我正在使用带有csrf中间件的Django会话身份验证。前端使用角度。前端发出登录请求,我的后端登录登录到用户&csrf令牌设置在cookie中,并在进一步的请求中传递。
我可以登录,并且可以看到cookie在下一个请求中被传递,但我使用Authentication credentials were not provided得到了403。
这是我的setttings.py&;views.py。
MIDDLEWARE = [
'reversion.middleware.RevisionMiddleware',
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
# 'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAuthenticated',
),
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework.authentication.SessionAuthentication',
'rest_framework.authentication.BasicAuthentication',
),
}
AUTHENTICATION_BACKENDS = (
'django.contrib.auth.backends.ModelBackend',
)
这是我的view.py
class LoginView(APIView):
serializer_class = CustomUserSerialzer
def post(self, request, *args, **kwargs):
data = request.data
email = data.get('email', None)
password = data.get('password', None)
try:
user = authenticate(request, username=email, password=password)
if user is not None:
login(request, user)
return Response(self.serializer_class(user).data)
raise Exception('Account has no access')
except Exception as e:
return Response({
'status': 'Unauthorized',
'message': str(e)
}, status=status.HTTP_401_UNAUTHORIZED)
我想不出为什么它会在成功登录后的请求中失败,尽管csrf令牌通过了。我确信我的设置中遗漏了一些东西。有人能指出我的错误是什么吗?
图。我没有注意到我评论了'django.contrib.auth.middleware.AuthenticationMiddleware'。