Skip to content
This repository has been archived by the owner on Oct 18, 2019. It is now read-only.

Return None instead of raising AuthenticationFailed #8

Closed
mshenfield opened this issue Mar 8, 2018 · 3 comments · Fixed by #9
Closed

Return None instead of raising AuthenticationFailed #8

mshenfield opened this issue Mar 8, 2018 · 3 comments · Fixed by #9

Comments

@mshenfield
Copy link
Contributor

mshenfield commented Mar 8, 2018
edited
Loading

Based on the API Star Authorization documentation

An authentication class must implement the authenticate method, and should return a subclass of Auth, or None if the request was not authenticated.

This allows having multiple authentication mechanisms, and to globally set JWTAuthentication in the authentication setting w/out it requiring authorization for every endpoint. Right now, setting

settings = {
    'AUTHENTICATION': [JWTAuthentication()],
}

will 401 if a JWT hasn't been set, which doesn't work well for public endpoints.

Version Info:

Python: 3.6
API Star JWT: 0.2.1
API Star: 0.3.9

Thanks for creating this btw - it's been extremely handy for a side project.
@mshenfield mshenfield changed the title Return None instead of raising AuthenticationFailed Return None instead of raising AuthenticationFailed Mar 8, 2018
@audiolion
Copy link
Owner

Ah good point, I will try to get to this on Saturday, if you want to have it earlier feel free to make a PR 👊

@mshenfield
Copy link
Contributor Author

mshenfield commented Mar 8, 2018
edited
Loading

I can take knock it out in the next day or two.

@audiolion
Copy link
Owner

it is pretty much just removing the exceptions.py file, and that exception, and returning None instead, updating tests.

mshenfield added a commit to coreyar/swipe-for-rights-api that referenced this issue Mar 8, 2018
@mshenfield
Issue 2: User votes models and backend
4af6df9 
This adds a UserVote model and API endpoint.

To accomplish this required some extra scaffolding:

* Factories to generate models
* Making IsAuthRequired the default permission
* Addressing audiolion/apistar-jwt#8 - see annotations.py and authentication.py
* Passing JWT tokens to requests - see auth_utils.py

I chose to keep UserVote in a separate collection istead of embedding in the user document or a subset of a Bill document. Can be convinced otherwise.
@mshenfield mshenfield mentioned this issue Mar 8, 2018
Merged
mshenfield added a commit to mshenfield/apistar-jwt that referenced this issue Mar 10, 2018
@mshenfield
8: JWTAuthentication returns None instead of raises
390d84a 
This modifies the JWTAuthentication provider to return None instead of raising an Exception if the token cannot be created, or is invalid.  This matches the expectations outlined in audiolion#8, and closes audiolion#8.

ConfigurationErrors are special cased and allowed to bubble up.  It seems better to have the server crash quickly then to silently not provide authentication for a static and fixable issue.
@mshenfield mshenfield mentioned this issue Mar 11, 2018
Merged
audiolion pushed a commit that referenced this issue Mar 12, 2018
@mshenfield @audiolion
(bugfix) JWTAuthentication returns wrong error on auth failure
58bd256 
JWTAuthentication properly returns None on auth failure.

This modifies the JWTAuthentication provider to return None instead of raising an Exception if the token cannot be created, or is invalid.  This matches the expectations outlined in #8, and closes #8.

ConfigurationErrors are special cased and allowed to bubble up.  It seems better to have the server crash quickly then to silently not provide authentication for a static and fixable issue.

* Add test coverage for ConfigurationError bubbling up
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Issue 8: JWTAuthentication returns None instead of raises mshenfield/apistar-jwt
2 participants
@audiolion @mshenfield