What middleware for Django's session authentication for graphene-django? #1153
Description
First off, thanks for graphene-django!
Question: how does graphene-django work with Django's session authentication?
For a number of reasons I need to move away from JWT authentication (which was working fine). I implemented a login mutation as follows.
class Login(graphene.Mutation):
# Note: this code is highly simplified for brevity; not safe for production
def mutate(self, info, username, password):
user = authenticate(info.context, username=username, password=password)
if user:
login(info.context, user)
I see that a fresh sessionid is returned. I also see that subsequent calls to graphql include sessionid in the Cookie HTTP header. So far so good. However, subsequent queries and mutations fail to set info.context.user.
I presumably need to set some MIDDLEWARE on GRAPHENE to ensure that request.user is set based on the sessionid for incoming requests. But what is that middleware?
In other words, what is the equivalent of graphql_jwt.middleware.JSONWebTokenMiddleware for Django's session authentication?
I see some previous discussions that come close (for example, #476). However, none seem to answer this question directly.
Some other relevant settings:
AUTHENTICATION_BACKENDS = [
'django.contrib.auth.backends.ModelBackend',
]
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
GRAPHENE = {
'SCHEMA': 'backend.schema.schema',
'SCHEMA_OUTPUT': 'schema/schema.json', # defaults to schema.json,
}