Merge pull request #14 from smartfile/handle-missing-user

Handle anonymous view
smartfile · Oct 30, 2020 · a954fe2 · a954fe2
2 parents adf9b0c + de063a7
commit a954fe2
Show file tree

Hide file tree

Showing 6 changed files with 155 additions and 75 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -9,10 +9,11 @@ env:
   - DJANGO=2.0
   - DJANGO=2.2
   - DJANGO=3.0
+  - DJANGO=3.1
 
 install:
   - python -m pip install -U pip==18.0
-  - pipenv install --skip-lock
+  - pipenv install --dev --skip-lock
   - pip install --timeout=30 -q Django==$DJANGO
   - pip install --timeout=30 -q -e .
 script: make ci
@@ -25,12 +26,18 @@ jobs:
       env: DJANGO=2.2
     - python: '2.7'
       env: DJANGO=3.0
+    - python: '2.7'
+      env: DJANGO=3.1
     - python: '3.4'
       env: DJANGO=2.2
     - python: '3.4'
       env: DJANGO=3.0
+    - python: '3.4'
+      env: DJANGO=3.1
     - python: '3.5'
       env: DJANGO=3.0
+    - python: '3.5'
+      env: DJANGO=3.1
   include:
     - stage: deploy
       python: '3.6'

diff --git a/Pipfile b/Pipfile
@@ -4,6 +4,7 @@ url = "https://pypi.org/simple"
 verify_ssl = true
 
 [dev-packages]
+freezegun = "*"
 
 [packages]
 pyjwt = "*"

diff --git a/Pipfile.lock b/Pipfile.lock
diff --git a/django_session_jwt/middleware/session.py b/django_session_jwt/middleware/session.py
@@ -11,7 +11,7 @@
 from importlib import import_module
 
 from django.conf import settings
-from django.utils.deprecation import MiddlewareMixin
+from django.contrib.auth import get_user_model
 from django.contrib.sessions.middleware import SessionMiddleware as BaseSessionMiddleware
 from django.core.exceptions import ImproperlyConfigured
 
@@ -172,6 +172,20 @@ def process_request(self, request):
             request.session['jwt'] = fields
 
     def process_response(self, request, response):
+        if not request.user.is_authenticated:
+            # The user is unauthenticated. Try to determine the user by the
+            # session JWT
+            User = get_user_model()
+            try:
+                user_id = request.session['jwt']['user_id']
+                user = User.objects.get(id=user_id)
+            except (KeyError, User.DoesNotExist):
+                # Unable to determine the user. Allow the base class
+                # implementation to handle the response.
+                return super(SessionMiddleware, self).process_response(request, response)
+        else:
+            user = request.user
+
         # Rather than duplicating the session logic here, just allow super()
         # to do it's thing, then convert the session cookie (if any) when it's
         # done.
@@ -189,7 +203,7 @@ def process_response(self, request, response):
             return response
 
         try:
-            convert_cookie(response.cookies, request.user)
+            convert_cookie(response.cookies, user)
 
         except (KeyError, AttributeError):
             # No cookie, no problem...

diff --git a/django_session_jwt/settings.py b/django_session_jwt/settings.py
@@ -118,6 +118,7 @@
         ('id', 'id', 'user_id'),
         ('username', 'u', 'username'),
         ('email', 'e', 'email'),
+        ('invalid', 'i', 'invalid'),
     ],
     'CALLABLE': 'django_session_jwt.get_fields',
     'KEY': SECRET_KEY,