我是Django世界的新手。在
我已经为我的restapi实现了TokenAuthentication
。在
settings.py
'DEFAULT_AUTHENTICATION_CLASSES': (
'auth.authentication.TokenAuthentication',
),
^{2}$authentication.py
views.py
class HistoryViewSet(viewsets.ModelViewSet):
authentication_classes = (TokenAuthentication,)
permission_classes = (IsAuthenticated,)
queryset = History.objects.all()
serializer_class = HistorySerializer
filter_backends = (DjangoFilterBackend,)
filter_fields = ('contract_id',)
models.py
class RestAPIToken(models.Model):
# This model does not inherits from DRF Token to avoid including
# rest.authtoken app in INSTALLED_APPS and user may have multiple tokens
# so ForeignKey field should be used (one active token and many expired for example)
key = models.CharField(max_length=40, primary_key=True, default=generate_token)
user_id = models.IntegerField()
created = models.DateTimeField(auto_now_add=True)
expire = models.DateTimeField(default=get_expiration_date)
objects = TokenManager()
def __str__(self):
return self.key
def invalidate(self):
self.expire = timezone.now()
self.save()
def refresh(self):
self.expire = get_expiration_date()
self.save()
def is_valid(self):
return self.expire > timezone.now()
class Meta:
db_table = "rest_restapitoken"
现在,如果我提供Authorization
头,它工作得非常好。但是,如果我根本不提供Auth头,它仍然可以正常工作。我没有用户模型。我不需要User
模型,因为我不想检查它是否有效。所以,完全跳过User
模型。在
我不明白,如果没有Authorization
头,为什么请求会成功执行?在
对我来说这很有效:
设置.py
api/视图.py
^{pr2}$终端
相关问题 更多 >
编程相关推荐