Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How do I check that user already authenticated from tastypie?

Tags:

ajax

django

tastypie

When user authenticates in Django, how do I check that from tastypie?

Once user logs on, the view includes some JS that pulls data from API, which is backed by tastypie.

I have basic authentication/djangoauthorisation set up on my resources, so the browser pops up http auth window. Is there any way to avoid this?

My idea so far is to extend BasicAuthentication so that it first checks session data and when it doesn't find it, it falls back to http auth? AFAIK AJAX calls include session cookies, so this in theory should work? Has anybody done something similar?

like image 311
rytis Avatar asked Sep 09 '11 14:09

rytis

2 Answers

I have this solution so far:

class MyBasicAuthentication(BasicAuthentication):
    def __init__(self, *args, **kwargs):
        super(MyBasicAuthentication, self).__init__(*args, **kwargs)

    def is_authenticated(self, request, **kwargs):
        from django.contrib.sessions.models import Session
        if 'sessionid' in request.COOKIES:
            s = Session.objects.get(pk=request.COOKIES['sessionid'])
            if '_auth_user_id' in s.get_decoded():
                u = User.objects.get(id=s.get_decoded()['_auth_user_id'])
                request.user = u
                return True
        return super(MyBasicAuthentication, self).is_authenticated(request, **kwargs)

which seems to do what I want. If user is logged on, then session contains _auth_user_id, if not, the key is missing.

Anyone can think of any problems this approach may cause?

like image 152
rytis Avatar answered Oct 11 '22 12:10

rytis

You may want to check out this ticket on tastypie's GitHub:

https://github.com/toastdriven/django-tastypie/issues/197

The author suggests a very clean approach to authenticate the call with both the session and the API key methods.

There goes the snippet:

class ApiKeyPlusWebAuthentication(ApiKeyAuthentication):
def is_authenticated(self, request, **kwargs):
    if request.user.is_authenticated():
        return True

    return super(ApiKeyPlusWebAuthentication, self).is_authenticated(request, **kwargs)

def get_identifier(self, request):
    if request.user.is_authenticated():
        return request.user.username
    else:
        return super(ApiKeyPlusWebAuthentication, self).get_identifier(request)
like image 36
ulysses Avatar answered Oct 11 '22 10:10

ulysses
Sign in to Comment

Related questions

MS MVC form AJAXifying techniques [closed]
Techniques to reduce data harvesting from AJAX/JSON services
Can AJAX request data from a remote server?
Jquery:: Ajax powered progress bar?
draw google charts with JSON
Sending files /file upload using ajax which works in IE9
How to implement file download with AJAX and MVC
Why browser do not follow redirects using XMLHTTPRequest and CORS?
Python Flask calling functions using buttons
The AJAX response: Data (JSON, XML) or HTML snippet? [closed]
Progress notifications from HTTP/REST service
What's the best way to debug AJAX to PHP calls?
PHP - exit or die() in AJAX requests?
Why Cross-Domain AJAX call is not allowed?
cookies problem in PHP and AJAX
Distinguish ajax requests from full requests in JSF custom validator
Ajax and back button. Hash changes, but where is previous page state stored?
How to upload a file using Ajax on POST?
Can I use XMLHttpRequest on a different port from a script file loaded from that port?
Delphi serverside framework for managing sessions and respond with JSON to ajax requests?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!