Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Restore session id #905

Merged
merged 3 commits into from
Dec 5, 2019
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 14 additions & 1 deletion cvat/apps/authentication/auth.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@
#
# SPDX-License-Identifier: MIT

import os
from django.conf import settings
from django.db.models import Q
import rules
Expand All @@ -11,6 +10,20 @@
from rest_framework.permissions import BasePermission
from django.core import signing
from rest_framework import authentication, exceptions
from rest_framework.authentication import TokenAuthentication as _TokenAuthentication
from django.contrib.auth import login

# Even with token authorization it is very important to have a valid session id
# in cookies because in some cases we cannot use token authorization (e.g. when
# we redirect to the server in UI using just URL). To overkill that we override
# the class to call `login` method which restores the session id in cookies.
class TokenAuthentication(_TokenAuthentication):
def authenticate(self, request):
auth = super().authenticate(request)
session = getattr(request, 'session')
if auth is not None and session.session_key is None:
login(request, auth[0], 'django.contrib.auth.backends.ModelBackend')
return auth

def register_signals():
from django.db.models.signals import post_migrate, post_save
Expand Down
3 changes: 1 addition & 2 deletions cvat/apps/authentication/decorators.py
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
from django.contrib.auth import REDIRECT_FIELD_NAME
from django.http import JsonResponse
from django.conf import settings
from rest_framework.authentication import TokenAuthentication
from cvat.apps.authentication.auth import TokenAuthentication

def login_required(function=None, redirect_field_name=REDIRECT_FIELD_NAME,
login_url=None, redirect_methods=['GET']):
Expand All @@ -21,7 +21,6 @@ def _wrapped_view(request, *args, **kwargs):
tokenAuth = TokenAuthentication()
auth = tokenAuth.authenticate(request)
if auth is not None:
request.user = auth[0]
return view_func(request, *args, **kwargs)

login_url = '{}/login'.format(settings.UI_URL)
Expand Down
2 changes: 1 addition & 1 deletion cvat/settings/base.py
Original file line number Diff line number Diff line change
Expand Up @@ -124,7 +124,7 @@ def generate_ssh_keys():
'rest_framework.permissions.IsAuthenticated',
],
'DEFAULT_AUTHENTICATION_CLASSES': [
'rest_framework.authentication.TokenAuthentication',
'cvat.apps.authentication.auth.TokenAuthentication',
'cvat.apps.authentication.auth.SignatureAuthentication',
'rest_framework.authentication.SessionAuthentication',
'rest_framework.authentication.BasicAuthentication'
Expand Down