4

I am using Django rest framework-JWT for authentication to handle the protected urls, I am trying to have the UserDetail view protected by using the IsAutchinted class from rest framework, however every time I try to send the generated token I am getting the following response

{
"username": [
    "This field is required."
],
"password": [
    "This field is required."
]
}

I have included Authorization header and as I have set in my header prefix to "JWT"

curl -H "Authorization: JWT <token>" -X PUT  http://localhost:8000/user/3/ -d '{"first_name":"curl_test"}'

the obtain JWT token, refresh,verfiy urls are working fine and generating links, I just can't get JWT to verify username and password using a token instead of the username and password.

here is my view for user details

class UserDetail(APIView):
    permission_classes = (IsOwner, IsAuthenticated)
    """
    Retrieve, update or delete a user instance.
    """

    def get_object(self, pk):
        try:
            return User.objects.get(pk=pk)
        except User.DoesNotExist:
            raise Http404


    def get(self, request, pk, format=None):
        user = self.get_object(pk)
        serializer = UserSerializer(user)
        return Response(serializer.data)

    def put(self, request, pk, format=None):
        user = self.get_object(pk)
        serializer = UserSerializer(user, data=request.data)
        if serializer.is_valid():
            serializer.save()
            user = Profile.objects.get(id=pk)
            user.profile.updated = timezone.now()
            user.save()
            return Response(serializer.data, status=status.HTTP_200_OK)
        return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)

    def delete(self, request, pk, format=None):
        user = self.get_object(pk)
        user.delete()
        return Response(status=status.HTTP_204_NO_CONTENT)

what am I doing wrong? why is it still asking for username and password even when the token is included in the headers?

is the way I am doing the IsAutchinted class correct? or could that be the reason for JWT not working cause I am using rest framework permission classes?

Update: my settings.py

REST_FRAMEWORK = {

    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework_jwt.authentication.JSONWebTokenAuthentication',
        'rest_framework.authentication.BasicAuthentication',
        'rest_framework.authentication.SessionAuthentication',

    ),
    'DEFAULT_PARSER_CLASSES': (
        'rest_framework.parsers.FormParser',
        'rest_framework.parsers.MultiPartParser',
        'rest_framework.parsers.JSONParser',

    )
}
Improve this question
5
  • how did you configure rest framework in the django settings? Especially the DEFAULT_AUTHENTICATION_CLASSES option. Commented Sep 16, 2017 at 9:58
  • I have added to my question, please have a look. Commented Sep 16, 2017 at 13:01
  • interesting - can you test with JSONWebTokenAuthentication only? Simple comment BasicAuthentication and SessionAuthentication for testing purposes, will you be able to access the page? Commented Sep 16, 2017 at 13:21
  • It works on a GET request with no problems but on a PUT request it keep asking me to include the username and password as data ( like when obtaining the token), even though I have the token authorisation prefix is correct, for some reason it is ignoring the header completely Commented Sep 16, 2017 at 18:07
  • Also, when sending the correct username and password on the PUT request- it updates the user, so I am assuming the PUT request code is fine. and all the tutorials I have seen for JWT used a GET request to show that it works, no-one used a PUT request. Commented Sep 16, 2017 at 19:43

1 Answer 1

Reset to default
1

Updating models partially requires you to use the partial attribute when creating the Serializer object as below.

serializer = UserSerializer(user, data=request.data, partial=True)

The error message is definitely not from restframework-jwt library because the it would have been a message along the lines of Invalid username/password.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.