Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Django Rest Framework's IsAuthenticated() method is failing for AnonymousUser

Tags:

django

django-views

django-rest-framework

django-serializer

I have a ListView and it has permission set to IsAuthenticated, when I hit the URL in an incognito window, I'm able to view the data without having the user logged in.

Here is my serializer

class BlogListSerializer(ModelSerializer):
    url = HyperlinkedIdentityField(
    view_name="blog_api:post_detail",
    lookup_field="slug"
    )
    class Meta:
        model = Blog
        fields = [
           'url',
           'title',
           'category',
           'date',
           'publish',
           'draft'
         ]

Below is my view

from rest_framework.permissions import IsAuthenticated

class BlogListAPIView(ListAPIView):
    queryset = Blog.objects.filter(publish=True, draft=False)
    serializer_class = BlogListSerializer
    permission_classes = [IsAuthenticated]

Settings files

REST_FRAMEWORK = {
    'DEFAULT_PERMISSION_CLASSES': (
        'rest_framework.permissions.IsAuthenticated',
    ),
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework.authentication.BasicAuthentication',
        'rest_framework.authentication.SessionAuthentication',
    )
}

Middleware settings

MIDDLEWARE_CLASSES = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]

So what's happening is, when I try to access the user by calling get_object on BlogListAPIView, it throws an error is not JSON serializable. For some reason, middleware is taking AnonymousUser as a User. If there is AnonymousUser logged in it should fail IsAuthenticated permission. This is what basically should happen Why AnonymousUser is getting accessed and IsAuthenticated() failing?

like image 826
chiseledCoder Avatar asked Dec 01 '17 15:12

chiseledCoder

2 Answers

There is certainly some other problems that is not listed in your question. I created a fresh project with snippets you provided and will get http 401 when I hit the URL without logging in. I provided codes in Github:

get https://github.com/Rmaan/pastebin/tree/so-47596482

runserver and browse to http://localhost:8000/blog

like image 174
Arman Ordookhani Avatar answered Nov 07 '22 05:11

Arman Ordookhani

The issue was gone by upgrading from Django 1.9 to Django 1.10 and using DRF 3.3.7.

like image 21
Assem Avatar answered Nov 07 '22 07:11

Assem
Sign in to Comment

Related questions

Django Rest Framework reuse API logic within website
What is best practice to serialize foreign key fields in a REST-ful api
Is it possible to configure Gulp Livereload for Django?
How to get URL name in template?
Django log user IP for user_login_failed signal
What is the benefit of using django.conf.urls.patterns versus a list of url in Django [duplicate]
How to setup health check page in django
Return dictionary instead of array in REST framework
Testing django custom management command
Django get all descendant child models using django queryset
Encode Base64 Django ImageField Stream
Django settings not configured error
How to output full diffs in Django unit tests?
Json serialized data having backslashes
Configure Sentry for different environments (staging, production)
Accessing url of ImageField via values() method on django queryset
No File was submitted while trying to make a POST. Django Rest Framework
Django filter related field using related model's custom manager
Django ORM, how to use values() and still work with choicefield?
Override default queryset with using as_manager

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!