I'm building an API back-end with DRF. The user sign-up process is as follows: #9264
              
                Unanswered
              
          
                  
                    
                      MahmoudBayoumi19
                    
                  
                
                  asked this question in
                General
              
            Replies: 0 comments
  
    Sign up for free
    to join this conversation on GitHub.
    Already have an account?
    Sign in to comment
  
        
    
Uh oh!
There was an error while loading. Please reload this page.
-
I'm building an API back-end with DRF. The user sign-up process is as follows:
/api/auth/userendpoint with a POST request to create a user (defaultUsermodel used) resource.is_activeattribute toTrue.The back-end completely works on JWT authentication.
BasicAuthenticationis used only for the JWT creation process. Hence, while making a request to/api/auth/jwt/create, HTTP basic authentication must be performed by sending the base64 encoded string of<username>:<password>asAuthorizationheader.The front-end, after making a request to create a user, also makes another request with the same credentials to retrieve the JWT associated with the user. This is used for authentication for successive requests.
Now, the problem is that the
rest_framework.authentication.BasicAuthenticationclass returns{"detail": "Invalid username/password."}as response whileis_activeisFalse(because the user hasn't verified his email ID with the link sent to the email account).Looking at the class declaration, it seems to be implemented fine and the expected behavior is that the class should return
{"detail": "User is not active."}when the account is inactive.I couldn't figure out how to fix this issue and hence this discussion.
Originally posted by @sakthisanthosh010303 in #9249
I faced same issue and fixed it by using custom authentication but I think it`s a bug
also I am using custom user model and using email instead of username I thing it is better use USERNAME_FIELD in exceptions.AuthenticationFailed Message Response instead of considering that user use username and password for authentication
Beta Was this translation helpful? Give feedback.
All reactions