Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unauthorized 401 when loading the page #15

Open
LABETE opened this issue Jul 20, 2015 · 5 comments
Open

Unauthorized 401 when loading the page #15

LABETE opened this issue Jul 20, 2015 · 5 comments

Comments

@LABETE
Copy link

LABETE commented Jul 20, 2015

Hi, implement angular-django-registration-auth but when I load the page a popup is displayed asking me for authentication and when I click cancel an error is displayed: http://127.0.0.1:8000/rest-auth/user Failed to load resource: the server responded with a status of 401 (UNAUTHORIZED)

I clear the cookies and It still is displayed. In django settings REST_FRAMEWORK I have:

'DEFAULT_PERMISSION_CLASSES': [
'rest_framework.permissions.DjangoModelPermissionsOrAnonReadOnly' (here I tried with anothers like AllowAny, IsAuthenticatedOrReadOnly and DjangoModelPermissions with all of them I get the same result)
],
'DEFAULT_AUTHENTICATION_CLASSES': [
'rest_framework.authentication.BaseicAuthentication',
'rest_framework.authentication.SessionAuthentication'
]

Is it an issue? or have I something wrong?

please advise
@onekiloparsec
Copy link

I have a similar issue: 403 (FORBIDDEN) on page load. Investigating. But advice would help...

@adimux
Copy link

adimux commented Jan 25, 2016

If you have incorporated it in your project, it may be the fault of $cookie which changed in angular js 1.4+
https://docs.angularjs.org/api/ngCookies/service/$cookies
You'll have to change for instance $cookies.token to $cookies.get("token") or $cookies.token = value to $cookies.put("token", value)

@cmck
Copy link

cmck commented Feb 1, 2016

Also for Django Rest Framework ensure that TokenAuthentication is added to DEFAULT_AUTHENTICATION_CLASSES so that the Token HTTP request header gets accepted. This solved the issue for me.

@seansmckinley
Copy link

seansmckinley commented Nov 23, 2016
edited
Loading

I have this exact same issue however my settings look more like this:


REST_FRAMEWORK = {
    # Use Django's standard `django.contrib.auth` permissions,
    # or allow read-only access for unauthenticated users.
    'DEFAULT_PERMISSION_CLASSES': (
        'rest_framework.permissions.AllowAny',
    ),
    'DEFAULT_AUTHENTICATION_CLASSES': (
	'rest_framework.authentication.BasicAuthentication',
	'rest_framework.authentication.SessionAuthentication',
        'rest_framework.authentication.TokenAuthentication',
    )
}

I am serving my WSGI application using Apache 2.2 on CentOS. My users can successfully log in and traverse the API endpoints that I have transplanted from this project (using the readme) however, if cookies are cleared, the first time I load the page it prompts me for username and password. Cancelling loads the page, but a request 401s in the console.

I am trying to debug this myself, and will update if I have any significant findings.

@seansmckinley
Copy link

Turns out this is related to django-rest-auth using IsAuthenticated permission class for this particular API view. Changing the permission class to IsAuthenticatedOrReadOnly will result in no check or authentication, and 'authenticated' will for whatever reason then resolve to a truthy value. There is certainly a way to work around this with either a homebrewed django-rest-auth, or better logic in the JS. This should probably be closed as not a bug.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@onekiloparsec @cmck @LABETE @adimux @seansmckinley