2

I m trying to integrate token based authentication in DRF(Django version 1.10) but when I hit api-token-auth/ using {"username":"test","password":"123456789"} as mentioned in the doc it is required to return me the Token but I m getting 

{
    "non_field_errors": [
        "Unable to log in with provided credentials."
    ]
}

I have used rest_framework.authtoken in my installed apps also token is getting generated once the user is registered and save in authtoken_token table .

Also in my urls.py of root I m using 

urlpatterns += [
    url(r'^api-token-auth/', authviews.obtain_auth_token),
]

Any help would be appreciated. Also attaching the code

urls.py

urlpatterns += [
    url(r'^api-token-auth/', authviews.obtain_auth_token),
]

settings.py
INSTALLED_APPS = [
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'rest_framework',
    'rest_framework.authtoken',
    'users'
]

users/urls.py


from rest_framework.routers import DefaultRouter
from . import views as user_views
from django.conf.urls import url ,include


router = DefaultRouter()
router.register(r'user', user_views.UserViewSet,base_name="user")
urlpatterns = router.urls
Dheeraj
  • 59
  • 1
  • 10
  • 1
    is there any user with name `test` in db? – Muhammad Hassan Jan 10 '18 at 13:08
  • Hi Hassan ! Yes, "test" is the username stored in my database, as described in api-token-auth documentation(http://www.django-rest-framework.org/api-guide/authentication/) , I have provided {"username":"test","password":"123456789"} as post data from my rest client and instead of getting token with key i m getting non_field_error? – Dheeraj Jan 10 '18 at 19:16
  • show your signup view where you are saving your user. Because this error occurs when your username or password is not correct. – Muhammad Hassan Jan 11 '18 at 05:10
  • class UserViewSet(viewsets.ViewSet): def create(self, request, pk=None): try: print "i m data",type(request.data),request.data serializer = UserSerializer(data=request.data,context={'request':request}) print "hell" if serializer.is_valid(): #serializer.error serializer.save() return Response(serializer.data, status=status.HTTP_201_CREATED) except Exception as e: print "final exception",e – Dheeraj Jan 11 '18 at 05:38
  • The above code saves data successfully into the user table, I have saved the password as it is without hash .Also after saving into user table I have used some code to generate token into authtoken_token table ,which is also working fine. – Dheeraj Jan 11 '18 at 05:42
  • The problem is that you are using password without hash. The `authenticate` function use hashed password for authenticating username and password. So it is unable to authenticate it. You should use hashed password. – Muhammad Hassan Jan 11 '18 at 05:45
  • Thanks Hassan for the update . I m now using from django.contrib.auth.hashers import make_password. in my view and also it is having my password as password = make_password(request.data['password']) & hashed password getting saved also. Still not getting any success with http://127.0.0.1:8000/api-token-auth/ same error "Unable to log in with provided credentials."Can you please do let me know which scheme to use to hash my password and how to do it ? – Dheeraj Jan 11 '18 at 06:36
  • Kindly share view where you are creating your user. You do not need to manuly creating hash of password. `user.set_password('password`)` will work. – Muhammad Hassan Jan 11 '18 at 06:39
  • Hi Hassan, This is my code: class UserViewSet(viewsets.ViewSet): def create(self, request, pk=None): try: user = User.objects.create(username='test', email='test@abc.com',gender='test',full_name='test',country='country') user.set_password('password') user.save() except Exception as e: print "final exception....",e – Dheeraj Jan 11 '18 at 07:19
  • you are welcome. :) – Muhammad Hassan Jan 11 '18 at 10:37

2 Answers2

2

You are probably not hashing your password and saving it as it is. In your view, you should save password like this.

user = User.objects.create(usename='test', first_name='first_name', email='test@abc.com')
user.set_password('password')
user.save()

user.set_password will hash password.

Muhammad Hassan
  • 14,086
  • 7
  • 32
  • 54
  • this is very simple view & user.set_password password is getting saved also for password "password" hash generated into my user table is : pbkdf2_sha256$30000$Vb...so on – Dheeraj Jan 11 '18 at 07:06
1

Thanks Hassan! The issue is resolved . I have used USERNAME_FIELD = 'email' & was using actual username in the post data. Also one more thing I wanted to clarify if anyone can...I m using make_password to hash my password also I can use user.set_password to hash my password in both the cases I m getting token successfully using api-token-auth. Which hashing algorithm or library does DRF authtoken actually using then? or we can hash using any library available Django will automatically decode it ?

Dheeraj
  • 59
  • 1
  • 10