Menu
I'm facing an issue with my Authentication/Login View. This system was working before but i recently switched to a new server and can't get it fixed.
When attempting to login via the auth view the request.user is always an AnonymousUser as if i didn't feed in any auth credentials. I've tried logging the request.POST but it seems to be an empty dict.
I have a traceback here:
Environment:
Request Method: POST
Request URL: http://45.55.149.3:8000/api/auth/
Django Version: 1.8.3
Python Version: 2.7.6
Installed Applications:
('django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'webapp',
'rest_framework',
'djrill')
Installed Middleware:
('django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'django.middleware.security.SecurityMiddleware')
Traceback:
File "/home/appointments-app/venv/local/lib/python2.7/site-packages/django/core/handlers/base.py" in get_response
132. response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/home/appointments-app/venv/local/lib/python2.7/site-packages/django/views/decorators/csrf.py" in wrapped_view
58. return view_func(*args, **kwargs)
File "/home/appointments-app/venv/local/lib/python2.7/site-packages/django/views/generic/base.py" in view
71. return self.dispatch(request, *args, **kwargs)
File "/home/appointments-app/venv/local/lib/python2.7/site-packages/rest_framework/views.py" in dispatch
456. response = self.handle_exception(exc)
File "/home/appointments-app/venv/local/lib/python2.7/site-packages/rest_framework/views.py" in dispatch
453. response = handler(request, *args, **kwargs)
File "/home/appointments-app/appointments/webapp/views.py" in post
40. login(request, request.user)
File "/home/appointments-app/venv/local/lib/python2.7/site-packages/django/contrib/auth/__init__.py" in login
111. request.session[SESSION_KEY] = user._meta.pk.value_to_string(user)
Exception Type: AttributeError at /api/auth/
Exception Value: 'AnonymousUser' object has no attribute '_meta'
Here i have the API auth view which is failing:
class AuthView(APIView):
authentication_classes = (QuietBasicAuthentication,)
def post(self, request, *args, **kwargs):
login(request, request.user)
return Response(OldUserSerializer(request.user).data)
def delete(self, request, *args, **kwargs):
logout(request)
return Response({})
below is the authentication class that i'm using:
from rest_framework.authentication import BasicAuthentication
class QuietBasicAuthentication(BasicAuthentication):
# disclaimer: once the user is logged in, this should NOT be used as a
# substitute for SessionAuthentication, which uses the django session cookie,
# rather it can check credentials before a session cookie has been granted.
def authenticate_header(self, request):
return 'xBasic realm="%s"' % self.www_authenticate_realm
849
request. query_params is a more correctly named synonym for request. GET . For clarity inside your code, we recommend using request. query_params instead of the Django's standard request.
AnonymousUser is a class that implements the django. contrib. auth. models.
Permissions are used to grant or deny access for different classes of users to different parts of the API. The simplest style of permission would be to allow access to any authenticated user, and deny access to any unauthenticated user. This corresponds to the IsAuthenticated class in REST framework.
If you are using Django REST framework's authentication classes, you do not need to log in the user. The user will be authenticated by Django REST framework ahead of time, and the credentials will be validated in the process.
Right now by calling login you are trying to log in the current user (request.user) and associate them with the current request (request). DRF will do this automatically for you, and request.user will contain a User instance if it was able to authenticate the user and an AnonymousUser (what you are seeing) if it is not able to.
If you are trying to log in the user for the Django request (not the DRF request, which is different) you need to reference the Django request which is stored as request._request.
login(request._request, request.user)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
