Reputation: 2074
Request object has no attribute 'oauth2_error' in DRF + DOT
I'm using djangorestframework and django-oauth-toolkit for my API.
I have a fairly simple user logout view, which supports both DOT logout with token revoking and regular Django session logout:
class UserLogoutView(APIView):
permission_classes = (IsAuthenticated,)
@staticmethod
def post(request):
logout(request)
if request.auth is None:
return Response('OK')
app = request.auth.application
client_id = app.client_id
client_secret = app.client_secret
token = request.auth.token
r = requests.post(settings.OAUTH_URL.format('revoke-token'), data={
'client_id': client_id,
'client_secret': client_secret,
'token': token,
})
if r.status_code != 200:
raise AuthenticationFailed('Failed to revoke token')
return Response('OK')
If something is wrong with token revoking I expect to get a 401 response with error, but instead I get an error on my server side (which is the result of raising AuthenticationFailed as states the traceback):
AttributeError: 'Request' object has no attribute 'oauth2_error'
I suppose something is wrong with exception handling of DRF + DOT combination, but how to fix it?
UPD: Everything in my settings.py related to DRF, authentication or DOT:
INSTALLED_APPS = [
...
'rest_framework',
'oauth2_provider',
...
]
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
AUTHENTICATION_BACKENDS = [
'oauth2_provider.backends.OAuth2Backend',
'django.contrib.auth.backends.ModelBackend',
'guardian.backends.ObjectPermissionBackend',
]
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'oauth2_provider.contrib.rest_framework.OAuth2Authentication',
'rest_framework.authentication.SessionAuthentication',
),
}
UPD 2: I tried removing SessionAuthentication from DEFAULT_AUTHENTICATION_CLASSES and setting my app order according to module documentation (writing rest_framework after oauth2_provider), everything with no luck.
Upvotes: 0
Views: 1163
Answers (1)
Reputation: 101
I had the same problem and found a solution: There is a bug in django-oauth-tookit 1.2.0 (see https://github.com/jazzband/django-oauth-toolkit/pull/716) which has already been fixed in the master branch. Unfortunately, there is no new release, so I had to subclass OAuth2Authentication and provide the missing attribute:
def authenticate_header(self, request):
request.oauth2_error = {}
return super().authenticate_header(request)
Upvotes: 0
Related Questions
- DRF auth_token: "non_field_errors": [ "Unable to log in with provided credentials."
- DRF responses me by 403 error when I try to request as a client [Client Credential grant]
- KeyError 'request' in DRF
- DRF 'ObtainAuthToken' object has no attribute 'request'
- Django DRF with oAuth2 using DOT (django-oauth-toolkit)
- DRF request.data has no attribute _mutable
- Authentication credentials were not provided drf
- ValueError - How to Extend OAuth2 Application Model - Django
- DRF - Get not allowed
- In DjangoRestFramework(DRF), name 'request' is not defined