{'detail': 'Authentication credentials were not provided.'} django rest framework

昨天手动测试 djangorestframework时，遇到 403 {'detail': 'Authentication credentials were not provided.'} 的问题，今天自动测试又遇到了，所以记录一下：

一、手动提交时，我是这样解决问题的：

http -a user:password POST http://127.0.0.1:8000/snippets/ code="print('well done')"

或

http -a user:password POST :8000/snippets/ code="print('well done')"

其中user和password是用户名和密码，通过./manage.py createsuperuser创建的，后面的code=XXX是要提交的数据。

----------------------------------

解决手动问题时，踩过的“坑”：
一开始的解决方法比较二，是按照django rest framework 的官网来的 http://www.django-rest-framework.org/api-guide/authentication/#apache-mod_wsgi-specific-configuration
1、settings中的INSTALLED_APPS添加这个：

INSTALLED_APPS = (
...
'rest_framework.authtoken'
)

2、python manage.py shell中生成token.key

from rest_framework.authtoken.models import Token
from django.contrib.auth.models import User
token = Token.objects.create(user=User.objects.get(username='user')
print(token.key)

3、使用这个key来curl，终端中运行：

curl -X POST -d '{"title":"a","code":"print a"}'  http://127.0.0.1:8000/api/example/ -H 'Authorization: Token 9944b09199c62bcf9418ad846dd0e4bbdfc6ee4b'

二、自动测试python manage.py test时，是这样解决的：

1、要用create_superuser，而不是直接create或create_user

User.objects.create_superuser(username='user', email='', password='password')

再次test就ok了。

通过这次排错，对django的User和rest_framework都有了进一步了解。心得：当百度或Google无法直接找到答案时，就应该多从代码本身和官方文档、源码找寻了。

详细代码如下：（仅附snippets.test，其他的直接git clone https://github.com/encode/rest-framework-tutorial  ）

#(ENV) $ cat snippets/tests.py
from django.urls import reverse
from rest_framework import status
from rest_framework.test import APITestCase
from django.contrib.auth.models import User
from .models import Snippet

class SnippetTests(APITestCase):
    def setUp(self):
        self.user1 = dict(username='user', email='', password='password')
        User.objects.create_superuser(**self.user1)
        self.client.login(**self.user1)

        self.user2 = dict(username='zwj', email='', password='123456')
        User.objects.create_superuser(**self.user2)

        self.url = reverse('snippet-list')
        self.data = {'code': 'print("good")', 'title': 'nowaday'}

    def test_create_snippet(self):
        response = self.client.post(self.url, self.data)
        self.assertEqual(response.status_code, status.HTTP_201_CREATED)
        self.assertEqual(Snippet.objects.count(), 1)
        self.assertEqual(Snippet.objects.get().title, self.data['title'])

    def test_update_snippet(self):
        response = self.client.post(self.url, self.data)
        snippet = Snippet.objects.get()
        snippet.title = 'newtitle'
        snippet.save()
        response_data_dict = eval(str(response.data))
        res = self.client.get(response_data_dict['url'])
        self.assertEqual('newtitle', eval(str(res.data))['title'])

        # user2 cannot change the snippet whoes owner is user1
        self.client.logout()
        self.client.login(**self.user2)
        snippet = Snippet.objects.get()
        snippet.title = 'anothertitle'
        snippet.save()
        res = self.client.get(response_data_dict['url'])
        self.assertEqual('newtitle', eval(str(res.data))['title'])