禁止（CSRF令牌缺失或不正确。）：/api/token/refresh/

发布于 2025-02-14 00:40:14 字数 1238 浏览 0 评论 0原文

在视图中使用@csrf_protect装饰器时，我遇到了错误“禁止（CSRF令牌缺失或不正确）：/api/token/token/refresh/'

views.pys.pys.py

@api_view(['POST'])
@renderer_classes([CustomizeJSONRenderer])
@csrf_protect
def refresh_token_view(request):
    refresh_token = request.COOKIES.get('refreshtoken')
    # check valid refresh token
    if refresh_token is None:
       raise exceptions.AuthenticationFailed('Authentication credentials were not 
                                              provided, please login.')

    try:
        payload = jwt.decode(refresh_token, settings.REFRESH_TOKEN_SECRET, 
                             algorithms=['HS256'])
    except jwt.ExpiredSignatureError:
           raise exceptions.AuthenticationFailed('expired refresh token, please login 
                                                  again.')

    user = User.objects.filter(id=payload.get('user_id')).first()
    # check valid user
    if user is None:
       raise exceptions.AuthenticationFailed('user not found.')
       if not user.is_active:
           raise exceptions.AuthenticationFailed('user is inactive.')

    access_token = generate_access_token(user) # create new access token
    return Response({'access_token': access_token})

原文

When using the @csrf_protect decorator in the view, I encountered the error "Forbidden (CSRF token missing or incorrect): /api/token/refresh/"

views.py

@api_view(['POST'])
@renderer_classes([CustomizeJSONRenderer])
@csrf_protect
def refresh_token_view(request):
    refresh_token = request.COOKIES.get('refreshtoken')
    # check valid refresh token
    if refresh_token is None:
       raise exceptions.AuthenticationFailed('Authentication credentials were not 
                                              provided, please login.')

    try:
        payload = jwt.decode(refresh_token, settings.REFRESH_TOKEN_SECRET, 
                             algorithms=['HS256'])
    except jwt.ExpiredSignatureError:
           raise exceptions.AuthenticationFailed('expired refresh token, please login 
                                                  again.')

    user = User.objects.filter(id=payload.get('user_id')).first()
    # check valid user
    if user is None:
       raise exceptions.AuthenticationFailed('user not found.')
       if not user.is_active:
           raise exceptions.AuthenticationFailed('user is inactive.')

    access_token = generate_access_token(user) # create new access token
    return Response({'access_token': access_token})

分享到QQ

分享到微博