无法在Apache 2/Ubuntu服务器中使用Django用户的令牌对其进行身份验证

qgelzfjb  于 2023-08-08  发布在  Go
关注(0)|答案(1)|浏览(89)

我正在创建一个Django rest框架API来与Android应用交互。
我打开了以下端点:

from django.urls import path, include
from .views import UserViewSet, UserProfileViewSet, CurrentUserView,LoginView 

urlpatterns = [
    path('usuarios/', UserViewSet.as_view(), name='usuarios'),
    path('usuarios-perfil/', UserProfileViewSet.as_view(), name='usuarios-perfil'),
    path('usuario-actual/', CurrentUserView.as_view(), name='usuario-actual'),
    path('login/', LoginView.as_view(), name='login'),
]

字符串
我的观点是:

from rest_framework import generics
from django.contrib.auth.models import User
from .models import UserProfile
from .serializers import UserSerializer, UserProfileSerializer
from rest_framework.permissions import IsAuthenticated
from django.contrib.auth import get_user_model
from django.contrib.auth import authenticate
from rest_framework.views import APIView
from rest_framework.response import Response
from rest_framework.authtoken.models import Token
import logging

logger = logging.getLogger(__name__)

class UserViewSet(generics.ListCreateAPIView):
    queryset = User.objects.all()
    serializer_class = UserSerializer

class UserProfileViewSet(generics.ListCreateAPIView):
    queryset = UserProfile.objects.all()
    serializer_class = UserProfileSerializer

class CurrentUserView(generics.RetrieveAPIView):
    permission_classes = (IsAuthenticated,) 
    serializer_class = UserSerializer
    def get_object(self):
        logger.info(self.request.META)
        logger.debug(f"CurrentUserView.get_object called for user {self.request.user}")
        return self.request.user
def authenticate(email=None, password=None):
    UserModel = get_user_model()
    try:
        user = UserModel.objects.get(email=email)
    except UserModel.DoesNotExist:
        return None

    if user.check_password(password):
        return user

# En tu LoginView
class LoginView(APIView):
    def post(self, request, format=None):
        user = authenticate(email=request.data.get('email'), password=request.data.get('password'))
        if user is not None:
            token, created = Token.objects.get_or_create(user=user)
            return Response({'token': token.key})
        else:
            return Response(status=401)


我的模特:

from django.db import models
from django.contrib.auth.models import User

class UserProfile(models.Model):
    user = models.OneToOneField(User, on_delete=models.CASCADE)
    is_premium = models.BooleanField(default=False)

    def __str__(self):
        return self.user.username


我的序列化程序:

from rest_framework import serializers
from django.contrib.auth.models import User
from .models import UserProfile

class UserSerializer(serializers.ModelSerializer):
    class Meta:
        model = User
        fields = ['username', 'is_staff']

class UserProfileSerializer(serializers.ModelSerializer):
    user = UserSerializer()

    class Meta:
        model = UserProfile
        fields = ['user', 'is_premium']


这是我的settings.py:

"""
Django settings for football_quiz_and_guide project.

Generated by 'django-admin startproject' using Django 4.2.3.

For more information on this file, see
https://docs.djangoproject.com/en/4.2/topics/settings/

For the full list of settings and their values, see
https://docs.djangoproject.com/en/4.2/ref/settings/
"""

from pathlib import Path
import os

BASE_DIR = Path(__file__).resolve().parent.parent

SECRET_KEY = 'my-secret-key'

DEBUG = True

ALLOWED_HOSTS = ['my-domain.com','my-VM-instance-IP']

# Configuraciones de seguridad
CSRF_COOKIE_SECURE = True
SESSION_COOKIE_SECURE = True
SECURE_HSTS_SECONDS = 31536000
SECURE_HSTS_INCLUDE_SUBDOMAINS = True
SECURE_HSTS_PRELOAD = True
#SECURE_SSL_REDIRECT = True

# Application definition
INSTALLED_APPS = [
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'api_es',
    'rest_framework', 
    'rest_framework.authtoken',
]

MIDDLEWARE = [
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
]

ROOT_URLCONF = 'football_quiz_and_guide.urls'

TEMPLATES = [
    {
        'BACKEND': 'django.template.backends.django.DjangoTemplates',
        'DIRS': [],
        'APP_DIRS': True,
        'OPTIONS': {
            'context_processors': [
                'django.template.context_processors.debug',
                'django.template.context_processors.request',
                'django.contrib.auth.context_processors.auth',
                'django.contrib.messages.context_processors.messages',
            ],
        },
    },
]

WSGI_APPLICATION = 'football_quiz_and_guide.wsgi.application'

