Authentication problem

Now think about a login POST request. What does it return for valid username & password?

The answer is token, but I think it should be better if it returns user data (username, email, last_name etc.) So let's do it. From previous expirience you have to know that the first thing is read documentation and try to find something useful to solve problem. (JWT_RESPONSE_PAYLOAD_HANDLER). Good luck! (commit #9)

Authentication required

Since we use Token authenticatoin every request has to include token in it's header. But our users request allows to do everything without authentication. So let's fix it. The fisrt thing is reading documentation and try to find something usefull.

You have found that DEFAULT_PERMISSION_CLASSES has set correct. So what's the problem?

REST_FRAMEWORK ={
    # ...
    'DEFAULT_PERMISSION_CLASSES': [
        'rest_framework.permissions.IsAuthenticated',
    ],
    # ...
}

Then look at the views.py file in users application. You see that every view has own permission classes.

permission_classes = (IsUserOrReadOnly,)
permission_classes = (AllowAny,)

To solve it just remove them.commit #10

Avoid copy/paste in POSTMAN

Login and insert token to the HEADER for the users request.Forexample:

Our application requires authentication token for every request. So it's not easy to copy/paste everytime you change remove or change currentuser. You have to paste token for every request header and what if token will change. That's boring and since we are lazy developers have to find away to avoid it. Fortunately POSTMAN can help us. Look at the picture below:

We can test our REST API and set environment variables. In the right side there are some snippets you may need. So we set token, user_id.Now use them like in our request.

Then your POSTMAN should look like this:

Finish Authentication Application

We have to improve our authentication system cause we have some probles described below.

  1. Token expiration time. Default JWT_EXPIRATION_DELTA (read documentation) isdatetime.timedelta(seconds=300)(5 minutes). It means that token lives 5 minutes in other words every user has to login every 5 minutes. Just changing that time fixes this problem. commit #11
  2. Refreshing token.

PyCharm connecting to database

It's available to connect to the database with PyCharm. You can google it or find here.

results matching ""

    No results matching ""