Menu
The underlying cause of this issue can be different things but it essentially means that your browser is not authorized to complete the task you are trying to accomplish.
Authentication is the mechanism of associating an incoming request with a set of identifying credentials, such as the user the request came from, or the token that it was signed with. The permission and throttling policies can then use those credentials to determine if the request should be permitted.
from django.contrib.auth import authenticate, login def my_view(request): username = request.POST['username'] password = request.POST['password'] user = authenticate(request, username=username, password=password) if user is not None: login(request, user) # Redirect to a success page. ... else: # Return an 'invalid ...
If you are running Django on Apache using mod_wsgi you have to add
WSGIPassAuthorization On
in your httpd.conf. Otherwise, the authorization header will be stripped out by mod_wsgi.
Solved by adding "DEFAULT_AUTHENTICATION_CLASSES" to my settings.py
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework.authentication.TokenAuthentication',
),
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAdminUser'
),
}
This help me out without "DEFAULT_PERMISSION_CLASSES" in my settings.py
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework.authentication.TokenAuthentication',
'rest_framework.authentication.SessionAuthentication',
),
'PAGE_SIZE': 10
}
Just for other people landing up here with same error, this issue can arise if your request.user is AnonymousUser and not the right user who is actually authorized to access the URL. You can see that by printing value of request.user . If it is indeed an anonymous user, these steps might help:
Make sure you have 'rest_framework.authtoken' in INSTALLED_APPS in your settings.py.
Make sure you have this somewhere in settings.py:
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework.authentication.TokenAuthentication',
# ...
),
# ...
}
Make sure you have the correct token for the user who is logged in. If you do not have the token, learn how to get it here.
Basically, you need to do a POST request to a view which gives you the token if you provide the correct username and password. Example:
curl -X POST -d "user=Pepe&password=aaaa" http://localhost:8000/
Make sure the view which you are trying to access, has these:
class some_fancy_example_view(ModelViewSet):
"""
not compulsary it has to be 'ModelViewSet' this can be anything like APIview etc, depending on your requirements.
"""
permission_classes = (IsAuthenticated,)
authentication_classes = (TokenAuthentication,)
# ...
Use curl now this way:
curl -X (your_request_method) -H "Authorization: Token <your_token>" <your_url>
Example:
curl -X GET http://127.0.0.1:8001/expenses/ -H "Authorization: Token 9463b437afdd3f34b8ec66acda4b192a815a15a8"
If you are playing around in the command line (using curl, or HTTPie etc) you can use BasicAuthentication to test/user your API
REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES': [
'rest_framework.permissions.IsAuthenticated',
],
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework.authentication.BasicAuthentication', # enables simple command line authentication
'rest_framework.authentication.SessionAuthentication',
'rest_framework.authentication.TokenAuthentication',
)
}
You can then use curl
curl --user user:password -X POST http://example.com/path/ --data "some_field=some data"
or httpie (its easier on the eyes):
http -a user:password POST http://example.com/path/ some_field="some data"
or something else like Advanced Rest Client (ARC)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With