Django rest framework : creating a user ask for authentication

Question

I was using django user, authentication and permission modules but while making a request to create a new user in the POST request, its asking for authentication.

and I am getting

{
    "detail": "Authentication credentials were not provided."
}

Here is my serializers.py

class UserSerializer(serializers.ModelSerializer):
    class Meta:
        model = User
        fields = ['id', 'username', 'password']

        extra_kwargs = {
            'password' : {
                'write_only':True,
                'required': True
            }
        }
    
    def create(self, validated_data):
        user = User.objects.create_user(**validated_data)
        Token.objects.create(user=user) # create token for the user
        return user

    def update(self, instance, validated_data):
        instance.username = validated_data['username']
        instance.set_password(validated_data['password'])
        instance.save()

        return instance

views.py

class UserViewSet(viewsets.ModelViewSet):
    queryset = User.objects.all()
    serializer_class = UserSerializer

    permission_classes = [IsAuthenticated, IsOwnerOfObject]
    authentication_classes = (TokenAuthentication,)

urls.py

from django.urls import path, include
from .views import UserViewSet
from rest_framework.routers import DefaultRouter

router = DefaultRouter()
router.register('users', UserViewSet, basename = 'users')

urlpatterns = [
    path('api/', include(router.urls)), 
]

i think you are having the same problem with [here](https://stackoverflow.com/questions/26906630/django-rest-framework-authentication-credentials-were-not-provided). Hope it helps — aberkb, Oct 26 '21 at 15:41
my question is different because I am using viewsets along with the user model of django to create the user — Himanshu Poddar, Oct 26 '21 at 15:43

Donghyun Lee · Accepted Answer · 2021-10-27T04:55:22.123

1

It's because permission_classes you set include IsAuthenticated. If you want to make it public with user creation like below example code, then custom Permission class has to be implemented that allows it.


class CustomizedUserPermission(IsAuthenticated):
    def has_permission(self, request, view):
        if view.action == 'create':
            return True
        return super().has_permission(request, view)  
      
class UserViewSet(viewsets.ModelViewSet):
    ...
    permission_classes = [CustomizedUserPermission, ]

updated to override get_permissions class in ViewSet


class UserViewSet(viewsets.ModelViewSet):
    def get_permissions(self): 
        if self.action == 'create': 
                return [] 
        return super().get_permissions()

edited Oct 27 '21 at 04:55

answered Oct 26 '21 at 15:49

Donghyun Lee

166
3

any solution without creating another custom class – Himanshu Poddar Oct 26 '21 at 15:51
I already have custom permission class `class IsOwnerOfObject(permissions.BasePermission): def has_object_permission(self, request, view, obj): return obj == request.user` can it be possible to do something here – Himanshu Poddar Oct 26 '21 at 15:53
You can override get_permissions method in ViewSet class to exclude dynamically permissions by request action then ! – Donghyun Lee Oct 26 '21 at 15:55
how exactly can I do that? – Himanshu Poddar Oct 26 '21 at 15:59
With create action, any other authenticated or object-having permissions should be remove. please refer to updated answer. – Donghyun Lee Oct 26 '21 at 16:03
when its not a create request, why are we returning `super().get_permissions()` shouldn't it be the permission classes that I am using? – Himanshu Poddar Oct 26 '21 at 16:08
also I am getting `AttributeError: 'Request' object has no attribute 'action'` – Himanshu Poddar Oct 26 '21 at 16:09
Can you try with modifying self.request.action to self.action ? – Donghyun Lee Oct 27 '21 at 04:53
1

If it is not for create action, then viewsets will apply other permissions that you declared as permission_classes, which is represented as return super().get_permissions(). – Donghyun Lee Oct 27 '21 at 04:55

Django rest framework : creating a user ask for authentication

1 Answers1