3

I were following the book Django for APIs by William.S.Vincent. In Chapter 8: User Authentication, I make Implementing token authentication and use dj-rest-auth and django-allauth to make registration. In the book after register the http return 201 created, it created new account and return API auth key token, save that in db. enter image description here

With my it return http 204 no content( not return API auth key token ), it still created a new account but don't create key token for account.

My url.py

urlpatterns = [
path('admin/', admin.site.urls),
path('api/v1/', include("posts.urls")), # v1 for api version 1. (Name for each api route)
path('api-auth/', include('rest_framework.urls')),  # build-in log in/out rest
path("api/v1/dj-rest-auth/", include("dj_rest_auth.urls")), #url for dj_rest_auth
path("api/v1/dj-rest-auth/registration/", include("dj_rest_auth.registration.urls")),

]

My settings.py

INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'django.contrib.sites',

#3party
"rest_framework",
"corsheaders",
"rest_framework.authtoken",
"allauth", 
"allauth.account",  
"allauth.socialaccount", 
"dj_rest_auth",
"dj_rest_auth.registration", 

#local
'accounts.apps.AccountsConfig',
'posts.apps.PostsConfig',]

REST_FRAMEWORK = { # new
"DEFAULT_PERMISSION_CLASSES": [
    "rest_framework.permissions.IsAuthenticated",
],
"DEFAULT_AUTHENTICATION_CLASSES": [
    "rest_framework.authentication.SessionAuthentication",
    "rest_framework.authentication.TokenAuthentication",
],}

I compared with github files both author and found no difference. github:https://github.com/wsvincent/restapiswithdjango/tree/master/ch8-blog-user-auth

Has there been any change to the version? Thank for you time.

Dũng Nguyễn Văn
  • 69
  • 9

1 Answers1

3

Having the same issue, I looked directly at dj_rest_authsource code and saw the following:

File: apps/lib/python3.9/site-packages/dj_rest_auth/registration/views.py

if api_settings.USE_JWT:
    data = {
        'user': user,
        'access_token': self.access_token,
        'refresh_token': self.refresh_token,
    }
    return api_settings.JWT_SERIALIZER(data, context=self.get_serializer_context()).data
elif api_settings.SESSION_LOGIN:
    return None
else:
    return api_settings.TOKEN_SERIALIZER(user.auth_token, context=self.get_serializer_context()).data

Adding SESSION_LOGIN: false in my settings.py solved the issue, and I created a unittest to make sure it doesn't appear again.

File: settings.py

REST_AUTH = {
    'SESSION_LOGIN': False
}

See dj-rest-auth documentation for more details.

File: users.test.py

class ApiUsersTest(TransactionTestCase):
    """ Account retrieve """

    def setUp(self):
        self.client = APIClient()

    def test_registration_new_user(self):
        """
            Create a user using rest-auth and get auth key in response.
        """
        response = self.client.post('/api/v1/rest-auth/registration/', {
            'username': 'test',
            'password1': 'testtest',
            'password2': 'testtest',
            'email': 'test@email.com',
        }, format='json')
        self.assertEqual(response.status_code, status.HTTP_201_CREATED)
        data = response.json()
        # Test if response data key is define, a string, and not empty or blank
        self.assertTrue('key' in data)
sebastienbarbier
  • 6,542
  • 3
  • 29
  • 55
  • 1
    Wow, nice that solved that for me. Thanks a lot! – euh May 08 '23 at 13:54
  • 1
    why should I set `SESSION_LOGIN = False` and disable session authentication? In login, you won't get cookies to the client. I also face the same issue, but I don't think this is the solution we need. – Maruf Khan May 30 '23 at 17:15
  • Agreed with @MarufKhan, this isn't a solution – danzvash Jun 01 '23 at 10:14