0

我实现了自定义身份验证,如文档中所述

# custom_permissions.py

from rest_framework import authentication
from rest_framework import exceptions

class KeyAuthentication(authentication.BaseAuthentication):
    def authenticate(self, request):
        key = request.META.get('Authorization')
        print(key)
        if not key:
            raise exceptions.AuthenticationFailed('Authentication failed.')

        try:
            key = ApiKey.objects.get(key=key)
        except ApiKey.DoesNotExist:
            raise exceptions.AuthenticationFailed('Authentication failed.')

    return (key, None)

在我的设置中:

# settings.py

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'api_server.apps.api_v1.custom_permissions.KeyAuthentication',
    ),
    'DEFAULT_PERMISSION_CLASSES': (
        'rest_framework.permissions.AllowAny',
    ),
}

它在测试期间按预期工作:

def test_1(self):
    client = APIClient()
    client.credentials(X_SECRET_KEY='INVALID_KEY')
    response = client.get('/v1/resource/')
    self.assertEqual(response.status_code, 403)
    self.assertEqual(response.data, {'detail': 'Authentication failed.'})

def test_2(self):
    client = APIClient()
    client.credentials(X_SECRET_KEY='FEJ5UI')
    response = client.get('/v1/resource/')
    self.assertEqual(response.status_code, 200)

但是,当我使用curl本地运行的服务器进行测试时,X_SECRET_KEYrequest.META. 它正在None终端中打印,而收到的密钥是预期的。

$ curl -X GET localhost:8080/v1/resource/ -H "X_SECRET_KEY=FEJ5UI"
{'detail': 'Authentication failed.'}

你能给个提示吗,这可能是什么问题?

4

1 回答 1

2

标头变量是大写的,并以“HTTP_”为前缀。这对 Django 来说是通用的,不知道其他语言/框架。

例如,请参阅https://github.com/tomchristie/django-rest-framework/blob/master/rest_framework/authentication.py#L23

于 2016-10-03T21:20:39.847 回答