cookies = scope['cookies'] try: cookie_value = cookies[settings.AUTH_TOKEN_KEY] salt = settings.AUTH_TOKEN_KEY + settings.SIGNED_COOKIE_SALT token_key = signing.get_cookie_signer( salt=salt).unsign(cookie_value) except BadSignature: print('Token is tampered') except KeyError: # auth token cookie not set pass scope['user'] = self.get_user(token_key) return self.inner(scope) @database_sync_to_async def get_user(self, key): try: print('Retrieving user for token {}'.format(key)) token = Token.objects.get(key=key) return token.user except Token.DoesNotExist: return AnonymousUser() # set shorthand for TokenAuthMiddleware, since it requires CookieMiddleware TokenAuthMiddlewareStack = lambda inner: CookieMiddleware( TokenAuthMiddleware(inner))
def TenantAuthMiddlewareStack(inner): return CookieMiddleware(SessionMiddleware(TenantAuthMiddleware(inner)))
# https://github.com/django/channels/blob/d5e81a78e96770127da79248349808b6ee6ec2a7/channels/auth.py#L16 if "session" not in scope: raise ValueError( "Cannot find session in scope. You should wrap your consumer in SessionMiddleware." ) session = scope["session"] user: Optional[Dict[str, Any]] = None try: user_id = _get_user_session_key(session) backend_path = session[BACKEND_SESSION_KEY] except KeyError: pass else: if backend_path in settings.AUTHENTICATION_BACKENDS: user = await element_cache.get_element_full_data( "users/user", user_id) if user: # Verify the session session_hash = session.get(HASH_SESSION_KEY) session_hash_verified = session_hash and constant_time_compare( session_hash, user["session_auth_hash"]) if not session_hash_verified: session.flush() user = None return user or {"id": 0} # Handy shortcut for applying all three layers at once AuthMiddlewareStack = lambda inner: CookieMiddleware( # noqa SessionMiddleware(CollectionAuthMiddleware(inner)))
class TokenAuthMiddleware: """ Token authorization middleware for Django Channels 2 """ def __init__(self, inner): self.inner = inner def __call__(self, scope): close_old_connections() cookies = scope['cookies'] if 'user-token' in cookies: token = jwt.decode( cookies['user-token'], settings.SECRET_KEY, algorithms=['HS256'] ) user_id = token['user_id'] try: user = User.objects.get(id=user_id) scope['user'] = user except User.DoesNotExist: scope['user'] = AnonymousUser() return self.inner(scope) TokenAuthMiddlewareStack = lambda inner: CookieMiddleware( # noqa TokenAuthMiddleware(AuthMiddlewareStack(inner)) )