2

I have this custom user model:

class CustomUser(AbstractBaseUser,PermissionsMixin):
    email = models.CharField(max_length=255, unique=True)
    ....

And this view that is supossed to require authentication in order to run:

@authentication_classes((TokenAuthentication,))
@permission_classes((IsAuthenticated,))
def test_view(request):
    return HttpResponse("Allowed")

When i launch the url for this, it will always run no matter if i provide credentials or not in my authorization header. My guess is that rest framework is using django's default user model, since the request.user object contains an AnonymousUser instance. But i have checked the database, and the authtoken table is referencing my custom user table.

I thoguht that this should be as simple as my code is, but i guess im missing something. Any ideas?

Edit: here are more details:

settings.py:

INSTALLED_APPS = (
    'myapps',
    ...
    'django.contrib.auth', #should this be enabled?
    ...
    'rest_framework.authtoken'
)
...
#I think this is unnecesary since i use per-view decorators, but...
REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework.authentication.TokenAuthentication',
    )
}

AUTH_USER_MODEL = 'users.CustomUser'

urls.py:

urlpatterns = patterns('',
    ...
    url(r'^test', test_view, name='test'),
    ...
)
Improve this question
2
  • have you set the AUTH_USER_MODEL to your custom user model in your settings.py file? and also show your urls and the url you are trying to request. Commented Nov 11, 2015 at 18:20
  • Anush yes my AUTH_USER_MODEL is set. I added the url file and a few more settings. Commented Nov 11, 2015 at 18:35

2 Answers 2

Reset to default
1

just add @api_view(['GET']) decorator to your view like

from rest_framework.decorators import api_view

@api_view(['GET'])
@authentication_classes((TokenAuthentication,))
@permission_classes((IsAuthenticated,))
def test_view(request):
    return HttpResponse("Allowed")
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Yes, this worked. Didn't know api_view was needed for the others decorators to work. Thanks!
0

Add the following to settings.py

If you're using DRF token Auth:

INSTALLED_APPS = (
    ...
    'rest_framework.authtoken'
)

If you're using JWT Auth:

REST_FRAMEWORK = {
     'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework_jwt.authentication.JSONWebTokenAuthentication',
    ),
    ...
}
Improve this answer

3 Comments

Thanks Serjik, but rest_framework.authtoken is already in my installed apps. And i don't even know what jwt is, so i guess im not using it. I added more details in my question.
JWT=JSON Web Token Authentication, github.com/GetBlimp/django-rest-framework-jwt , I suggest to try, it's my main auth for the project
Looks interesting, i'll give it a try. Thanks!

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.