def get_user_object(request):
"""
Return the user model instance associated with the given request session.
If no user is retrieved, return an instance of `AnonymousUser`.
"""
from .models import AnonymousUser
user = None
try:
user_id = _get_user_session_key(request)
backend_path = request.session[BACKEND_SESSION_KEY]
except KeyError:
pass
else:
if backend_path in settings.AUTHENTICATION_BACKENDS:
backend = load_backend(backend_path)
user = backend.get_user(user_id)
# Verify the session
if hasattr(user, 'get_session_auth_hash'):
session_hash = request.session.get(HASH_SESSION_KEY)
session_hash_verified = session_hash and constant_time_compare(
session_hash, user.get_session_auth_hash())
if not session_hash_verified:
request.session.flush()
user = None
return user or AnonymousUser()
def get_user(request):
"""
Returns the user model instance associated with the given request session.
If no user is retrieved an instance of `AnonymousUser` is returned.
"""
user = None
try:
payload = jwt_decode_handler(request.token)
user_id = payload.get('user_id', None)
except (DecodeError, ExpiredSignatureError):
return AnonymousUser()
try:
backend_path = request.session[BACKEND_SESSION_KEY]
user_id_in_session = _get_user_session_key(request)
except KeyError:
user = User.objects.get(pk=user_id)
login(request, user)
backend_path = request.session[BACKEND_SESSION_KEY]
else:
if user_id_in_session != user_id:
user = User.objects.get(pk=user_id)
login(request, user)
backend_path = request.session[BACKEND_SESSION_KEY]
if backend_path in settings.AUTHENTICATION_BACKENDS:
backend = load_backend(backend_path)
user = backend.get_user(user_id)
# Verify the session
if hasattr(user, 'get_session_auth_hash'):
session_hash = request.session.get(HASH_SESSION_KEY)
session_hash_verified = session_hash and constant_time_compare(
session_hash, user.get_session_auth_hash())
if not session_hash_verified:
request.session.flush()
user = None
return user or AnonymousUser()