Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Can't login with email - CSRF error

See original GitHub issue

I am using django 1.9 trying to login with email by the help of a rest client (non-browser, so no cookies) for sending this credentials as post to /rest-auth/login/

{
    "email" : "whatever@world.com",
    "password": "hello"
}

For doing so I had to add this block in settings accoring to the allauth docs:

AUTHENTICATION_BACKENDS = (
    # `allauth` specific authentication methods, such as login by e-mail
    'allauth.account.auth_backends.AuthenticationBackend',
)

And these settings:

ACCOUNT_EMAIL_REQUIRED = True
ACCOUNT_USERNAME_REQUIRED = False
ACCOUNT_AUTHENTICATION_METHOD = 'email' # (="username" | "email" | "username_email)
ACCOUNT_EMAIL_VERIFICATION = 'optional'

Now everytime I post I get back

{"detail":"CSRF Failed: CSRF token missing or incorrect."}

The only two ways to get rid of the error are 1 Get rid of this line 'allauth.account.auth_backends.AuthenticationBackend', or get removing the tuple AUTHENTICATION_BACKENDS altogether. The problem is that by doing so I won’t be able to login with email anymore.

2 Comment the Rest Session Authentication setting:

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': (
        # 'rest_framework.authentication.SessionAuthentication',
        'rest_framework.authentication.TokenAuthentication',
    )
}

I wonder if this line was meant only for the demo purposes or is it necessary in case of pure REST usage?

-> What are the correct settings for email login using pure REST calls?

Issue Analytics

State:
Created 8 years ago
Comments:24 (6 by maintainers)

Top GitHub Comments

31reactions

LeonardoGentilecommented, Jan 22, 2016

My fix:

# myapp.urls

from views import LoginViewCustom

urlpatterns = [
    # NOTE: first defined first served order
    url(r'^rest-auth/login/$', LoginViewCustom.as_view(), name='rest_login'),
    url(r'^rest-auth/', include('rest_auth.urls')),
]

# myapp.views.py

from rest_framework.authentication import TokenAuthentication
from rest_auth.registration.views import LoginView

class LoginViewCustom(LoginView):
    authentication_classes = (TokenAuthentication,)

To the creators, if this is a real fix I will then provided a PR

14reactions

divickcommented, Sep 1, 2016

@Akay7 I can’t understand what you write. Could you please write in proper english.