django-restframework-jwt asks for username/password when using JWT token

4
votes

I am using Django rest framework-JWT for authentication to handle the protected urls, I am trying to have the UserDetail view protected by using the IsAutchinted class from rest framework, however every time I try to send the generated token I am getting the following response

{
"username": [
    "This field is required."
],
"password": [
    "This field is required."
]
}

I have included Authorization header and as I have set in my header prefix to "JWT"

curl -H "Authorization: JWT <token>" -X PUT  http://localhost:8000/user/3/ -d '{"first_name":"curl_test"}'

the obtain JWT token, refresh,verfiy urls are working fine and generating links, I just can't get JWT to verify username and password using a token instead of the username and password.

here is my view for user details

class UserDetail(APIView):
    permission_classes = (IsOwner, IsAuthenticated)
    """
    Retrieve, update or delete a user instance.
    """

    def get_object(self, pk):
        try:
            return User.objects.get(pk=pk)
        except User.DoesNotExist:
            raise Http404


    def get(self, request, pk, format=None):
        user = self.get_object(pk)
        serializer = UserSerializer(user)
        return Response(serializer.data)

    def put(self, request, pk, format=None):
        user = self.get_object(pk)
        serializer = UserSerializer(user, data=request.data)
        if serializer.is_valid():
            serializer.save()
            user = Profile.objects.get(id=pk)
            user.profile.updated = timezone.now()
            user.save()
            return Response(serializer.data, status=status.HTTP_200_OK)
        return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)

    def delete(self, request, pk, format=None):
        user = self.get_object(pk)
        user.delete()
        return Response(status=status.HTTP_204_NO_CONTENT)

what am I doing wrong? why is it still asking for username and password even when the token is included in the headers?

is the way I am doing the IsAutchinted class correct? or could that be the reason for JWT not working cause I am using rest framework permission classes?

Update: my settings.py

REST_FRAMEWORK = {

    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework_jwt.authentication.JSONWebTokenAuthentication',
        'rest_framework.authentication.BasicAuthentication',
        'rest_framework.authentication.SessionAuthentication',

    ),
    'DEFAULT_PARSER_CLASSES': (
        'rest_framework.parsers.FormParser',
        'rest_framework.parsers.MultiPartParser',
        'rest_framework.parsers.JSONParser',

    )
}
1
djangodjango-rest-frameworkdjango-rest-framework-jwt
how did you configure rest framework in the django settings? Especially the DEFAULT_AUTHENTICATION_CLASSES option. - hoefling
I have added to my question, please have a look. - Abdul
interesting - can you test with JSONWebTokenAuthentication only? Simple comment BasicAuthentication and SessionAuthentication for testing purposes, will you be able to access the page? - hoefling
It works on a GET request with no problems but on a PUT request it keep asking me to include the username and password as data ( like when obtaining the token), even though I have the token authorisation prefix is correct, for some reason it is ignoring the header completely - Abdul
Also, when sending the correct username and password on the PUT request- it updates the user, so I am assuming the PUT request code is fine. and all the tutorials I have seen for JWT used a GET request to show that it works, no-one used a PUT request. - Abdul

1 Answers

1
votes

Updating models partially requires you to use the partial attribute when creating the Serializer object as below.

serializer = UserSerializer(user, data=request.data, partial=True)

The error message is definitely not from restframework-jwt library because the it would have been a message along the lines of Invalid username/password.