Csrf_exempt

[Soumen Khatua]

Hi Folks,

In django rest framework,I extend the LoginApiView(APIView) but when I'm passing username and password in browser it logn successfully but in post man I'm getting :

{
    "detail": "CSRF Failed: CSRF token missing or incorrect."
}

Do I need to use csrf_exempt inside APIView(post) request?

If yes, then why it is working some times?

Thank you in advance

Regards,

Soumen

[Suraj Thapa FC]

Code...? 

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAPUw6WZC3C9WVFwGskF8uYs3pqM0fQLe9MKsqgr4FvNzxzELmw%40mail.gmail.com.

[Soumen Khatua]

class LoginView(APIView):
    # permission_classes = (AllowAny,)
    def post(self, request, format=None):
        data = request.data
        email = data.get('email',None)
        password = data.get('password',None)
        phone_number = data.get('phone_number')

        if email is not None:
            if '@' in email:
                try:
                    user_obj = User.objects.filter(email__iexact = email)
                    if user_obj.exists() and user_obj.first().check_password(password):
                        # user = UserLoginSerializer(user_obj)
                        user = authenticate(email = email, password = password)
                        login(request, user)
                        return Response({"details":"login successfully"},status = status.HTTP_200_OK)
                    return Response({"details":"Please signup first"},status = status.HTTP_404_NOT_FOUND)

                except User.DoesNotExist:
                    return Response(status = status.HTTP_404_NOT_FOUND,deatils = "user not found")

        elif phone_number is not None:
            try:
                user_obj = User.objects.filter(phone_number__iexact = phone_number)

                if user_obj.exists() and user_obj.first().check_password(password):
                    email = user_obj[0].email
                    user = authenticate(email = email, password = password)
                    login(request,user)
                    return Response({"details":"login successfully"},status = status.HTTP_200_OK)
            except User.DoesNotExist:
                return Response({"deatils": "user not found"},status = status.HTTP_404_NOT_FOUND)

To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAPjsHcEfamWnYiQbK914Y0SV2whkOXFthb3ZvOjBv2aw1-GL6A%40mail.gmail.com.

[Integr@te System]

Hi Sounen,

Inspect this link for which type and setting you like to work with.

https://www.django-rest-framework.org/api-guide/authentication/#sessionauthentication

Nice.

To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAPUw6WZt0_TRLF-ZaFrqJvbcejuqaD_DVD4Z1%2B%3DpZhAwPzT1fA%40mail.gmail.com.

[Soumen Khatua]

post method is working on browser but I'm getting the error in post man?

To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAP5HUWrKP32KSfo8AM01zW0PWbgK51Fd%2B-uBaC1BKvauoDGKNA%40mail.gmail.com.

[Riyasutheen A]

Hi,

Use postman interceptor extension in your browser to get correct csrf token in postman as well.

Thanks

To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAPUw6WZRxF3qZV6__U8UCqJDz6o_nF5k0yOny3n0bnYQuFGRJQ%40mail.gmail.com.

[Soumen Khatua]

can you tell me How Can I do that?

Is it necessary ton use csrf_exempt in APIView for login operation or signup operation? 

To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAN57Vood%2Bq7GAFVQkGYtuenojkLW-cOC_KtX47ttM4P5VtRn5g%40mail.gmail.com.