[Django]-How Can I Disable Authentication in Django REST Framework

90๐Ÿ‘

โœ…

You can give empty defaults for the permission and authentication classes in your settings.

REST_FRAMEWORK = {
    # other settings...

    'DEFAULT_AUTHENTICATION_CLASSES': [],
    'DEFAULT_PERMISSION_CLASSES': [],
}
๐Ÿ‘คinancsevinc

77๐Ÿ‘

You can also disable authentication for particular class or method, just keep blank the decorators for the particular method.

from rest_framework.decorators import authentication_classes, permission_classes

@authentication_classes([])
@permission_classes([])
@api_view(['POST']) 
def items(request):
   return Response({"message":"Hello world!"})
   
๐Ÿ‘คAashish Soni

34๐Ÿ‘

if you want to disable authentication for a certain class based view, then you can use,

class PublicEndPoint(APIView):
    authentication_classes = [] #disables authentication
    permission_classes = [] #disables permission
    
    def get(self, request):
        pass

This is useful when you want to make only specific endpoints available public.

๐Ÿ‘คSumithran

11๐Ÿ‘

You can also apply it on one specific endpoint by applying it on class or method. Just need to apply django rest framework AllowAny permission to the specific method or class.

views.py

from rest_framework.permissions import AllowAny

from .serializers import CategorySerializer
from catalogue.models import Category   

@permission_classes((AllowAny, ))
class CategoryList(generics.ListAPIView):
    serializer_class = serializers.CategorySerializer
    queryset = Category.objects.all()

You can achieve the same result by using an empty list or tuple for the permissions setting, but you may find it useful to specify this class because it makes the intention explicit.

๐Ÿ‘คUmar Asghar

9๐Ÿ‘

To enable authentication globally add this to your django settings file:

'DEFAULT_AUTHENTICATION_CLASSES': (
    'rest_framework.authentication.TokenAuthentication',
),
'DEFAULT_PERMISSION_CLASSES': (
    'rest_framework.permissions.IsAuthenticated',
),

then add the following decorators to your methods to enable unauthenticated access to it

from rest_framework.decorators import authentication_classes, permission_classes

@api_view(['POST'])
@authentication_classes([])
@permission_classes([])
def register(request):
  try:
    username = request.data['username']
    email = request.data['email']
    password = request.data['password']
    User.objects.create_user(username=username, email=email, password=password)
    return Response({ 'result': 'ok' })
  except Exception as e:
    raise APIException(e)
๐Ÿ‘คRiley Davidson

7๐Ÿ‘

If using APIView you can create a permission for the view, example below:

urls.py

url(r'^my-endpoint', views.MyEndpoint.as_view())

permissions.py

class PublicEndpoint(permissions.BasePermission):
    def has_permission(self, request, view):
        return True

views.py

from permissions import PublicEndpoint

class MyEndpoint(APIView):

    permission_classes = (PublicEndpoint,)

    def get(self, request, format=None):
        return Response({'Info':'Public Endpoint'})
๐Ÿ‘คSlipstream

4๐Ÿ‘

Here is an alternative to simply enable the API forms for development purposes:

settings.py

REST_FRAMEWORK = {
    'DEFAULT_PERMISSION_CLASSES': [
        'rest_framework.permissions.AllowAny'
    ]
}

Django REST framework v3.11.0

๐Ÿ‘คrbento

3๐Ÿ‘

For class view you can do:

from rest_framework.permissions import AllowAny
from rest_framework.response import Response
from rest_framework.views import APIView

class ExampleView(APIView):
    permission_classes = [AllowAny]

    def get(self, request, format=None):
        content = {
            'status': 'request was permitted'
        }
        return Response(content)

For function view you can do:


from rest_framework.decorators import api_view, permission_classes
from rest_framework.permissions import AllowAny
from rest_framework.response import Response

@api_view(['GET'])
@permission_classes([AllowAny])
def example_view(request, format=None):
    content = {
        'status': 'request was permitted'
    }
    return Response(content)

More details at Setting the permission policy

๐Ÿ‘คmPrinC

1๐Ÿ‘

Also, it can be the separate class for the dev.

class DevAuthentication(authentication.BaseAuthentication):
    def authenticate(self, request):
        return models.User.objects.first(), None

And in settings.py:

DEFAULT_AUTHENTICATION_CLASSES = ["common.authentication.DevAuthentication"]
๐Ÿ‘คRoman Rekrut

0๐Ÿ‘

#in settings.py

    REST_FRAMEWORK = {
        'DEFAULT_AUTHENTICATION_CLASSES': (
            'rest_framework.authentication.TokenAuthentication',
        ),
        'DEFAULT_PERMISSION_CLASSES': (
            'rest_framework.permissions.IsAuthenticated',
        ),
        'DEFAULT_PERMISSION_CLASSES': [
       'rest_framework.permissions.AllowAny',
    ]
    
    }



class ListView(APIView):
    authentication_classes = [TokenAuthentication]
    permission_classes = [IsAuthenticated]
    def get(self,request):
        customers = Customer.objects.filter(is_superuser=False)
        serializer = CustomerSerializer(customers, many=True)
        return Response(serializer.data, status=status.HTTP_200_OK)
๐Ÿ‘คuser22787100

Leave a comment