尝试按照 DRF 实现 djangorestframework_simplejwt。实现基于:https://simpleisbetterthancomplex.com/tutorial/2018/12/19/how-to-use-jwt-authentication-with-django-rest-framework.html 的所有内容后,当我在 localhost:8000 上登录时,API Root View 不可用,错误是属性错误。
'JWTAuthentication' 对象没有属性 'has_permission'
当我查看 ModelViewSets 本身时,它们看起来非常好。它只是 API Root 本身。当我注销并尝试访问 API Root 时,页面加载完全正常,返回 HTTP 403。
我是否不应该在登录时访问 API 根目录,或者是否存在可以在 views.py 中实现(或扩展)的漏洞?
编辑:
Internal Server Error: /api/
Traceback (most recent call last):
File "C:\Users\yoom\Code\test\qrveltest\venv\lib\site-packages\django\core\handlers\exception.py", line 3
4, in inner
response = get_response(request)
File "C:\Users\yoom\Code\test\qrveltest\venv\lib\site-packages\django\core\handlers\base.py", line 115, i
n _get_response
response = self.process_exception_by_middleware(e, request)
File "C:\Users\yoom\Code\test\qrveltest\venv\lib\site-packages\django\core\handlers\base.py", line 113, i
n _get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "C:\Users\yoom\Code\test\qrveltest\venv\lib\site-packages\django\views\decorators\csrf.py", line 54,
in wrapped_view
return view_func(*args, **kwargs)
File "C:\Users\yoom\Code\test\qrveltest\venv\lib\site-packages\django\views\generic\base.py", line 71, in
view
return self.dispatch(request, *args, **kwargs)
File "C:\Users\yoom\Code\test\qrveltest\venv\lib\site-packages\rest_framework\views.py", line 495, in dis
patch
response = self.handle_exception(exc)
File "C:\Users\yoom\Code\test\qrveltest\venv\lib\site-packages\rest_framework\views.py", line 455, in han
dle_exception
self.raise_uncaught_exception(exc)
File "C:\Users\yoom\Code\test\qrveltest\venv\lib\site-packages\rest_framework\views.py", line 483, in dis
patch
self.initial(request, *args, **kwargs)
File "C:\Users\yoom\Code\test\qrveltest\venv\lib\site-packages\rest_framework\views.py", line 401, in ini
tial
self.check_permissions(request)
File "C:\Users\yoom\Code\test\qrveltest\venv\lib\site-packages\rest_framework\views.py", line 334, in che
ck_permissions
if not permission.has_permission(request, self):
AttributeError: 'JWTAuthentication' object has no attribute 'has_permission'
[19/Jun/2019 14:52:38] "GET /api/ HTTP/1.1" 500 95529
这是views.py:
from django.views.generic import ListView
from rest_framework import viewsets
from .serializers import *
from django_filters import rest_framework as filters
from rest_framework.permissions import IsAuthenticated
class HomePageView(ListView):
model = Test
template_name = 'home.html'
class UserViewSet(viewsets.ModelViewSet):
permission_classes = (IsAuthenticated, )
queryset = User.objects.all()
serializer_class = UserSerializer
filter_backends = (filters.DjangoFilterBackend,)
filterset_fields = ('username', 'email')
class TestViewSet(viewsets.ModelViewSet):
permission_classes = (IsAuthenticated, )
queryset = Test.objects.all()
serializer_class = TestSerializer
filter_backends = (filters.DjangoFilterBackend,)
filterset_fields = ('id', 'author')
def get_queryset(self):
queryset = Test.objects.all()
username = self.request.user
if username is not None:
queryset = queryset.filter(author__username=username)
return queryset
和 urls.py:
from django.urls import path, include
from rest_framework import routers
from .views import *
from rest_framework_simplejwt import views as jwt_views
router = routers.DefaultRouter()
router.register('users', UserViewSet)
router.register('test', TestViewSet)
urlpatterns = [
path('', HomePageView.as_view(), name='home'),
path('api/', include(router.urls)),
path('api/token/', jwt_views.TokenObtainPairView.as_view(), name='token_obtain_pair'),
path('api/token/refresh/', jwt_views.TokenRefreshView.as_view(), name='token_refresh'),
]
最佳答案
我遇到了同样的问题并解决了感谢您的评论。如果其他人有这个问题,我会写在这里给你。很可能是您的设置中的错误,请务必在默认身份验证而不是权限下添加 JWT,例如:
REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES': [
'rest_framework.permissions.IsAuthenticated',
],
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework_simplejwt.authentication.JWTAuthentication',
)
}
关于django - API Root 没有带有 JWT_Authentication 的 has_permissions,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/56673987/