#StackBounty: #python #django #mongodb #django-rest-framework #django-views Django Rest Framework not retrieving data from my database

Bounty: 50

I’m creating an API endpoint to retrieve data from a Mongo database, in order to use it on my frontend.

On my project, i’m using two DBs: a sqlite db and the Mongo DB.

In the Mongo database, there is a collection called tst with some data in it. I created the endpoint, but after opening the api on my browser, i see no json data retrieved from the collection, as if it’s not looking in the right place.

Can someone help me find what i’m doing wrong?

Here is my model:

class tst(models.Model):
    id = models.CharField(max_length=100)
    ticker = models.FloatField()

    def save(self, *args, using=None, **kwargs):
        super(tst, self).save(*args, using='dbtwo', **kwargs)

Here is my view:

class tstList(generics.ListCreateAPIView):
    queryset = tst.objects.using('dbtwo').all()
    serializer_class = tstSerializer

Here is the serializer:

class tstSerializer(serializers.ModelSerializer):

    class Meta:
        model = tst
        fields = ('id', 'ticker', )

And the url:

path('tst/', views.tstList.as_view()),

Get this bounty!!!

#StackBounty: #django #django-rest-framework #django-csrf django rest framework – session auth vs token auth, csrf

Bounty: 50

I have DRF set with the default settings. My ajax clients works fine with the session authentication. I want another remote server to consume the same API as the javascript clients.

My login code is simple:

class Login(APIView):
    def post(self, request, *args, **kwargs):

        user = authenticate(username=username, password=password)

        if user is None:
            return Response(status=status.HTTP_401_UNAUTHORIZED)

        login(request, user)
        # ...

The issue is when I use a client from another host, like python requests, I get a CSRF error. According to DRF docs, I think I should use a token authentication instead.


  1. Why do I need token authentication? The sessionid cookie is already a token, why I can’t use it both for ajax clients and software clients? Thus avoid another separate db table for the tokens.

  2. Since I do want to use only session authentication, how to enforce CSRF only for ajax clients?

Get this bounty!!!