All geek questions in one place

Output does not work

I can not exit the current user from the browser mode of the remaining api.

These are my settings.

REST_FRAMEWORK = { 'PAGINATE_BY': 10, 'DEFAULT_AUTHENTICATION_CLASSES': ( 'rest_framework.authentication.BasicAuthentication', 'rest_framework.authentication.SessionAuthentication', 'rest_framework.authentication.TokenAuthentication', ), 'DEFAULT_PERMISSION_CLASSES': ( 'rest_framework.permissions.IsAuthenticated', ), }

Is it because I used sessions? Help Pls.

Request and response headers:

 Request URL:`http://localhost:8000/api/api-auth/logout/?next=/api/city/` Request Method:GET Status Code:302 FOUND Request Headers: --------------- Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding:gzip,deflate,sdch Accept-Language:en-US,en;q=0.8 Connection:keep-alive Cookie:sessionid=j7qebcdjdwzwqlmep4eyq3svuial43uv; csrftoken=vK3Ghn3QFVbCe3nKx1LDZBTzM7sRiDym Host:127.0.0.1:8000 Referer:`http://localhost:8000/api/city/` User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.71 Safari/537.36 Query String Parametersview sourceview URL encoded next:/api/city/ Response Headers ---------------- Content-Type:text/html; charset=utf-8 Date:Mon, 15 Jul 2013 20:46:35 GMT Location:`http://localhost:8000/api/city/` Server:WSGIServer/0.1 Python/2.7.4 Set-Cookie:sessionid=b1x24z93dqu384lqirtv5r9npy16s0qx; expires=Mon, 29-Jul-2013 20:46:35 GMT; httponly; Max-Age=1209600; Path=/ Vary:Cookie
+6
source share
3 answers

I decided! This is because the BasicAuthentication function is enabled. I assume that I logged in through the HTTP login in the browser and the output does not work for this. I removed BasicAuthentication and now everything is working fine.

+12
source

In fact, logging out works, but during a redirect (to a view requiring authentication, since we use IsAuthenticated permission) at the end of logging out, BasicAuth again requests a request using the cached HTTP authentication header information:

 auth = request.META.get('HTTP_AUTHORIZATION', b'')

As the OP said, we can disable BasicAuth and use only SessionAuth. But the fact is that sometimes we may need access to the API without a GUI, instead we can use TokenAuth. Since BasicAuth / TokenAuth is not so secure ( https://tools.ietf.org/html/rfc2617 ), it might be better to use OAuth2 or other more secure authentication schemes. It all depends on the requirements.

+2
source

Today I ran into this problem and solved it by changing the order to the following:

 'DEFAULT_AUTHENTICATION_CLASSES': ( 'rest_framework.authentication.SessionAuthentication', 'rest_framework.authentication.BasicAuthentication', 'rest_framework.authentication.TokenAuthentication', ),
+1
source

Source: https://habr.com/ru/post/949502/

More articles:


All Articles