djoser icon indicating copy to clipboard operation
djoser copied to clipboard

Published 20 hours ago verified publisher icon sunscrapers

"detail": "Authentication credentials were not provided." getting this error while posing uid and token

Open Shweta249 opened this issue 2 years ago • 4 comments

I created class based view to access uid and token .

I wish to activate user that created. I am receiving the activation link via email. when I click on link I wish activate that user. But getting error 401 in response and {"detail":"Authentication credentials were not provided."} in content

views.py

class UserActivationView(View):
    def get (self, request, uid, token):
        print('get called in activate_user')
        return render(request, 'activate_user.html')

    def post (request , uid , token ):
        protocol = 'https://' if request.is_secure() else 'http://'
        web_url = protocol + request.get_host()
        post_url = web_url + "/auth/users/activate/"
        post_data = {'uid': uid, 'token': token}
        headers={'Authorization': token}
        result = requests.post(post_url, headers=headers ,data = post_data)
        content = result.text
        return Response(content)

settings.py

DJOSER = {
    'ACTIVATION_URL': "auth/users/activate/" + '{uid}/{token}/',
    'SEND_ACTIVATION_EMAIL': True,
    'SEND_CONFIRMATION_EMAIL': True,
    'PASSWORD_CHANGED_EMAIL_CONFIRMATION': True,
    'USERNAME_CHANGED_EMAIL_CONFIRMATION': True,
    'USER_CREATE_PASSWORD_RETYPE': True, #Designed to propote good programming practice
    'SET_PASSWORD_RETYPE': True, #Designed to propote good programming practice
    'PASSWORD_RESET_CONFIRM_RETYPE': True, #Designed to propote good programming practice
    'LOGOUT_ON_PASSWORD_CHANGE' : True, #Note : Logout only works with token based authentication. djoser 2.10
    'PASSWORD_RESET_SHOW_EMAIL_NOT_FOUND': False, #Please note that setting this to True will expose information whether an email is registered in the system
    'USERNAME_RESET_SHOW_EMAIL_NOT_FOUND': False, #Please note that setting this to True will expose information whether an email is registered in the system
    'HIDE_USERS': True,
    'token': 'djoser.serializers.TokenSerializer',
    'token_create': 'djoser.serializers.TokenCreateSerializer',
    'LOGIN_FIELD': 'email', #Default: User.USERNAME_FIELD where User is the model set with Django’s setting AUTH_USER_MODEL.
     'SERIALIZERS': {
         'user': 'user_profile.serializer.UserSerializer',
     },
}

project / urls.py

path("", include('activate_user.urls')),
re_path(r'^auth/', include('djoser.urls')),
re_path(r'^auth/', include('djoser.urls.authtoken'))`

app / urls.py

re_path(r'^auth/users/activate/(?P<uid>[\w-]+)/(?P<token>[\w-]+)/$', UserActivationView.as_view()),

activate.html

<form action="" method="post">
{% csrf_token %}
<td><button type="submit">Click Here For Activate Account</a></td>
</form>

Shweta249 avatar Sep 06 '21 10:09 Shweta249

Same here. And still yet to fine a way to not require authrntication for this

Acel-01 avatar Feb 09 '22 05:02 Acel-01

the post_url should be post_url = web_url +"/auth/users/activation/" not post_url = web_url + "/auth/users/activate/" so change the endpoint from activate to activation

ashrf288 avatar Aug 06 '22 07:08 ashrf288

Even on "/activation" it gives 401. This is because request is going through http:// i tried on both http and https same data, same url http: it gives 401 https: it works

jahnaviraj avatar May 09 '23 11:05 jahnaviraj

2 possible reason : 1->It's POST request not GET 2-> If is_active= True as default

kedarcode avatar Jul 01 '23 11:07 kedarcode

Hi! Just found a solution (after checking whole documentation - I have found nothing). Documentation provides endpoint /users/activate/ for "User Activate".

I have walked through the djoser package files from routes, views and auth tokens - in views.py of djoser I have found this:

def get_permissions(self): if self.action == "create": self.permission_classes = settings.PERMISSIONS.user_create elif self.action == "activation": self.permission_classes = settings.PERMISSIONS.activation elif self.action == "resend_activation": self.permission_classes = settings.PERMISSIONS.password_reset elif self.action == "list": self.permission_classes = settings.PERMISSIONS.user_list elif self.action == "reset_password": self.permission_classes = settings.PERMISSIONS.password_reset elif self.action == "reset_password_confirm": self.permission_classes = settings.PERMISSIONS.password_reset_confirm elif self.action == "set_password": self.permission_classes = settings.PERMISSIONS.set_password elif self.action == "set_username": self.permission_classes = settings.PERMISSIONS.set_username elif self.action == "reset_username": self.permission_classes = settings.PERMISSIONS.username_reset elif self.action == "reset_username_confirm": self.permission_classes = settings.PERMISSIONS.username_reset_confirm elif self.action == "destroy" or ( self.action == "me" and self.request and self.request.method == "DELETE" ): self.permission_classes = settings.PERMISSIONS.user_delete return super().get_permissions()

there's activation action, not activate. Changing the action route worked so you'll need to change the endpoint you call From: /users/activate/

To: /users/activation/

rafalpietrzakio avatar Aug 02 '23 15:08 rafalpietrzakio