如何使用 Django Rest 框架在 Header 中包含 Token

Question

我正在使用 Token Authentication 使用 Django REST Framework。我在User Registration 期间生成了一个新令牌。我需要将此令牌传递给前端，包括header。这些是我的代码：

settings.py:

INSTALLED_APPS = [
    ...
    'rest_framework',
    'rest_framework.authtoken',
    ...
]

urls.py:（项目级）

urlpatterns = [
    path('admin/', admin.site.urls),
    path('api/', include('accounts.urls')),
    path('api-auth/', include('rest_framework.urls', namespace='rest_framework')),

]

urls.py:（应用级）

urlpatterns = [
    path('signup/', views.Register.as_view({"post":"register"}), name='users'),
    path('login/', views.Login.as_view({"post":"create"}), name='login'),
    path('profile/', views.Profile.as_view({"get":"list"}), name='profile'),

]

views.py:

# Register View
class Register(viewsets.GenericViewSet, mixins.CreateModelMixin,):
   serializer_class = UserRegisterSerializer

   def register(self, request):

      data_dict = self.request.data

      firstname = data_dict['firstname']
      lastname = data_dict['lastname']
      username = data_dict['username']
      email = data_dict['email']
      password = data_dict['password']
      mobile = data_dict['mobile']

      data = userRegistrationModel.objects.create(firstname=firstname, lastname=lastname, username=username, email=email, password=password, mobile=mobile)

      if data:
          user = data.set_password(password)
          data.save()
          token = Token.objects.create(user=data)

          return Response({"message": "Registered Successfully", "code": "HTTP_201_CREATED", "Token": token.key})
      else:
          return Response({"message": "Sorry Try Next Time!!!",  "code": "HTTP_403_FORBIDDEN"})



# Login View
class Login(viewsets.GenericViewSet, mixins.CreateModelMixin,):
    permission_classes = (AllowAny,)
    serializer_class = UserLoginSerializer

    def create(self, request, *args, **kwargs):

        data_dict = self.request.data

        email = data_dict['email']
        password = data_dict['password']

        data = authenticate(email=email, password=password)

        if data:
            users = Token.objects.filter(user=data).first()

            userData = UserRegisterSerializer(data)

            return Response({"message": "Login Successfully",  "code": "HTTP_200_OK", "token": users.key, "user": userData.data})

        else:
            return Response({"message": "Invalid Login",  "code": "HTTP_401_UNAUTHORIZED"})


# Profile View
class Profile(viewsets.ViewSet):
    permission_classes = (IsAuthenticated,)
    serializer_class = UserProfileSerializer

    def list(self, request, pk):
        queryset = userRegistrationModel.objects.get(id=pk)
        serializer_class = UserProfileSerializer
        ...
        ...

This is screenshot of generating the Token

直到这里（在生成新令牌时）它工作得很好。现在，当我在 LoginView 中是 including this Token 时，它不会验证。

有没有最好的方法to send this Token 到前端通过包含在标头或if we can update 以前的令牌通过新令牌in Login View。

我不知道如何使用Django REST Framework 默认authtoken。请指导我使用基于令牌的身份验证的标准流程是什么。

Answer 1

您需要在 Django REST 框架中传递这样的令牌。

KEY :  Authorization
VALUE : Token <token-value>

在你的例子中

return Response(
    {
        "message": "Login Successfully",
        "code": "HTTP_200_OK",
        "Authorization": "Token "+users.key,
        "user": userData.data
    }
)

curl -X GET http://127.0.0.1:8000/api/example/ -H '授权： 令牌 9944b09199c62bcf9418ad846dd0e4bbdfc6ee4b'

参考这个https://www.django-rest-framework.org/api-guide/authentication/#tokenauthentication