Пример #1
0
    def authenticate(self, request):

        # Add urls that don't require authorization
        token_exempt_urls = [reverse('rest_login')]

        # authenticate only if request path is not in excepted urls
        # first check for existing AUTHORIZATION header
        if not request.META.get('HTTP_AUTHORIZATION') and request.META[
                'PATH_INFO'] not in token_exempt_urls:
            # second check to fetch auth_token from query string (GET params)
            # tolen should be just key without "Token "
            auth_token = request.GET.get('auth_token')
            # either get auth token from cookies
            if auth_token:
                auth_token = 'Token ' + request.GET.get('auth_token')
            else:
                auth_token = request.COOKIES.get('auth_token', '')
            # inject auth token into AUTHORIZATION header to authenticate via standard rest auth
            request.META['HTTP_AUTHORIZATION'] = auth_token

        try:
            res = super().authenticate(request)
        except exceptions.AuthenticationFailed:
            res = None

        # force authentication if auto_login feature is enabled
        if not res and config.auto_login:
            user = get_test_user()
            token, _ = TokenModel.objects.get_or_create(user=user)
            res = (user, token)

        # res = (user, token) for authenticated user otherwise None
        return res
Пример #2
0
    def process_view(self, request, view_func, args, kwargs):

        if config.auto_login:

            path = request.path_info
            if path in settings.AUTOLOGIN_ALWAYS_OPEN_URLS:
                return

            if not request.user.is_authenticated:
                get_test_user()
                user = authenticate(username='******', password='******')
                request.user = user
                login(request, user)

            if request.user.username == 'test_user':
                if any(m.search(path) for m in self.TEST_USER_FORBIDDEN_URLS):
                    return redirect(reverse_lazy('home'))
Пример #3
0
    def authenticate(self, request):
        token_exempt_urls = [reverse('rest_login')]

        if not request.META.get('HTTP_AUTHORIZATION') and request.META['PATH_INFO'] not in token_exempt_urls:
            auth_token = request.GET.get('auth_token')
            if auth_token:
                auth_token = 'Token ' + request.GET.get('auth_token')
            else:
                auth_token = request.COOKIES.get('auth_token', '')
            request.META['HTTP_AUTHORIZATION'] = auth_token
        try:
            res = super().authenticate(request)
        except exceptions.AuthenticationFailed:
            res = None
        if not res and config.auto_login:
            user = get_test_user()
            token, _ = Token.objects.get_or_create(user=user)
            res = (user, token)
        return res