def _token_process_request(self, request):
authorization = request.META.get('HTTP_AUTHORIZATION', '')
token = parse_authorization(authorization)
request.has_bearer = token is not None
if token is None:
client_id = None
session = None
else:
client_id, session = self.authenticate_access_token(token)
request.client_id = client_id
if client_id is None:
request.has_bearer = False
if session:
request.permissions = set(session['_fulmine_scope'])
# This is an active session and we can use it like
# a session provided by django.contrib.sessions,
# and actually persist it.
request.session = session
request.session.dont_persist = False
else:
request.permissions = None
# We're creating a new session because most Django
# apps expect one, but there is no associated user
# so we don't need to actually persist it.
request.session = get_django_session(None)
request.session.dont_persist = True
def authenticate_access_token(self, token):
session_key, secret = parse_bearer(token,
SESSION_KEY_BYTES)
session = get_django_session(session_key)
session.load()
stored_secret = session.get('_fulmine_secret', None)
if stored_secret != secret:
# token does not exist
return None, None
client_id = session.get('_fulmine_client_id', None)
deploy_id = session.get('_fulmine_deploy_id', None)
return client_id, session
def _cookie_process_request(self, request):
# same as django.contrib.sessions
session_key = request.COOKIES.get(settings.SESSION_COOKIE_NAME, None)
request.session = get_django_session(session_key)
