cookies = scope['cookies']
try:
cookie_value = cookies[settings.AUTH_TOKEN_KEY]
salt = settings.AUTH_TOKEN_KEY + settings.SIGNED_COOKIE_SALT
token_key = signing.get_cookie_signer(
salt=salt).unsign(cookie_value)
except BadSignature:
print('Token is tampered')
except KeyError:
# auth token cookie not set
pass
scope['user'] = self.get_user(token_key)
return self.inner(scope)
@database_sync_to_async
def get_user(self, key):
try:
print('Retrieving user for token {}'.format(key))
token = Token.objects.get(key=key)
return token.user
except Token.DoesNotExist:
return AnonymousUser()
# set shorthand for TokenAuthMiddleware, since it requires CookieMiddleware
TokenAuthMiddlewareStack = lambda inner: CookieMiddleware(
TokenAuthMiddleware(inner))
def TenantAuthMiddlewareStack(inner):
return CookieMiddleware(SessionMiddleware(TenantAuthMiddleware(inner)))
# https://github.com/django/channels/blob/d5e81a78e96770127da79248349808b6ee6ec2a7/channels/auth.py#L16
if "session" not in scope:
raise ValueError(
"Cannot find session in scope. You should wrap your consumer in SessionMiddleware."
)
session = scope["session"]
user: Optional[Dict[str, Any]] = None
try:
user_id = _get_user_session_key(session)
backend_path = session[BACKEND_SESSION_KEY]
except KeyError:
pass
else:
if backend_path in settings.AUTHENTICATION_BACKENDS:
user = await element_cache.get_element_full_data(
"users/user", user_id)
if user:
# Verify the session
session_hash = session.get(HASH_SESSION_KEY)
session_hash_verified = session_hash and constant_time_compare(
session_hash, user["session_auth_hash"])
if not session_hash_verified:
session.flush()
user = None
return user or {"id": 0}
# Handy shortcut for applying all three layers at once
AuthMiddlewareStack = lambda inner: CookieMiddleware( # noqa
SessionMiddleware(CollectionAuthMiddleware(inner)))
class TokenAuthMiddleware:
"""
Token authorization middleware for Django Channels 2
"""
def __init__(self, inner):
self.inner = inner
def __call__(self, scope):
close_old_connections()
cookies = scope['cookies']
if 'user-token' in cookies:
token = jwt.decode(
cookies['user-token'],
settings.SECRET_KEY,
algorithms=['HS256']
)
user_id = token['user_id']
try:
user = User.objects.get(id=user_id)
scope['user'] = user
except User.DoesNotExist:
scope['user'] = AnonymousUser()
return self.inner(scope)
TokenAuthMiddlewareStack = lambda inner: CookieMiddleware( # noqa
TokenAuthMiddleware(AuthMiddlewareStack(inner))
)