未提供邮递员身份验证凭证 - Django
postman authentication credential not provided - Django
postman request
我已经提供了我用来在我的 Django 应用程序中实现 JWT 身份验证的完整代码。我能够注册用户,登录,但即使在 header 中提供了令牌后,我在邮递员中也遇到了这个错误。
我尝试了互联网上的多种选项来解决这个问题,但没有任何帮助,我尝试将 Bearer 替换为 Token,但也没有用。
models.py
import uuid
from django.db import models
from django.contrib.auth.models import PermissionsMixin
from django.contrib.auth.base_user import AbstractBaseUser
from django.utils import timezone
from .managers import CustomUserManager
# Create your models here.
class User(AbstractBaseUser, PermissionsMixin):
# These fields tie to the roles!
ADMIN = 1
USER = 2
ROLE_CHOICES = (
(ADMIN, 'Admin'),
(USER, 'User'),
)
class Meta:
verbose_name = 'user'
verbose_name_plural = 'users'
# Roles created here
uid = models.UUIDField(unique=True, editable=False, default=uuid.uuid4, verbose_name='Public identifier')
email = models.EmailField(unique=True)
first_name = models.CharField(max_length=30, blank=True)
last_name = models.CharField(max_length=50, blank=True)
role = models.PositiveSmallIntegerField(choices=ROLE_CHOICES, blank=True, null=True, default=2)
avtar = models.FileField()
date_joined = models.DateTimeField(auto_now_add=True)
is_active = models.BooleanField(default=True)
is_deleted = models.BooleanField(default=False)
created_at = models.DateTimeField(auto_now_add=True)
updated_at = models.DateTimeField(auto_now=True)
USERNAME_FIELD = 'email'
REQUIRED_FIELDS = []
objects = CustomUserManager()
def __str__(self):
return self.email
serializers.py
from .models import User
from rest_framework import serializers
from rest_framework_simplejwt.tokens import RefreshToken
from django.contrib.auth import authenticate
from django.contrib.auth.models import update_last_login
class UserRegistrationSerializer(serializers.ModelSerializer):
class Meta:
model = User
fields = (
'email',
'password'
)
def create(self, validated_data):
auth_user = User.objects.create_user(**validated_data)
return auth_user
class UserLoginSerializer(serializers.Serializer):
email = serializers.EmailField()
password = serializers.CharField(max_length=128, write_only=True)
access = serializers.CharField(read_only=True)
refresh = serializers.CharField(read_only=True)
role = serializers.CharField(read_only=True)
def create(self, validated_date):
pass
def update(self, instance, validated_data):
pass
def validate(self, data):
email = data['email']
password = data['password']
user = authenticate(email=email, password=password)
if user is None:
raise serializers.ValidationError("Invalid login credentials")
try:
refresh = RefreshToken.for_user(user)
refresh_token = str(refresh)
access_token = str(refresh.access_token)
update_last_login(None, user)
validation = {
'access': access_token,
'refresh': refresh_token,
'email': user.email,
'role': user.role,
}
return validation
except User.DoesNotExist:
raise serializers.ValidationError("Invalid login credentials")
class UserListSerializer(serializers.ModelSerializer):
class Meta:
model = User
fields = (
'email',
'role'
)
views.py
from django.shortcuts import render
from rest_framework import status
from rest_framework.views import APIView
from rest_framework.response import Response
from rest_framework.permissions import AllowAny, IsAuthenticated
# Create your views here.
from .serializers import (
UserRegistrationSerializer,
UserLoginSerializer,
UserListSerializer
)
from .models import User
class UserRegistrationView(APIView):
serializer_class = UserRegistrationSerializer
permission_classes = (AllowAny, )
def post(self, request):
serializer = self.serializer_class(data=request.data)
valid = serializer.is_valid(raise_exception=True)
if valid:
serializer.save()
status_code = status.HTTP_201_CREATED
response = {
'success': True,
'statusCode': status_code,
'message': 'User successfully registered!',
'user': serializer.data
}
return Response(response, status=status_code)
else:
status_code = status.HTTP_400_BAD_REQUEST
response = {
'success': False,
'statusCode': status_code,
'message': 'Something Went Wrong!'
}
return Response(response, status=status_code)
class AuthUserLoginView(APIView):
serializer_class = UserLoginSerializer
permission_classes = (AllowAny, )
def post(self, request):
serializer = self.serializer_class(data=request.data)
valid = serializer.is_valid(raise_exception=True)
if valid:
status_code = status.HTTP_200_OK
response = {
'success': True,
'statusCode': status_code,
'message': 'User logged in successfully',
'access': serializer.data['access'],
'refresh': serializer.data['refresh'],
'authenticatedUser': {
'email': serializer.data['email'],
'role': serializer.data['role']
}
}
return Response(response, status=status_code)
else:
status_code = status.HTTP_400_BAD_REQUEST
response = {
'success': False,
'statusCode': status_code,
'message': 'Something Went Wrong!'