# Database
# https://docs.djangoproject.com/en/4.2/ref/settings/#databases

DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.mysql',
        'NAME': 'apifutbol_db',
        'USER': 'quiz-and-guide',
        'PASSWORD': 'AdGj2727',
        'HOST': '34.175.80.143',
        'PORT': '3306',
    }
}
#DATABASES = {
#    'default': {
#        'ENGINE': 'django.db.backends.mysql',
#        'NAME': 'apifutbol_db',
#        'USER': 'quizandguide',
#        'PASSWORD': 'AdGj2727',
#        'HOST': 'localhost',   # Or an IP Address that your DB is hosted on
#        'PORT': '3306',
#    }
#}
#DATABASES = {
#    'default': {
#        'ENGINE': 'django.db.backends.sqlite3',
#        'NAME': BASE_DIR / 'db.sqlite3',
#    }
#}
REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': [
        'rest_framework.authentication.TokenAuthentication',
    ]
}

LOGGING = {
    'version': 1,
    'disable_existing_loggers': False,
    'handlers': {
        'file': {
            'level': 'DEBUG',
            'class': 'logging.FileHandler',
            'filename': '/var/log/apache2/debug.log',
        },
    },
    'root': {
        'handlers': ['file'],
        'level': 'DEBUG',
    },
}



# Password validation
# https://docs.djangoproject.com/en/4.2/ref/settings/#auth-password-validators

AUTH_PASSWORD_VALIDATORS = [
    {
        'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
    },
]

# Internationalization
# https://docs.djangoproject.com/en/4.2/topics/i18n/

LANGUAGE_CODE = 'es-es'

TIME_ZONE = 'Europe/Madrid'

USE_I18N = True

USE_TZ = True

# Static files (CSS, JavaScript, Images)
# https://docs.djangoproject.com/en/4.2/howto/static-files/

STATIC_URL = 'static/'
STATIC_ROOT = os.path.join(BASE_DIR, "static/")

# Ruta base para archivos media.
MEDIA_URL = '/media/'
# Ruta absoluta en el sistema de ficheros a la carpeta que va a contener los archivos que los usuarios suben.
MEDIA_ROOT = os.path.join(BASE_DIR, 'media')

# Media files

MEDIA_URL = '/media/'
MEDIA_ROOT = os.path.join(BASE_DIR, 'media/')

# Default primary key field type
# https://docs.djangoproject.com/en/4.2/ref/settings/#default-auto-field

DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField'


我已经使用以下命令创建了我的超级用户,该命令还为MySQL数据库中的authtoken_token表中的用户创建了一个Token:

from django.core.management.base import BaseCommand
from django.contrib.auth.models import User
from api_es.models import UserProfile
from rest_framework.authtoken.models import Token  # Asegúrate de que estás importando el modelo Token de aquí

class Command(BaseCommand):
    help = 'Crea un nuevo usuario superusuario'

    def handle(self, *args, **options):
        username = 'lolo'
        password = 'AdGj2727'
        email = 'quizandguide@gmail.com'

        # Crear una nueva instancia de User y guardarla
        user = User(username=username, email=email, is_active=True, is_superuser=True, is_staff=True)
        user.set_password(password)
        user.save()

        # Crear una nueva instancia de UserProfile y guardarla
        user_profile = UserProfile(user=user, is_premium=True)
        user_profile.save()

        # Crear un token para el usuario
        token = Token.objects.create(user=user)

        self.stdout.write(self.style.SUCCESS('Superusuario creado exitosamente.'))


创建用户。但是当我尝试访问用户数据时:
第一个月
我得到:
(myenv) C:\Users\mimur\Desktop\football_quiz_and_guide\football_quiz_and_guide>curl -H "Authorization: Token e65905ad748d67f127929c14d3a78b9de8300c51" https://football-quiz-and-guide.com/es/usuario-actual/ {"detail":"Las credenciales de autenticación no se proveyeron."}
这意味着翻译为“未提供身份验证凭据”。
我问过GPT4给它很多信息,但我没有找到一个解决方案。我一直在一步步地遵循this tutorial。当我为用户lolo创建令牌时,它不会创建新令牌。它显示了创建超级用户时创建的相同令牌。但是curl请求失败。我试过 Postman ,也失败了。
什么可能失败,我能做什么?

django

1条答案

按热度按时间
bqucvtff

bqucvtff1#

Finnaly GPT 4可以意识到发生了什么。
在我的/etc/apache 2/sites-available/000-default.conf文件中,我需要允许头文件中包含以下行:

WSGIPassAuthorization On

字符串
然后我可以从curl请愿或Android应用程序访问我的用户数据视图。

赞(0)分享  回复(0)举报  2023-08-08
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com