Search code examples
djangodjango-rest-frameworkdjango-rest-framework-jwt

django-restframework-jwt asks for username/password when using JWT token

I am using Django rest framework-JWT for authentication to handle the protected urls, I am trying to have the UserDetail view protected by using the IsAutchinted class from rest framework, however every time I try to send the generated token I am getting the following response

{
"username": [
    "This field is required."
],
"password": [
    "This field is required."
]
}

I have included Authorization header and as I have set in my header prefix to "JWT"

curl -H "Authorization: JWT <token>" -X PUT  http://localhost:8000/user/3/ -d '{"first_name":"curl_test"}'

the obtain JWT token, refresh,verfiy urls are working fine and generating links, I just can't get JWT to verify username and password using a token instead of the username and password.

here is my view for user details

class UserDetail(APIView):
    permission_classes = (IsOwner, IsAuthenticated)
    """
    Retrieve, update or delete a user instance.
    """

    def get_object(self, pk):
        try:
            return User.objects.get(pk=pk)
        except User.DoesNotExist:
            raise Http404


    def get(self, request, pk, format=None):
        user = self.get_object(pk)
        serializer = UserSerializer(user)
        return Response(serializer.data)

    def put(self, request, pk, format=None):
        user = self.get_object(pk)
        serializer = UserSerializer(user, data=request.data)
        if serializer.is_valid():
            serializer.save()
            user = Profile.objects.get(id=pk)
            user.profile.updated = timezone.now()
            user.save()
            return Response(serializer.data, status=status.HTTP_200_OK)
        return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)

    def delete(self, request, pk, format=None):
        user = self.get_object(pk)
        user.delete()
        return Response(status=status.HTTP_204_NO_CONTENT)

what am I doing wrong? why is it still asking for username and password even when the token is included in the headers?

is the way I am doing the IsAutchinted class correct? or could that be the reason for JWT not working cause I am using rest framework permission classes?

Update: my settings.py

REST_FRAMEWORK = {

    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework_jwt.authentication.JSONWebTokenAuthentication',
        'rest_framework.authentication.BasicAuthentication',
        'rest_framework.authentication.SessionAuthentication',

    ),
    'DEFAULT_PARSER_CLASSES': (
        'rest_framework.parsers.FormParser',
        'rest_framework.parsers.MultiPartParser',
        'rest_framework.parsers.JSONParser',

    )
}
Solution

  • Updating models partially requires you to use the partial attribute when creating the Serializer object as below.

    serializer = UserSerializer(user, data=request.data, partial=True)

    The error message is definitely not from restframework-jwt library because the it would have been a message along the lines of Invalid username/password.