}
return Response(response, status=status_code)
class UserListView(APIView):
serializer_class = UserListSerializer
permission_classes = (IsAuthenticated,)
def get(self, request):
user = request.user
if user.role != 1:
response = {
'success': False,
'status_code': status.HTTP_403_FORBIDDEN,
'message': 'You are not authorized to perform this action'
}
return Response(response, status.HTTP_403_FORBIDDEN)
else:
users = User.objects.all()
serializer = self.serializer_class(users, many=True)
response = {
'success': True,
'status_code': status.HTTP_200_OK,
'message': 'Successfully fetched users',
'users': serializer.data
}
return Response(response, status=status.HTTP_200_OK)
class UserUpdateView(APIView):
print('inside class')
permission_classes = (IsAuthenticated,)
def update(self, request):
user = request.user
userDetails = User.objects.get(email=user.email)
userDetails.first_name = request.POST['first_name']
userDetails.last_name = request.POST['last_name']
userDetails.save()
response = {
'success': True,
'status_code': status.HTTP_200_OK,
'message': 'Deatils Successfully Updated',
}
return Response(response, status=status.HTTP_200_OK)
postman header view
settings.py
REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAuthenticated',
),
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework_simplejwt.authentication.JWTAuthentication',
),
}
# Configure the JWT settings
SIMPLE_JWT = {
'ACCESS_TOKEN_LIFETIME': timedelta(minutes=5),
'REFRESH_TOKEN_LIFETIME': timedelta(days=14),
'ROTATE_REFRESH_TOKENS': True,
'BLACKLIST_AFTER_ROTATION': False,
'ALGORITHM': 'HS256',
'SIGNING_KEY': SECRET_KEY,
'VERIFYING_KEY': None,
'AUTH_HEADER_TYPES': ('JWT',),
'USER_ID_FIELD': 'id',
'USER_ID_CLAIM': 'user_id',
'AUTH_TOKEN_CLASSES': ('rest_framework_simplejwt.tokens.AccessToken',),
'TOKEN_TYPE_CLAIM': 'token_type',
}
managers.py
from django.contrib.auth.base_user import BaseUserManager
from django.utils.translation import gettext_lazy as _
class CustomUserManager(BaseUserManager):
"""
Custom user model where the email address is the unique identifier
and has an is_admin field to allow access to the admin app
"""
def create_user(self, email, password, **extra_fields):
if not email:
raise ValueError(_("The email must be set"))
if not password:
raise ValueError(_("The password must be set"))
email = self.normalize_email(email)
user = self.model(email=email, **extra_fields)
user.set_password(password)
user.save()
return user
def create_superuser(self, email, password, **extra_fields):
extra_fields.setdefault('is_active', True)
extra_fields.setdefault('role', 1)
if extra_fields.get('role') != 1:
raise ValueError('Superuser must have role of Global Admin')
return self.create_user(email, password, **extra_fields)
urls.py
urlpatterns = [
path('token/obtain/', jwt_views.TokenObtainPairView.as_view(), name='token_create'),
path('token/refresh/', jwt_views.TokenRefreshView.as_view(), name='token_refresh'),
path('/UserRegistration/', views.UserRegistrationView.as_view(), name='UserRegistration'),
path('/AuthUserLogin/', views.AuthUserLoginView.as_view(), name='AuthUserLogin'),
path('/UserList/', views.UserListView.as_view(), name='UserList'),
path('/UserUpdate/', views.UserUpdateView.as_view(), name='UserUpdate'),
path('/UserUpdateAvtar/', views.UserUpdateAvtarView.as_view(), name='UserUpdateAvtar'),
]
将 SIMPLE_JWT 设置中的 AUTH_HEADER_TYPES 更改为
SIMPLE_JWT['AUTH_HEADER_TYPES'] = ('Bearer', ) 或 SIMPLE_JWT['AUTH_HEADER_TYPES'] = ('Bearer', 'JWT')(如果你想在你的令牌之前添加 JWT 前缀。rest_framework_simplejwt 正在寻找你在 SIMPLE_JWT['AUTH_HEADER_TYPES] 中定义的前缀。因为它只有JWT 在那里,它正在 HTTP_AUTHORIZATION header.
