Django-rest-framework: Deprecation warning for APIs that do not use auth
Problem
When a site is using DRF without the need for authentication they will likely end up with a Django + 3rd party app list similar to this:
(
'django.contrib.staticfiles',
'rest_framework',
)
Now the problem is that any request to a URL using DRF will produce deprecation warnings from the use of ContentType, Permission, Group and User models from contrib.auth and contrib.contenttypes. Each warning looks similar to the following.
(snip).models.ContentType doesn't declare an explicit app_label and either isn't in an application in INSTALLED_APPS or else was imported before its application was loaded. This will no longer be supported in Django 1.9.
class ContentType(models.Model):
I have confirmed that if Django 1.9a1 is used this warning turns into a runtime error:
Exception Type: RuntimeError
Exception Value:
Model class django.contrib.contenttypes.models.ContentType doesn't declare an explicit app_label and either isn't in an application in INSTALLED_APPS or else was imported before its application was loaded.
Workaround
Use this REST_FRAMEWORK setting to disable the referencing of AnonymousUser
REST_FRAMEWORK = {
'UNAUTHENTICATED_USER': None,
}
ivanvenosdel
All 14 comments
Options:
- Do nothing. We already provide for this use case with the
UNAUTHENTICATED_USERsetting. - Address the issue in Django core - allow
AnonymousUserto be used without raising warnings. - Make the setting default depend on if
django.contrib.authis inINSTALLED_APPSor not.
tomchristie
on 14 Oct 2015
Based on the fact that I love to have working defaults my opinion is:
- 2 is the best choice but will not fix already released django versions.
- 3 is a workaround meanwhile 2 is done (or a fallback if it's rejected).
xordoquy
on 14 Oct 2015
Not sure - I'm a bit lukewarm on 3, but perhaps.
tomchristie
on 14 Oct 2015
Workaround doesn't work for me. Even if I set None for UNAUTHENTICATED_USER setting it still want me to have additional django.contrib packages.
File "/home/ubuntu/venv/lib/python2.7/site-packages/rest_framework/request.py", line 193, in user
self._authenticate()
File "/home/ubuntu/venv/lib/python2.7/site-packages/rest_framework/request.py", line 326, in _authenticate
self._not_authenticated()
File "/home/ubuntu/venv/lib/python2.7/site-packages/rest_framework/request.py", line 337, in _not_authenticated
if api_settings.UNAUTHENTICATED_USER:
File "/home/ubuntu/venv/lib/python2.7/site-packages/rest_framework/settings.py", line 203, in __getattr__
val = perform_import(val, attr)
File "/home/ubuntu/venv/lib/python2.7/site-packages/rest_framework/settings.py", line 146, in perform_import
return import_from_string(val, setting_name)
File "/home/ubuntu/venv/lib/python2.7/site-packages/rest_framework/settings.py", line 160, in import_from_string
module = importlib.import_module(module_path)
File "/usr/lib/python2.7/importlib/__init__.py", line 37, in import_module
__import__(name)
File "/home/ubuntu/venv/lib/python2.7/site-packages/django/contrib/auth/models.py", line 6, in <module>
from django.contrib.contenttypes.models import ContentType
File "/home/ubuntu/venv/lib/python2.7/site-packages/django/contrib/contenttypes/models.py", line 159, in <module>
class ContentType(models.Model):
File "/home/ubuntu/venv/lib/python2.7/site-packages/django/db/models/base.py", line 102, in __new__
"INSTALLED_APPS." % (module, name)
RuntimeError: Model class django.contrib.contenttypes.models.ContentType doesn't declare an explicit app_label and isn't in an application in INSTALLED_APPS.
galuszkak
on 29 Jan 2016
@galuszkak somehow you didn't as api_settings.UNAUTHENTICATED_USER is leading to importing Django's auth models.
xordoquy
on 30 Jan 2016
@xordoquy in my settings I have:
REST_FRAMEWORK = {
'DEFAULT_RENDERER_CLASSES': (
'rest_framework_jsonp.renderers.JSONPRenderer',
),
'EXCEPTION_HANDLER': 'rest_framework.views.exception_handler',
'UNAUTHENTICATED_USER': None
}
So I'm pretty sure that I set that UNAUTHENTICATED_USER...
galuszkak
on 30 Jan 2016
@galuszkak Any luck on solving this?
akroushan
on 5 Aug 2016
@akroushan The traceback above indicates that UNAUTHENTICATED_USER _hadn't_ been set to None.
tomchristie
on 5 Aug 2016
@tomchristie I show You settings that I set it to None, regardless of stacktrace that were my settings.
@akroushan I just went to have temporary sqlite database. Didn't had time to bother with that. I just added this django.contrib.auth even if I don't use it really at all.
galuszkak
on 5 Aug 2016
@galuszkak - I can see a snippet from a settings file, tho I can also see from the traceback that contrib.auth.models _is_ being imported by api_settings.UNAUTHENTICATED_USER so I don't have any way of reconciling that unless I can see an example project that demonstrates the issue.
From my perspective of the "perhaps a different settings file was _actually_ being used", or "perhaps the REST_FRAMEWORK settings had actually been overwritten else in the user project" are both viable options.
If someone can demonstrate how to replicate setting UNAUTHENTICATED_USER to None and still getting this error from REST framework's authentication, then we can investigate further. As it currently stands this remains a documentation issue. (Tho we could even do something nice like catch the runtime error and raise a helpful message in this particular case)
tomchristie
on 5 Aug 2016
@tomchristie I will prepare example with not working solution.
galuszkak
on 5 Aug 2016
That'd be fab, thanks. 馃憤
tomchristie
on 5 Aug 2016
I have met the same question , did it figure out?
yourblue
on 3 Jul 2017
it's still opened.
Would make a nice starting point to contribute to DRF.
xordoquy
on 4 Jul 2017
Related issues
orf
路
3Comments
Lucidiot
路
3Comments
thnee
路
3Comments
aidanlister
路
4Comments
snbuback
路
4Comments