2

I've been spending hours trying to find a way to have Basic HTTP Authentication for one of my views. These are several of the solutions I've tried but have had no success. The request is still be processed even with no authentication. I'm using version 1.4.3 of Django. Here is my Django view:

@csrf_exempt
def facebook(request):
        if request.user.is_authenticated():
                fb_value= ast.literal_eval(request.body)
                queryset = Poster.objects.all().filter(fb_id__in = fb_value.values())
                data = serializers.serialize('json', queryset, fields = ('picture','fb_id',))
                return HttpResponse(data, 'application/javascript')
        else:
                return HttpResponse("This user is not authenticated")

I sent in the request without authentication, and it still returned results. This is not suppose to happen.

Another solution I tried was from a Django Snippet I found called, view by view basic authentication decorator

I made a httpauth.py and copied the code over from the snippet:

from mydjangoapp.httpauth import *

@csrf_exempt
@logged_in_or_basicauth()
def facebook(request):
        fb_value= ast.literal_eval(request.body)
        queryset = Poster.objects.all().filter(fb_id__in = fb_value.values())
        data = serializers.serialize('json', queryset, fields = ('picture','fb_id',))
        return HttpResponse(data, 'application/javascript')

I sent the request without authentication, and it still returned results. After exhausting all options, I turned to Django's very own @login_required decorator:

from django.contrib.auth.decorators import login_required

@csrf_exempt
@login_required
def facebook(request):
        fb_value= ast.literal_eval(request.body)
        queryset = Poster.objects.all().filter(fb_id__in = fb_value.values())
        data = serializers.serialize('json', queryset, fields = ('picture','fb_id',))
        return HttpResponse(data, 'application/javascript')

Here is more information about my settings.py:

MIDDLEWARE_CLASSES = (
        'django.middleware.common.CommonMiddleware',
        'django.contrib.sessions.middleware.SessionMiddleware',
        'django.middleware.csrf.CsrfViewMiddleware',
        'django.contrib.auth.middleware.AuthenticationMiddleware',
        'django.contrib.messages.middleware.MessageMiddleware',
)

AUTHENTICATION_BACKENDS = (
        'django.contrib.auth.backends.ModelBackend',
)

After trying all of these options, I don't know what to do. Is there anything I am missing here?!

Improve this question
7
  • What version of Django are you using? The more details about your environment, the better. Commented May 29, 2013 at 14:58
  • @DavidS I'm using Django 1.4.3 Commented May 29, 2013 at 14:59
  • You should include what middleware you are using in your settings.py file. Commented May 29, 2013 at 14:59
  • @DavidS Thanks for the tips, I'll add it to my question right now. Commented May 29, 2013 at 15:00
  • Since you have session middleware installed, my gut is that you have a cookie set. You should review the docs on middleware session and make sure you don't have something simple like that. docs.djangoproject.com/en/1.4/topics/http/sessions Commented May 29, 2013 at 15:12

1 Answer 1

Reset to default
1

This really isn't much of an answer. I'm sorry that I have to post it here, but the system has cut me off from the comment section.

I don't see any issues with your example with using the @login_required decorator. This is typically how I do it on my Django sites. This leads me to believe that you have 1 of 2 things going on here:

  1. You have a configuration issue in your settings file
  2. During initial testing, you have actually authenticated and created a session.

Again, I don't think your problem is with your code. Please post what you finally determine is the issue so that I (and others) may learn from it.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I've tried every solution and looked through the settings.py to see if I could make any changes. I've up voted your answer. For now I'll leave the question open until an answer can be found :)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.