中寻找 JWT {actual token} 格式的值
或者,您可以更改邮递员中的授权 header 值 - 将 Bearer 替换为 JWT。
postman request
我已经提供了我用来在我的 Django 应用程序中实现 JWT 身份验证的完整代码。我能够注册用户,登录,但即使在 header 中提供了令牌后,我在邮递员中也遇到了这个错误。
我尝试了互联网上的多种选项来解决这个问题,但没有任何帮助,我尝试将 Bearer 替换为 Token,但也没有用。
models.py
import uuid
from django.db import models
from django.contrib.auth.models import PermissionsMixin
from django.contrib.auth.base_user import AbstractBaseUser
from django.utils import timezone
from .managers import CustomUserManager
# Create your models here.
class User(AbstractBaseUser, PermissionsMixin):
# These fields tie to the roles!
ADMIN = 1
USER = 2
ROLE_CHOICES = (
(ADMIN, 'Admin'),
(USER, 'User'),
)
class Meta:
verbose_name = 'user'
verbose_name_plural = 'users'
# Roles created here
uid = models.UUIDField(unique=True, editable=False, default=uuid.uuid4, verbose_name='Public identifier')
email = models.EmailField(unique=True)
first_name = models.CharField(max_length=30, blank=True)
last_name = models.CharField(max_length=50, blank=True)
role = models.PositiveSmallIntegerField(choices=ROLE_CHOICES, blank=True, null=True, default=2)
avtar = models.FileField()
date_joined = models.DateTimeField(auto_now_add=True)
is_active = models.BooleanField(default=True)
is_deleted = models.BooleanField(default=False)
created_at = models.DateTimeField(auto_now_add=True)
updated_at = models.DateTimeField(auto_now=True)
USERNAME_FIELD = 'email'
REQUIRED_FIELDS = []
objects = CustomUserManager()
def __str__(self):
return self.email
serializers.py
from .models import User
from rest_framework import serializers
from rest_framework_simplejwt.tokens import RefreshToken
from django.contrib.auth import authenticate
from django.contrib.auth.models import update_last_login
class UserRegistrationSerializer(serializers.ModelSerializer):
class Meta:
model = User
fields = (
'email',
'password'
)
def create(self, validated_data):
auth_user = User.objects.create_user(**validated_data)
return auth_user
class UserLoginSerializer(serializers.Serializer):
email = serializers.EmailField()
password = serializers.CharField(max_length=128, write_only=True)
access = serializers.CharField(read_only=True)
refresh = serializers.CharField(read_only=True)
role = serializers.CharField(read_only=True)
def create(self, validated_date):
pass
def update(self, instance, validated_data):
pass
def validate(self, data):
email = data['email']
password = data['password']
user = authenticate(email=email, password=password)
if user is None:
raise serializers.ValidationError("Invalid login credentials")
try:
refresh = RefreshToken.for_user(user)
refresh_token = str(refresh)
access_token = str(refresh.access_token)
update_last_login(None, user)
validation = {
'access': access_token,
'refresh': refresh_token,
'email': user.email,
'role': user.role,
}
return validation
except User.DoesNotExist:
raise serializers.ValidationError("Invalid login credentials")
class UserListSerializer(serializers.ModelSerializer):
class Meta:
model = User
fields = (
'email',
'role'
)
views.py
from django.shortcuts import render
from rest_framework import status
from rest_framework.views import APIView
from rest_framework.response import Response
from rest_framework.permissions import AllowAny, IsAuthenticated
# Create your views here.
from .serializers import (
UserRegistrationSerializer,
UserLoginSerializer,
UserListSerializer
)
from .models import User
class UserRegistrationView(APIView):
serializer_class = UserRegistrationSerializer
permission_classes = (AllowAny, )
def post(self, request):
serializer = self.serializer_class(data=request.data)
valid = serializer.is_valid(raise_exception=True)
if valid:
serializer.save()
status_code = status.HTTP_201_CREATED
response = {
'success': True,
'statusCode': status_code,
'message': 'User successfully registered!',
'user': serializer.data
}
return Response(response, status=status_code)
else:
status_code = status.HTTP_400_BAD_REQUEST
response = {
'success': False,
'statusCode': status_code,
'message': 'Something Went Wrong!'
}
return Response(response, status=status_code)
class AuthUserLoginView(APIView):
serializer_class = UserLoginSerializer
permission_classes = (AllowAny, )
def post(self, request):
serializer = self.serializer_class(data=request.data)
valid = serializer.is_valid(raise_exception=True)
if valid:
status_code = status.HTTP_200_OK
response = {
'success': True,
'statusCode': status_code,
'message': 'User logged in successfully',
'access': serializer.data['access'],
'refresh': serializer.data['refresh'],
'authenticatedUser': {
'email': serializer.data['email'],
'role': serializer.data['role']
}
}
return Response(response, status=status_code)
else:
status_code = status.HTTP_400_BAD_REQUEST
response = {
'success': False,
'statusCode': status_code,
'message': 'Something Went Wrong!'
