I am trying to restrict dashboard access only, which can be viewed only when the token is passed into the header but...
if request.method == "POST": user_name = request.POST['user_name'] name = request.POST['first_name'] lastname = request.POST['last_name'] designation = request.POST['designation'] password = request.POST['password'] email = request.POST['email'] user = MyUser(username=user_name, first_name=name, last_name=lastname) user.set_password(password) user.save() obj = Employee(user=user, first_name=name, last_name=lastname, designation=designation, email=email, isactive=False) obj.save() current_site = get_current_site(request) # mail_subject = 'Activate your account.' # message = render_to_string('Auth/email_template.html', { # 'user': user, # 'domain': current_site.domain, # 'uid': urlsafe_base64_encode(force_bytes(user.id)), # 'token': account_activation_token.make_token(user), # }) # to_email = email # send_mail(mail_subject, message, settings.EMAIL_HOST_USER, [to_email]) obj, create = Token.objects.get_or_create(user=user) return JsonResponse(obj.key, safe=False) login view
@csrf_exempt @api_view(['GET', 'POST']) def login_in(request): if request.method == 'POST': name = request.data['first_name'] password = request.data['password'] user = authenticate(username=name, password=password) if user is not None: login(request, user) tok = Token.objects.get(user=request.user) return JsonResponse(tok.key, safe=False) else: print('Not authenticated') return render(request, 'Auth/user.html') Dashboard view
@api_view(['GET']) @permission_classes([IsAuthenticated]) def dash_board(request): if request.method == 'GET': print(request.user.is_authenticated) return render(request, 'Auth/dashboard.html', { 'user': request.user, }) Response I am getting from thunder client
{ "detail": "Authentication credentials were not provided." } I am passing request headers using thunder client in which Authorization header is set to
Token d2ed0c39f31bb1c080753bkldd0f4c0ab96b5a07 
token (key)Tokennotbearer