django angular anonymous user

Question

I am sending an $http get request from my angular client to my Django backend, where (request.user) gives me Anonymous. Because of this I can do anything on server side.

I am using django-rest-auth on django side and angular-django-registration-auth on client side to do authentication. Authentication itself is successful- I can login and retrieve username, email id on client side sent from server.

My request looks like following:

 var url = "http://localhost:8000/api/exercises/get_exercise/" + exerciseType + "/";

   $http({
            url: url,
            method: 'GET',
            headers: {'X-CSRFToken': $cookies['csrftoken']}
        })

          .success(function(response){

            console.log(response);

           });
      }) 

In my app config I have following line added:

$httpProvider.defaults.withCredentials = this.use_session;

The request headers as seen from my chrome browser console are as follows:

Accept:application/json, text/plain, */*
Accept-Encoding:gzip, deflate, sdch
Accept-Language:de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4,en-GB;q=0.2
Authorization:Token eb979cb6f179dd2d9056023685e2d02e4e65a58e
Connection:keep-alive
Host:localhost:8000
Origin:http://localhost:8100
Referer:http://localhost:8100/
User-Agent:Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.87 Safari/537.36

If I hit the same url from my django api endpoint directly at 'http://127.0.0.1:8000/api/exercises/get_exercise/2/' where my django server is running it is successful and request headers are as follows:

Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding:gzip, deflate, sdch
Accept-Language:de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4,en-GB;q=0.2
Cache-Control:max-age=0
Connection:keep-alive
Cookie:csrftoken=GDco30gJ9vki6LDtqJSuQh9hGB0aXp84;     sessionid=94xfwx9zvr4pgd1wx9r0nemjwmy3mowi
Host:127.0.0.1:8000
Upgrade-Insecure-Requests:1
User-Agent:Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.87 Safari/537.36

The difference I see is that the successful request sends cookies and session info, where as it is missing from the request sent from my angular app.

What is the reason and the workaround?

My Django settings.py has following:

REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
    'rest_framework.authentication.BasicAuthentication',
    'rest_framework.authentication.SessionAuthentication',
    'rest_framework.authentication.TokenAuthentication',
),
'DEFAULT_PERMISSION_CLASSES': (
    'rest_framework.permissions.IsAuthenticated',
),

}

My django view looks like following:

from django.contrib.auth.models import User
from rest_framework.authentication import TokenAuthentication,     SessionAuthentication, BasicAuthentication
from rest_framework.permissions import IsAuthenticated
from rest_framework.response import Response
from rest_framework.views import APIView
from rest_framework.decorators import api_view
from rest_framework.decorators import authentication_classes
from rest_framework.decorators import permission_classes 

class JSONResponse(HttpResponse):
authentication_classes = (SessionAuthentication, BasicAuthentication)
permission_classes = (IsAuthenticated,)
"""
An HttpResponse that renders its content into JSON.
"""
def __init__(self, data, **kwargs):
    content = JSONRenderer().render(data)
    kwargs['content_type'] = 'application/json'
    super(JSONResponse, self).__init__(content, **kwargs)

#view to get a specific exercise for a particular user
def get_single_exercise_for_user_id(request, exerciseId):

  results = Exercise_state_ui_model.fetch_exercises(request.user.id, exerciseId)

  serializer = ExerciseStateSerializer(results, many=True)
  return JSONResponse(serializer.data)

Answer 1

Authorization:Token eb979cb6f179dd2d9056023685e2d02e4e65a58e

Makes me think you need to enable token authentication on that view.

#view to get a specific exercise for a particular user
@api_view(('GET',))
def get_single_exercise_for_user_id(request, exerciseId):

     results = Exercise_state_ui_model.fetch_exercises(request.user.id, exerciseId)

     serializer = ExerciseStateSerializer(results, many=True)
     return Response(serializer.data)