.BasePermission):
def has_object_permission(self, request, view, obj):
# Read permissions are allowed to any request,
# so we'll always allow GET, HEAD or OPTIONS requests.
if request.method in permissions.SAFE_METHODS:
return True
# Write permissions are only allowed to the owner of the account.
# I have commented this out and set it to return True so that I can test
# more easily narrow down the cause of the error.
#obj.owner.id == request.user.id
return True
我甚至不确定这是否是代码问题,因为它说没有提供凭据,而不是凭据错误。
好的,在深入研究文档后,我发现在使用Apache部署时有一个警告。事实证明,您必须在httpd.conf文件中添加一行。