logo标签列表

Django-rest-framework API测试 403 {'detail': '您无权执行此操作。'}

pythondjangodjango-rest-frameworkjwtdjango-tests
3

我目前正在编写一个用于测试我的GET请求的测试,这个GET请求需要在标头中附带JWT访问令牌,我使用django-rest-framework-simplejwt获取该令牌,并将其作为默认的身份验证类来使用。

settings.py:

REST_FRAMEWORK = {
    # Use Django's standard `django.contrib.auth` permissions,
    # or allow read-only access for unauthenticated users.
    'DEFAULT_PERMISSION_CLASSES': [
        'rest_framework.permissions.IsAdminUser',
    ],
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework_simplejwt.authentication.JWTAuthentication',
    ),
    # 'DEFAULT_FILTER_BACKENDS': ('django_filters.rest_framework.DjangoFilterBackend',)
}

我的test_api.py文件:

from rest_framework.test import APITestCase
from rest_framework import status
from rest_framework.test import APIClient 
from django.urls import reverse
from listing.models import Property
from backend.models import User

class PropertyTestCase(APITestCase):
    def setUp(self):
        property_1 = Property.objects.create(title="test", size=322.00, price=8000000, price_rent=300000, price_per_square_meter=500000, price_rent_per_square_meter=20000, description="description 1", type="sell", category="category 1", address="address 1", lat=21.027763, long=105.834160, images=["https://avatars2.githubusercontent.com/u/46511495?s=88&v=4"], contact_name="name 1", contact_address="test address 1", contact_phone="0923512213", contact_email="test@gmail.com", frontend=322, road=32, floor=4, bedroom=5, living_room=6, toilet=2, direction="Nam", balcony="Nam", meta_data={"menu": {"id": "file", "popup": {"menuitem": [{"value": "New", "onclick": "CreateNewDoc()"}, {"value": "Open", "onclick": "OpenDoc()"}, {"value": "Close", "onclick": "CloseDoc()"}]}, "value": "File"}})
        property_1.save()
        property_2 = Property.objects.create(title="test2", size=322.00, price=8000000, price_rent=300000, price_per_square_meter=500000, price_rent_per_square_meter=20000, description="description 2", type="rent", category="category 2", address="address 2", lat=21.027763, long=105.834160, images=["https://avatars2.githubusercontent.com/u/46511495?s=88&v=4"], contact_name="name 2", contact_address="test address 2", contact_phone="0923512213", contact_email="test2@gmail.com", frontend=322, road=32, floor=4, bedroom=5, living_room=6, toilet=2, direction="Nam", balcony="Nam", meta_data={"menu": {"id": "file", "popup": {"menuitem": [{"value": "New", "onclick": "CreateNewDoc()"}, {"value": "Open", "onclick": "OpenDoc()"}, {"value": "Close", "onclick": "CloseDoc()"}]}, "value": "File"}})
        property_2.save()
        self.property_1_id = property_1.id
        self.property_2_id = property_2.id
        self.client = APIClient()

        url = '/api/register'
        data = {
                "username": "dat12@icts.vn",
                "password": "123456",
                "confirm_password": "123456"
        }

        response = self.client.post(url, data=data, format='json')
        self.access_token = response.json()['data']['access']


    def test_list_property_success(self):
        url = '/api/property/'
        data = {
                "page": 1,
                "page_size": 2,
        }

        headers = {
            "Authorization": "Bearer {}".format(self.access_token)
        }
        self.client.credentials(HTTP_AUTHORIZATION='Bearer ' + self.access_token)
        response = self.client.get(url, data=data, format='json', headers=headers)
        print(response.json())
        self.assertEqual(200, response.status_code)

我已经尝试在Postman中使用带有授权头的API,并且它可以正常工作,我还在测试中打印出了访问令牌,该令牌是正确的。

但是当我运行test_list_property_success测试时,当前响应代码为403,并且返回以下响应(在测试中打印出来):

{'detail':'您没有执行此操作的权限。'}

我已经设置self.client.credentials并在get请求中添加了标头,但我不知道还缺少什么。

任何帮助都将不胜感激。

1个回答
4
发现问题所在是因为DEFAULT_PERMISSION_CLASSES设置为管理员用户,因此只能使用管理员角色的token在我的api中使用,所以我更改为:
REST_FRAMEWORK = {
    # Use Django's standard `django.contrib.auth` permissions,
    # or allow read-only access for unauthenticated users.
    'DEFAULT_PERMISSION_CLASSES': [
        'rest_framework.permissions.IsAuthenticated',
    ],
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework_simplejwt.authentication.JWTAuthentication',
    ),
    # 'DEFAULT_FILTER_BACKENDS': ('django_filters.rest_framework.DjangoFilterBackend',)
}

现在它能够工作了

网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接