angular-django-registration-auth icon indicating copy to clipboard operation
angular-django-registration-auth copied to clipboard

Published 20 hours ago verified publisher icon Tivix

Unauthorized 401 when loading the page

Open LABETE opened this issue 10 years ago • 5 comments
trafficstars

Hi, implement angular-django-registration-auth but when I load the page a popup is displayed asking me for authentication and when I click cancel an error is displayed: http://127.0.0.1:8000/rest-auth/user Failed to load resource: the server responded with a status of 401 (UNAUTHORIZED)

I clear the cookies and It still is displayed. In django settings REST_FRAMEWORK I have:

'DEFAULT_PERMISSION_CLASSES': [ 'rest_framework.permissions.DjangoModelPermissionsOrAnonReadOnly' (here I tried with anothers like AllowAny, IsAuthenticatedOrReadOnly and DjangoModelPermissions with all of them I get the same result) ], 'DEFAULT_AUTHENTICATION_CLASSES': [ 'rest_framework.authentication.BaseicAuthentication', 'rest_framework.authentication.SessionAuthentication' ]

Is it an issue? or have I something wrong?

please advise

LABETE avatar Jul 20 '15 15:07 LABETE

I have a similar issue: 403 (FORBIDDEN) on page load. Investigating. But advice would help...

onekiloparsec avatar Oct 20 '15 20:10 onekiloparsec

If you have incorporated it in your project, it may be the fault of $cookie which changed in angular js 1.4+ https://docs.angularjs.org/api/ngCookies/service/$cookies You'll have to change for instance $cookies.token to $cookies.get("token") or $cookies.token = value to $cookies.put("token", value)

adimux avatar Jan 25 '16 02:01 adimux

Also for Django Rest Framework ensure that TokenAuthentication is added to DEFAULT_AUTHENTICATION_CLASSES so that the Token HTTP request header gets accepted. This solved the issue for me.

cmck avatar Feb 01 '16 13:02 cmck

I have this exact same issue however my settings look more like this:


REST_FRAMEWORK = {
    # Use Django's standard `django.contrib.auth` permissions,
    # or allow read-only access for unauthenticated users.
    'DEFAULT_PERMISSION_CLASSES': (
        'rest_framework.permissions.AllowAny',
    ),
    'DEFAULT_AUTHENTICATION_CLASSES': (
	'rest_framework.authentication.BasicAuthentication',
	'rest_framework.authentication.SessionAuthentication',
        'rest_framework.authentication.TokenAuthentication',
    )
}

I am serving my WSGI application using Apache 2.2 on CentOS. My users can successfully log in and traverse the API endpoints that I have transplanted from this project (using the readme) however, if cookies are cleared, the first time I load the page it prompts me for username and password. Cancelling loads the page, but a request 401s in the console.

I am trying to debug this myself, and will update if I have any significant findings.

seansmckinley avatar Nov 23 '16 20:11 seansmckinley

Turns out this is related to django-rest-auth using IsAuthenticated permission class for this particular API view. Changing the permission class to IsAuthenticatedOrReadOnly will result in no check or authentication, and 'authenticated' will for whatever reason then resolve to a truthy value. There is certainly a way to work around this with either a homebrewed django-rest-auth, or better logic in the JS. This should probably be closed as not a bug.

seansmckinley avatar Nov 23 '16 21:11 seansmckinley