def authenticate(self, request): # Add urls that don't require authorization token_exempt_urls = [reverse('rest_login')] # authenticate only if request path is not in excepted urls # first check for existing AUTHORIZATION header if not request.META.get('HTTP_AUTHORIZATION') and request.META[ 'PATH_INFO'] not in token_exempt_urls: # second check to fetch auth_token from query string (GET params) # tolen should be just key without "Token " auth_token = request.GET.get('auth_token') # either get auth token from cookies if auth_token: auth_token = 'Token ' + request.GET.get('auth_token') else: auth_token = request.COOKIES.get('auth_token', '') # inject auth token into AUTHORIZATION header to authenticate via standard rest auth request.META['HTTP_AUTHORIZATION'] = auth_token try: res = super().authenticate(request) except exceptions.AuthenticationFailed: res = None # force authentication if auto_login feature is enabled if not res and config.auto_login: user = get_test_user() token, _ = TokenModel.objects.get_or_create(user=user) res = (user, token) # res = (user, token) for authenticated user otherwise None return res
def process_view(self, request, view_func, args, kwargs): if config.auto_login: path = request.path_info if path in settings.AUTOLOGIN_ALWAYS_OPEN_URLS: return if not request.user.is_authenticated: get_test_user() user = authenticate(username='******', password='******') request.user = user login(request, user) if request.user.username == 'test_user': if any(m.search(path) for m in self.TEST_USER_FORBIDDEN_URLS): return redirect(reverse_lazy('home'))
def authenticate(self, request): token_exempt_urls = [reverse('rest_login')] if not request.META.get('HTTP_AUTHORIZATION') and request.META['PATH_INFO'] not in token_exempt_urls: auth_token = request.GET.get('auth_token') if auth_token: auth_token = 'Token ' + request.GET.get('auth_token') else: auth_token = request.COOKIES.get('auth_token', '') request.META['HTTP_AUTHORIZATION'] = auth_token try: res = super().authenticate(request) except exceptions.AuthenticationFailed: res = None if not res and config.auto_login: user = get_test_user() token, _ = Token.objects.get_or_create(user=user) res = (user, token) return res