Django rest framework not authenticating custom user model

Question

I have this custom user model:

class CustomUser(AbstractBaseUser,PermissionsMixin):
    email = models.CharField(max_length=255, unique=True)
    ....

And this view that is supossed to require authentication in order to run:

@authentication_classes((TokenAuthentication,))
@permission_classes((IsAuthenticated,))
def test_view(request):
    return HttpResponse("Allowed")

When i launch the url for this, it will always run no matter if i provide credentials or not in my authorization header. My guess is that rest framework is using django's default user model, since the request.user object contains an AnonymousUser instance. But i have checked the database, and the authtoken table is referencing my custom user table.

I thoguht that this should be as simple as my code is, but i guess im missing something. Any ideas?

Edit: here are more details:

settings.py:

INSTALLED_APPS = (
    'myapps',
    ...
    'django.contrib.auth', #should this be enabled?
    ...
    'rest_framework.authtoken'
)
...
#I think this is unnecesary since i use per-view decorators, but...
REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework.authentication.TokenAuthentication',
    )
}

AUTH_USER_MODEL = 'users.CustomUser'

urls.py:

urlpatterns = patterns('',
    ...
    url(r'^test', test_view, name='test'),
    ...
)

have you set the `AUTH_USER_MODEL` to your custom user model in your settings.py file? and also show your `urls` and the url you are trying to request. — Anush Devendra, Nov 11 '15 at 18:20
Anush yes my AUTH_USER_MODEL is set. I added the url file and a few more settings. — Kilian Perdomo Curbelo, Nov 11 '15 at 18:35

Anush Devendra · Accepted Answer · 2015-11-11T18:57:27.463

1

just add @api_view(['GET']) decorator to your view like

from rest_framework.decorators import api_view

@api_view(['GET'])
@authentication_classes((TokenAuthentication,))
@permission_classes((IsAuthenticated,))
def test_view(request):
    return HttpResponse("Allowed")

edited Nov 11 '15 at 18:57

answered Nov 11 '15 at 18:51

Anush Devendra

5,285
1
32
24

Yes, this worked. Didn't know api_view was needed for the others decorators to work. Thanks! – Kilian Perdomo Curbelo Nov 11 '15 at 18:58

score 0 · Answer 2 · answered Nov 11 '15 at 18:25

0

Add the following to settings.py

If you're using DRF token Auth:

INSTALLED_APPS = (
    ...
    'rest_framework.authtoken'
)

If you're using JWT Auth:

REST_FRAMEWORK = {
     'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework_jwt.authentication.JSONWebTokenAuthentication',
    ),
    ...
}

answered Nov 11 '15 at 18:25

Serjik

10,543
8
61
70

Thanks Serjik, but rest_framework.authtoken is already in my installed apps. And i don't even know what jwt is, so i guess im not using it. I added more details in my question. – Kilian Perdomo Curbelo Nov 11 '15 at 18:32
JWT=JSON Web Token Authentication, https://github.com/GetBlimp/django-rest-framework-jwt , I suggest to try, it's my main auth for the project – Serjik Nov 11 '15 at 18:36
Looks interesting, i'll give it a try. Thanks! – Kilian Perdomo Curbelo Nov 11 '15 at 18:59

Django rest framework not authenticating custom user model

2 Answers2