how to be authorized to create an object using django rest framework and CreateAPIView?

Question

I have a problem when I want to create an object using CreateAPIView, I get the message: "detail": "Authentication credentials were not provided.".

I use rest-auth and rest-authtoken apps.

this is what I made so far:

models.py

class CustomUser(AbstractUser):
    objects = CustomUserManager()
    is_normal_user = models.BooleanField(default=False)
    is_corporate_user = models.BooleanField(default=False)

class CompanyProfile(models.Model):
    user = models.OneToOneField(CustomUser, on_delete=models.CASCADE)
    corporate_name = models.CharField(max_length=30)

serializers.py

class CompanyProfileSerializer(serializers.ModelSerializer):
    class Meta:
        model = CompanyProfile
        fields = ['user', 'corporate_name',]
        read_only_fields = ('id',)

views.py

class Authorized_Company_User(permissions.BasePermission):
    def has_permission(self, request, view):
        return bool(request.user and request.user.is_corporate_user)

class CompanyCreateProfileView(generics.CreateAPIView):
    #queryset = CompanyProfile.objects.all()
    serializer_class = CompanyProfileSerializer
    #authentication_classes = (TokenAuthentication,)
    permission_classes = (IsAuthenticated, Authorized_Company_User)

I am wondering if I need to define create function, and use get method to get user authtoken.

In general, you need to provide some authentication data to the api. It could be provided in a cookie or a specific header. Do you have a mechanism to obtain a token in the client and send it to the api for subsequent requests? — Ozgur Akcali, Mar 23 '19 at 19:53
yes, I am using header extension on my web browser. should I depend on that to build my web app? — omeraiman, Mar 24 '19 at 08:08

score 0 · Accepted Answer · answered Mar 24 '19 at 08:22

0

"detail": "Authentication credentials were not provided."

this message is caused by the permission_classes = IsAuthenticated

You need to provide a Token to be able to create.

Add this url from rest_auth app:

re_path(r'^rest_auth/',include('rest_auth.urls'))

then you can use postman to make tests

method :POST
url: http://127.0.0.1:8000/rest_auth/login/
body: {"username":"user", "password":"password"}
headers: Content-Type: Application/json

as response you get

`{"key":"here your token"}`

with this token you can add a new user

method :POST
url: http://127.0.0.1:8000/add_user_url/
body: {"corporate_name":"corporate"}
headers: Content-Type: Application/json
         Authorization: "Token ########here your token########"

And in your CreateAPIView you can assign the user:

class CompanyCreateProfileView(generics.CreateAPIView): 
    def perform_create(self, serializer):
            serializer.save(user=self.request.user)

answered Mar 24 '19 at 08:22

idirall22

316
2
11

I solved authentication token using the answer in this question: https://stackoverflow.com/questions/39695187/how-to-send-headers-in-django-rest-framework-browsable-api – omeraiman Mar 24 '19 at 08:48
just remain one problem, I want the user to only create profile for himself, because I am getting all the users to choose from. thanks. – omeraiman Mar 24 '19 at 08:50
Yes user can create companyProfile by assigning the authenticated user. serializer.save(user=self.request.user) – idirall22 Mar 24 '19 at 09:04
thank you for help. I added this line to the serializer: user = serializers.PrimaryKeyRelatedField( read_only=True, default=serializers.CurrentUserDefault() ) – omeraiman Mar 24 '19 at 12:46

how to be authorized to create an object using django rest framework and CreateAPIView?

models.py

serializers.py

views.py

1 Answers1