Complete authentication through REST API #68
Comments
|
Any error? This snipped proved to work: from social.apps.django_app.utils import strategy
@strategy()
def register_by_access_token(request, backend):
backend = request.strategy.backend
user = request.user
user = backend.do_auth(
access_token=request.GET.get('access_token'),
user=user.is_authenticated() and user or None
)
...Also an URL with this format is needed: url(r'^register/(?P<backend>[^/]+)/', register_by_access_token) |
|
Thank you for your quick response. With a few tweaks from the snippet given this is the code I have: class AuthViewSet(mixins.CreateModelMixin, viewsets.GenericViewSet):
queryset = User.objects.all()
serializer_class = AuthSerializer
def create(self, request):
serializer = self.get_serializer(data=request.DATA,
files=request.FILES)
if serializer.is_valid():
auth_token = serializer.data['token']
backend = serializer.data['backend']
strategy = load_strategy(request=request, backend=backend)
user = strategy.backend.do_auth(
access_token=auth_token,
user=request.user.is_authenticated() and request.user or None
)
login(request, user)
return Response({'status': 'Done'})When there is no sessionid cookie, no exception is raised, the user is created, a sessionid cookie is created but the user is not logged in. Afterwards visiting a url that requires login or reauthenticating produces the following exception. It behaves the same using the view you provided above. When visiting /login/facebook/ all works as expected. |
|
@simonluijk, instead of calling |
|
Thanks that has solved my issue. |
|
I had the same issue - although a slightly different implementation in the views: # For login with a Facebook account, decorators seems not play well with CBVs...
@strategy()
def auth_by_fb_token(request, backend):
backend = request.strategy.backend
try:
user = backend.do_auth(
access_token=request.GET.get('access_token')
)
except Exception as err:
print err
user = None
if user and user.is_active:
return user# Return anything that makes sense here
else:
return None
class LoginWithFacebook(views.APIView):
permission_classes = (permissions.AllowAny,)
authentication_classes = (UnsafeSessionAuthentication,)
def get(self, request, backend, *args, **kwargs):
uid = request.GET.get("uid", None)
if not uid:
return Response("No UID provided", status=400)
user = auth_by_fb_token(request, backend)
if user:
#login(request, user)
strategy = load_strategy(request=request, backend=backend)
_do_login(strategy, user)
return Response("Login Successful!")
else:
return Response("Bad Credentials, check the Token and/or the UID", status=403)And using I'm astonished about the quality of the code of python-social-auth and how well it integrates (other packages are way too invasive) and how good it works. KEEP ROCKIN' |
|
I'm having a similar issue ("'NoneType' object has no attribute 'get_user'"). When I initially log in via google OpenId for example, it works fine. I can browse my site logged in for a minute or so. Then I start getting this error for every page. I'm using the default django_app/views.py for completing login, which implements _do_login. I notice the only difference I see between _do_login and django's login is _do_login looks for social_user.expiration_datetime(), which in my case is None. I'm not sure if there's something else going on with my middleware which may be mucking things up, but it's looking like my request.user is getting initialized to None thus all middleware I'm using that relies on checking request.user attributes is breaking. I made my own social_auth model, seeing as our user model is quite abstracted from standard django users. I may try adding expiration_datetime() method to my social_user model, and see if that does anything. But might you have an idea of where I might be straying? |
|
@nwilson5, which version of |
|
0.1.17. I'm finding in social.backends.base.BaseAuth in get_user(): def get_user(self, user_id):
"""
Return user with given ID from the User model used by this backend.
This is called by django.contrib.auth.middleware.
"""
from social.strategies.utils import get_current_strategy
strategy = self.strategy or get_current_strategy()
return strategy.get_user(user_id)The times it breaks are due to strategy being None. The user_id is correct. I am not entirely sure how that variable is set and why it is None on some pageviews and correctly set in others. |
|
That seems to have done it, thanks. I wasn't using social.apps.django_app.default (or mongoengine) in my installed apps (made my own). |
|
I just upgraded from 0.1.22 to 0.1.23, and I see it changed signature of What is the canonical way to solve this? (I.e. not use non-public method so that it won't break on minor updates). |
|
Actually, I am not sure I could reproduce #68 on 0.1.23. Will use login() for now. |
|
@julienaubert, a new parameter was added to As you pointed the usual Django |
|
|
|
@omab yep. I got that far :) I'm simply passing what It might be useful to put a changelog warning somewhere. |
I have a web client (Javascript) that authenticates users with G+ and Facebook. The client then needs to authenticate with a REST API implemented with django-rest-framework. I have seen the previous discussions implementing this with dsa. But could not get this working with psa. Do you have any pointers?
The text was updated successfully, but these errors were encountered: