drf 认证失败统一响应码
现象
# 兜底认证,直接失败
class NoAuthentication(BaseAuthentication):
def authenticate(self, request):
raise AuthenticationFailed('认证失败')
class AuthenticationFailed(APIException):
status_code = status.HTTP_401_UNAUTHORIZED
default_detail = _('Incorrect authentication credentials.')
default_code = 'authentication_failed'
当认证失败应该显示401,不是403
解决方案(每个认证类加入def authenticate_header)
# 参数取值认证
class ParamsAuthentication(BaseAuthentication):
def authenticate(self, request):
token = request.query_params.get('token')
if not token:
return
return 'szw', token
def authenticate_header(self, request):
return 'API'
# header取值
class HeaderAuthentication(BaseAuthentication):
def authenticate(self, request):
token = request.META.get('HTTP_AUTHORIZATION')
if not token:
return
return 'szw', token
def authenticate_header(self, request):
return 'API'
# 兜底认证,直接失败
class NoAuthentication(BaseAuthentication):
def authenticate(self, request):
raise AuthenticationFailed('认证失败')
def authenticate_header(self, request):
return 'API'