}
return Response(response, status=status_code)
class UserListView(APIView):
serializer_class = UserListSerializer
permission_classes = (IsAuthenticated,)
def get(self, request):
user = request.user
if user.role != 1:
response = {
'success': False,
'status_code': status.HTTP_403_FORBIDDEN,
'message': 'You are not authorized to perform this action'
}
return Response(response, status.HTTP_403_FORBIDDEN)
else:
users = User.objects.all()
serializer = self.serializer_class(users, many=True)
response = {
'success': True,
'status_code': status.HTTP_200_OK,
'message': 'Successfully fetched users',
'users': serializer.data
}
return Response(response, status=status.HTTP_200_OK)
class UserUpdateView(APIView):
print('inside class')
permission_classes = (IsAuthenticated,)
def update(self, request):
user = request.user
userDetails = User.objects.get(email=user.email)
userDetails.first_name = request.POST['first_name']
userDetails.last_name = request.POST['last_name']
userDetails.save()
response = {
'success': True,
'status_code': status.HTTP_200_OK,
'message': 'Deatils Successfully Updated',
}
return Response(response, status=status.HTTP_200_OK)
postman header view
settings.py
REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAuthenticated',
),
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework_simplejwt.authentication.JWTAuthentication',
),
}
# Configure the JWT settings
SIMPLE_JWT = {
'ACCESS_TOKEN_LIFETIME': timedelta(minutes=5),
'REFRESH_TOKEN_LIFETIME': timedelta(days=14),
'ROTATE_REFRESH_TOKENS': True,
'BLACKLIST_AFTER_ROTATION': False,
'ALGORITHM': 'HS256',
'SIGNING_KEY': SECRET_KEY,
'VERIFYING_KEY': None,
'AUTH_HEADER_TYPES': ('JWT',),
'USER_ID_FIELD': 'id',
'USER_ID_CLAIM': 'user_id',
'AUTH_TOKEN_CLASSES': ('rest_framework_simplejwt.tokens.AccessToken',),
'TOKEN_TYPE_CLAIM': 'token_type',
}
managers.py
from django.contrib.auth.base_user import BaseUserManager
from django.utils.translation import gettext_lazy as _
class CustomUserManager(BaseUserManager):
"""
Custom user model where the email address is the unique identifier
and has an is_admin field to allow access to the admin app
"""
def create_user(self, email, password, **extra_fields):
if not email:
raise ValueError(_("The email must be set"))
if not password:
raise ValueError(_("The password must be set"))
email = self.normalize_email(email)
user = self.model(email=email, **extra_fields)
user.set_password(password)
user.save()
return user
def create_superuser(self, email, password, **extra_fields):
extra_fields.setdefault('is_active', True)
extra_fields.setdefault('role', 1)
if extra_fields.get('role') != 1:
raise ValueError('Superuser must have role of Global Admin')
return self.create_user(email, password, **extra_fields)
urls.py
urlpatterns = [
path('token/obtain/', jwt_views.TokenObtainPairView.as_view(), name='token_create'),
path('token/refresh/', jwt_views.TokenRefreshView.as_view(), name='token_refresh'),
path('/UserRegistration/', views.UserRegistrationView.as_view(), name='UserRegistration'),
path('/AuthUserLogin/', views.AuthUserLoginView.as_view(), name='AuthUserLogin'),
path('/UserList/', views.UserListView.as_view(), name='UserList'),
path('/UserUpdate/', views.UserUpdateView.as_view(), name='UserUpdate'),
path('/UserUpdateAvtar/', views.UserUpdateAvtarView.as_view(), name='UserUpdateAvtar'),
]
将 SIMPLE_JWT 设置中的 AUTH_HEADER_TYPES 更改为
SIMPLE_JWT['AUTH_HEADER_TYPES'] = ('Bearer', ) 或 SIMPLE_JWT['AUTH_HEADER_TYPES'] = ('Bearer', 'JWT')(如果你想在你的令牌之前添加 JWT 前缀。rest_framework_simplejwt 正在寻找你在 SIMPLE_JWT['AUTH_HEADER_TYPES] 中定义的前缀。因为它只有JWT 在那里,它正在 HTTP_AUTHORIZATION header.
JWT {actual token} 格式的值
或者,您可以更改邮递员中的授权 header 值 - 将 Bearer 替换为 JWT。