permission classes IsAuthenticated not working in DRF

django-rest-framework django-authentication django-serializer auth-token
user10058776 picture user10058776 · Dec 8, 2018 · Viewed 7.6k times · Source

I've used token authentication, and it's working fine i.e. it is authenticating a user and then the user is logged in. But in my views I've set permission classes to IsAuthenticated for one of the views, and it is not allowing to the user even if he is an authenticated user. Below is the screenshot where it says i'm logged in ([email protected]) :

enter image description here

and the very next tab to this, it says "authentication details not provided":

enter image description here

Can someone tell what's wrong? ok, I'm providing details: these are my settings:

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework.authentication.TokenAuthentication',
    ),
    'DEFAULT_PERMISSION_CLASSES': (
        'rest_framework.permissions.IsAuthenticated', )
}

This is how I authenticated:

class UserLoginAPIView(APIView):

permission_classes = [AllowAny]
serializer_class = UserLoginSerializer

def post(self, request, *args, **kwargs):
    data = request.data
    serializer = UserLoginSerializer(data=data)
    if serializer.is_valid(raise_exception=True):
        # new_data = serializer.data
        if serializer.data:
            user = authenticate(username=request.data['username'], password=request.data['password'])
            login(request, user)
            print("IsAuthenticated", user.is_authenticated)
        token, _ = Token.objects.get_or_create(user=user)
        return Response({'token': token.key},
                        status=HTTP_200_OK)

Another View where I put restrictions:

class BoardCreateAPIView(CreateAPIView):

queryset = Boards.objects.all()
serializer_class = BoardCreateSerializer
permission_classes = (IsAuthenticated,)

Answer

Reza Torkaman Ahmadi picture Reza Torkaman Ahmadi · Dec 8, 2018

In django rest framework, You should provide token in your request headers. here is the sample with curl command:

curl -X POST -H "Content-Type: application/json" -H "Authorization: Token <MY_TOKEN>" http://my-api-url

Also check that in your settings.py at least you have these lines:

REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
    'rest_framework.authentication.BasicAuthentication',
    'rest_framework.authentication.SessionAuthentication',
)
}

For more understanding read this doc from django rest framework

Related questions

How to use TokenAuthentication for API in django-rest-framework

I have a django project, using django-rest-framework to create api. Want to use token base authentication system so api call for (put, post, delete) will only execute for authorized user. I installed 'rest_framework.authtoken' and created token for each …

Read More
Django Rest Framework File Upload

I am using Django Rest Framework and AngularJs to upload a file. My view file looks like this: class ProductList(APIView): authentication_classes = (authentication.TokenAuthentication,) def get(self,request): if request.user.is_authenticated(): userCompanyId = request.user.get_profile().companyId …

Read More
Django Rest Framework -- no module named rest_framework

I've installed django rest framework using pip install djangorestframework yet I still get this error when I run "python3 manage.py sycndb": ImportError: No module named 'rest_framework' I'm using python3, is this my issue?

Read More