我正在为我的 API 使用 djangorestframework 和 django-oauth-toolkit。
我有一个相当简单的用户注销视图,它支持带有令牌撤销的 DOT 注销和常规 Django 会话注销:
class UserLogoutView(APIView):
permission_classes = (IsAuthenticated,)
@staticmethod
def post(request):
logout(request)
if request.auth is None:
return Response('OK')
app = request.auth.application
client_id = app.client_id
client_secret = app.client_secret
token = request.auth.token
r = requests.post(settings.OAUTH_URL.format('revoke-token'), data={
'client_id': client_id,
'client_secret': client_secret,
'token': token,
})
if r.status_code != 200:
raise AuthenticationFailed('Failed to revoke token')
return Response('OK')
如果令牌撤销有问题,我希望得到一个错误的 401 响应,但相反我在服务器端收到一个错误(这是AuthenticationFailed
作为回溯状态引发的结果):
AttributeError: 'Request' object has no attribute 'oauth2_error'
我想 DRF + DOT 组合的异常处理有问题,但是如何解决呢?
UPD:我settings.py
与 DRF、身份验证或 DOT 相关的所有内容:
INSTALLED_APPS = [
...
'rest_framework',
'oauth2_provider',
...
]
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
AUTHENTICATION_BACKENDS = [
'oauth2_provider.backends.OAuth2Backend',
'django.contrib.auth.backends.ModelBackend',
'guardian.backends.ObjectPermissionBackend',
]
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'oauth2_provider.contrib.rest_framework.OAuth2Authentication',
'rest_framework.authentication.SessionAuthentication',
),
}
UPD 2:我尝试根据模块文档(写在之后)删除SessionAuthentication
和设置我的应用程序顺序,一切都没有运气。DEFAULT_AUTHENTICATION_CLASSES
rest_framework
oauth2_provider