在 Django Rest 框架中注销

Question

未能实现用户logout。

这里是代码。我正在尝试从命令行运行 curl -d "" POST http://127.0.0.1:8001/api/v1/users/settings/logout/

但作为回应，我收到了401 error - {"detail": "Authentication credentials were not provided."}。虽然用户已登录。

@action(detail=False, methods=['post'])
def logout(self, request):
    print(999)       #Nothing
    try:
        print(request.user.auth_token)
        request.user.auth_token.delete()
    except (AttributeError):
        pass
    from django.contrib.auth import logout
    logout(request)

    return Response({"success": _("Successfully logged out.")},
                    status=status.HTTP_200_OK)

好像连这个功能都不行了……

from django.contrib.auth import get_user_model

from rest_framework_jwt.authentication import JSONWebTokenAuthentication
from rest_framework import exceptions

from .utils import provide_user_to_sentry


class UserIdAuthenticateMixin:

    def authenticate_credentials(self, payload):
        """
        Returns an active user that matches the payload's user id.
        """
        User = get_user_model()
        user_id = payload.get('user_id')

        if not user_id:
            raise exceptions.AuthenticationFailed('Invalid payload.')

        try:
            user = User.objects.get(pk=user_id)
        except User.DoesNotExist:
            raise exceptions.AuthenticationFailed('Invalid signature.')

        if not user.is_active:
            raise exceptions.AuthenticationFailed('User account is disabled.')

        return user


class JSONWebTokenSentryAuthentication(UserIdAuthenticateMixin, JSONWebTokenAuthentication):
    """Wrapper around ``JSONWebTokenAuthentication``

    In case of successful authentication it reports user id and IP address to sentry for later logging

    Clients should authenticate by passing the token key in the "Authorization"
    HTTP header, prepended with the string specified in the setting
    `JWT_AUTH_HEADER_PREFIX`. For example:

        Authorization: JWT eyJhbGciOiAiSFMyNTYiLCAidHlwIj
    """
    def authenticate(self, request):
        original_response = super().authenticate(request)
        if original_response is None:
            return original_response

        user, _jwt = original_response
        provide_user_to_sentry(request, user)
        return original_response


class UserIdJSONWebTokenAuthentication(UserIdAuthenticateMixin, JSONWebTokenAuthentication):
    """Wrapper around ``JSONWebTokenAuthentication``

    Update authenticate_credentials to check user id.

    Clients should authenticate by passing the token key in the "Authorization"
    HTTP header, prepended with the string specified in the setting
    `JWT_AUTH_HEADER_PREFIX`. For example:

        Authorization: JWT eyJhbGciOiAiSFMyNTYiLCAidHlwIj
    """
    pass

Answer 1

授权

在这个请求之后，我得到了用户的令牌

curl -H "Authorization: JWT Token" -d "email=test@gmail.com&password=password" POST 'http://127.0.0.1:8001/api/v1/users/login/'

注销视图

@action(detail=False, methods=['post'])
def logout(self, request):
    try:
        request.user.auth_token.delete()
    except (AttributeError, ObjectDoesNotExist):
        pass

    django_logout(request)
    return Response(status=status.HTTP_200_OK)

注销请求

curl -d "" -H "Authorization: JWT Token" POST 'http://127.0.0.1:8001/api/v1/users/settings/logout/'