Comments (6)
@chriggi
Yes, currently that's the way to do it. You need to perform 2 separate API calls.
Theoretically you could return profile data in the login view, but you have to remember that in case of token-based authentication you need to return the token as well. There is no canonical way how it is supposed to work (either you should mix the token into the profile data which spoils the schema; or provide additional ugly data "envelope" (a JSON dict, I suppose) to separate the token and profile data).
I'm not a fan of mixing responsibilities of API endpoints. Django REST Registration allows only one exception for this case, which is 'REGISTER_VERIFICATION_AUTO_LOGIN' (which is opt-in). In this case the reason of having the login functionality in register verification was functional, not technical: the user can be logged in automatically after verification and he does not have to re-enter the password.
In case of returning profile data in login the only advantage I see is technical (there is 1 request instead of 2). The user who is trying to log-in does not care about that.
from django-rest-registration.
I am using api through ajax, I logged In getting this '{ "detail": "Login successful" }' but the problem is when I calling profile api this showing me error that I am not authenticated and in chrome developer tools I am not able to see any cookies of sessionid and csrftoken, Now I am unable to solve this problem please tell me the solution. I explained it on stackoverflow I am adding link here: https://stackoverflow.com/questions/56406021/cant-set-cookies-with-ajax-and-django-rest-framework-api-but-with-postman-it-is . please answer me as soon as possible.
from django-rest-registration.
@Jbdealord Generally using Django sessions across different domains (like in your example localhost:63342
and localhost:8000
, where you don't have same origin because the ports differ) will not work, see: https://stackoverflow.com/questions/27216556/how-to-deal-with-a-front-end-that-does-not-share-the-same-domain-in-django
At least this was my experience when I tried to use session based authentication using two domains some time ago (AFAIR meddling with CORS didn't help).
If you're using any development server for javascript, you should rather configure it in a way so it will proxy all calls to http://localhost:63342/api/...
to http://localhost:8000/api/...
from django-rest-registration.
but how postman api tool can get cookies, is it using proxy ? I observed one thing when postman sending request to my server It sending a csrftoken from its side and the rest framework UI also send csrf token with header then they get cookies but I don't know how I can send csrf token from frontend.
I did not understand this if in postman I can login and get cookies then I can also do but how ?
from django-rest-registration.
@Jbdealord
I didn't use postman a lot of time, so I don't have good experience to answer this question. It is possible that your browser has some additional security checks preventing using session cookie cross-domain, like it was mentioned in the SO post I linked above:
While you can work around this slightly with CORS and withCredentials, this may be blocked by default in some browsers.
https://stackoverflow.com/questions/14221722/set-cookie-on-browser-with-ajax-request-via-cors/16634941#16634941
from django-rest-registration.
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.
from django-rest-registration.
Related Issues (20)
- Custom mail templates source HOT 1
- Add ‘REGISTER_RETRIEVE_TOKEN’ HOT 3
- Error messages being stripped out of their codes. HOT 3
- To be able to return a custom response on successful password reset using data from request. HOT 2
- Support for Django 4.x HOT 2
- Please add ability to add user fields to successful login response HOT 4
- Setting to disable new user registration (the `/register` endpoint) HOT 4
- Page not found (404) HOT 6
- Why is there a check for a specific backend? HOT 6
- Remove check for LOGIN_FIELDS being unique HOT 1
- Dependency conflict in development requirements. HOT 2
- Fix type ignore issues
- Swagger generation through generateschema failing with VerifyRegistrationView HOT 2
- 'VerifyRegistrationView' should either include a `serializer_class` attribute, or override the `get_serializer_class()` method HOT 4
- user_activated not invoked HOT 2
- Cannot use a custom registration serializer that has a nested serializer HOT 5
- error while run `make install_dev`, Building wheel for backports-zoneinfo (pyproject.toml) did not run successfully. HOT 5
- Minor suggestion: correct typo in reset password view name HOT 1
- Customized registration process HOT 11
- Django signal user_logged_in is not always fired when login via login endpoint is performed successfully
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from django-rest-registration.