Django Rest Framework Authentication denied

Question

I've authenticated my user on Django using PSA and have the user registered in the user model and even the token model has the user and the token registered.

But when I send this request:

curl -X POST -H "Authorization:Token 87e939184457ccc064485444a90e3ebf417xxxxx" http://192.168.x.x:8000/user-profiles/>error.html 

I get

{"detail":"You do not have permission to perform this action."}

And If I send this:

curl -X POST --user "VedantDasSwain:87e939184457ccc064485444a90e3ebf417xxxxx" http://192.168.x.x:8000/user-profiles/>error.html 

I get

{"detail":"Invalid username/password"}

These are relevant snippets from my settings file:

'DEFAULT_PERMISSION_CLASSES': ('rest_framework.permissions.IsAuthenticated',
        'rest_framework.permissions.IsAdminUser',),
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework.authentication.BasicAuthentication',
        'rest_framework.authentication.SessionAuthentication',
        'rest_framework.authentication.TokenAuthentication',
    ),

And this a part of the PSA settings:

AUTHENTICATION_BACKENDS = (
    'social.backends.facebook.FacebookOAuth2',

    'django.contrib.auth.backends.ModelBackend',
)

Has anyone encountered anything of this sort before? What is the solution to this?

Answer 1

I was under the impression that this tuple meant that either the user is authenticated or an admin.

'DEFAULT_PERMISSION_CLASSES': ('rest_framework.permissions.IsAuthenticated',
        'rest_framework.permissions.IsAdminUser',)

However, I removed 'rest_framework.permissions.IsAdminUser' from the tuple and then it gave me the correct result on

curl -X POST -H "Authorization:Token 87e939184457ccc064485444a90e3ebf417xxxxx" http://192.168.x.x:8000/user-profiles/>error.html 

I don't know why this happened though. It's pretty much a fluke fix. If someone knows why this worked this way please let me know