I'm building an API back-end with DRF. The user sign-up process is as follows: #9264
Unanswered
MahmoudBayoumi19
asked this question in
General
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I'm building an API back-end with DRF. The user sign-up process is as follows:
/api/auth/user
endpoint with a POST request to create a user (defaultUser
model used) resource.is_active
attribute toTrue
.The back-end completely works on JWT authentication.
BasicAuthentication
is used only for the JWT creation process. Hence, while making a request to/api/auth/jwt/create
, HTTP basic authentication must be performed by sending the base64 encoded string of<username>:<password>
asAuthorization
header.The front-end, after making a request to create a user, also makes another request with the same credentials to retrieve the JWT associated with the user. This is used for authentication for successive requests.
Now, the problem is that the
rest_framework.authentication.BasicAuthentication
class returns{"detail": "Invalid username/password."}
as response whileis_active
isFalse
(because the user hasn't verified his email ID with the link sent to the email account).Looking at the class declaration, it seems to be implemented fine and the expected behavior is that the class should return
{"detail": "User is not active."}
when the account is inactive.I couldn't figure out how to fix this issue and hence this discussion.
Originally posted by @sakthisanthosh010303 in #9249
I faced same issue and fixed it by using custom authentication but I think it`s a bug
also I am using custom user model and using email instead of username I thing it is better use USERNAME_FIELD in exceptions.AuthenticationFailed Message Response instead of considering that user use username and password for authentication
Beta Was this translation helpful? Give feedback.
All reactions