时间戳

首页 > 解决方案 > Django rest with djoser 返回详细信息:首次登录时令牌无效

authentication - Django rest with djoser 返回详细信息:首次登录时令牌无效

问题描述

我正在使用 Django rest 和 Djoser 包,在本地一切正常。

我使用用户名和密码登录token/login/并获取令牌作为响应,但在 heroku 上我得到details:invalid token响应,这意味着我什至无法获得令牌。

一些设置:

REST_FRAMEWORK = {
    'DEFAULT_PAGINATION_CLASS': 'rest_framework.pagination.PageNumberPagination',
    'PAGE_SIZE': 1000,
    'DEFAULT_AUTHENTICATION_CLASSES': [
        'rest_framework.authentication.TokenAuthentication',
        'rest_framework.authentication.SessionAuthentication',
    ],
    'DEFAULT_PERMISSION_CLASSES': [
        'rest_framework.permissions.IsAuthenticated',
    ],
    'DEFAULT_SCHEMA_CLASS': 'drf_spectacular.openapi.AutoSchema',
}

MIDDLEWARE = [
    'corsheaders.middleware.CorsMiddleware',
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
]

INSTALLED_APPS = [
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'rest_framework',
    'rest_framework.authtoken',
    'sales',
    'inventory',
    'graphene_django',
    'corsheaders',
    'django_pivot',
    'drf_spectacular',
    'django_extensions',
    'djoser',
]

urlpatterns = [
    path('admin/', admin.site.urls),
    path('login/', LoginView.as_view()), ## left from Session authentication

    path('', include('sales.urls')),
    path('inventory/', include('inventory.urls')),
    path('graphql', csrf_exempt(GraphQLView.as_view(graphiql=True))),

    path('',  include('djoser.urls')),
    path('',  include('djoser.urls.authtoken')),

    # swagger paths
    path('api/schema/', SpectacularAPIView.as_view(), name='schema'),
    path('api/schema/swagger-ui/',
         SpectacularSwaggerView.as_view(url_name='schema'), name='swagger-ui'),

]

在前端:

axios.defaults.headers["Authorization"] = `Token ${localStorage.getItem("token")}`;

可能是什么问题?

标签: authenticationdjango-rest-frameworkdjoser

解决方案

问题出在前端。

线

axios.defaults.headers["Authorization"] = `Token ${localStorage.getItem("token")}`;

发送一个请求标头Authorization: Token null,后端将其解释为无效令牌。更好的标题将是Authorization: null哪个有效。

所以是这样的:

axios.defaults.headers["Authorization"] = token ? `Token ${token} : null`

我个人使用过拦截器:

axios.interceptors.request.use(config => {
  const token = localStorage.getItem("token");
  config.headers.Authorization = token ? `Token ${token}` : null;
  return config;
});

推荐阅读