I was using django-rest-framework-simplejwt for authentication. Here is my settings.py filesettings.py file
Initially I was trying to get login user by accessing request.user in a view function as shown below and passing access token in headers berear token:
function test
But I wasn't able to get the logged in user. Instead when I tried RetreiveAPIView of rest framework generics, it gave me the user..Here is the code for the same..Using RetreiveAPIView
UserSerializer
Initially I thought that both the request objects are same but it seems that there is some difference.. Can anyone explain me what is the difference between the two?
please show your whole View, not only a test method.
In DRF views you can access a request and request.user as a method parameter which is automatically passed into methods of View Class, not a class property (self.request)
look at drf docs https://www.django-rest-framework.org/api-guide/views/
Related
I've just started using loopback4 and I would like to protect the /explorer from being public. The user would initially see a page where username and password must be entered. If successful, the user is redirected to /explorer where he can see all API methods (and execute them). If user is not authenticated, accessing the path /explorer would give a response of "Unauthorized". Is there a way to easily implement this?
There is issue talking about a GLOBAL default strategy is enabled for all routes including explorer in https://github.com/strongloop/loopback-next/issues/5758
The way is to specify a global metadata through the options:
this.configure(AuthenticationBindings.COMPONENT).to({
defaultMetadata: {
strategy: 'JWTStrategy'
}
})
this.component(AuthenticationComponent);
registerAuthenticationStrategy(this, JWTAuthenticationStrategy)
But in terms of enabling a single endpoint added by route.get(), it's not supported yet, see code of how explorer is registered. #loopback/authentication retrieves auth strategy name from a controller class or its members, but if the route is not defined in the controller, it can only fall back to the default options, see implementation
Is there anyway to save additional data to the session when doing a social login/signup?
I noticed that if I send returnUrl parameter to the SS OAuth endpoint (i.e. /auth/google?retunUrl=...) then this value gets saved to the session as ReferrerUrl so I am using that to embed data as url parameters. I would prefer to be able to write to the Meta collection when directing to the SS Auth endpoint and then later read it from the session.
I tried to follow the exact process of how this was being saved to the session but I found it quite confusing.
What is the best way to add additional meta data to a social login/signup?
Edit:
I am talking about making a GET request to /auth/google, /auth/facebook etc...
I have additional data I want to track with the signup the user has entered in the browser.
If I add code to OnAuthenticated then this doesn't solve problem as the data has gone out of scope of the browser. It has to be passed in the GET request to the auth endpoint or have some reference to match up.
Edit:
public class CustomUserSession : AuthUserSession
{
public override void OnCreated(IRequest httpReq)
{
this.Meta.Add("foo", "bar");
httpReq.SaveSession(this);
}
}
You can handle a callback with the OnAuthenticated() Session or Auth Events.
I have ServiceStack v4 service but when I call the auth/logout route (using either POST or GET) to logout the currently logged-in user, I get an error:
400 Not Empty
User Name cannot be empty
Password Cannot be empty
As I wouldn't expect users to enter credentials when logging out, I am surely missing something?
I have the AuthFeature registered during host initialisation, and I am using CredentialsAuthProvider. I have taken the code from Github so I can see how it works.
My Client Code:
var rest = Restangular.one('auth/logout').get();
//var result = rest.post({userName: userName});
this.requestTracker.addPromise(rest);
return rest;
After a lot of digging, this happens when you are using CredentialsAuthProvider. Within this class, a validator is defined that validates all instances of the Authenticate request. As the logout route uses the Authenticate request, this validator is fired.
I got round it by modifying the validator to:
RuleFor(x => x.UserName).NotEmpty().When(d => d.provider != "logout");
RuleFor(x => x.Password).NotEmpty().When(d => d.provider != "logout");
This is probably not the most elegant way of fixing long term, but got me up and running.
I know this question is old, but I recently have been struggling with the same thing. What occurs is that before the Authenticate.Post function is called, the validation cache is checked and the CredentialsAuthProvider which has the mentioned validator fails unless username and password are not empty.
Now, i'm not sure if it makes a difference if you only have that provider enabled or not - I've not tested. I actually have my own custom provider that subclasses CredentialsAuthProvider and it's the only one I register.
The only way currently is to either pass a non-empty (but useless) password and username, or modify your own custom provider, overriding the Authenticate function and using a modified version of the validator as mentioned above.
At which point does session.UserAuthName gets set? I am playing around with the SocialBoostrapApi and login in successfully through Google which calls the OnAuthenticated method. However, UserAuthName is always null. I also don't see a field for it in the Auth tables.
I have a simple HTML page which contains a form (uses GET method), whose action is a portal page containing a JSF portlet. I need to access the parameters passed in to the portal page in my portlet - how can I achieve this?
I have tried to access the parameter code on the view page using following code but the value comes up as null.
java.util.Map requestMap = javax.faces.context.FacesContext.getCurrentInstance().getExternalContext().getRequestParameterMap();
String code = requestMap.get("code");
At some other forum it was suggested that I need to pass the the portlet id as request parameter in order to have the portlet access to passed request parameters. If that is true where/how can I lookup my portlet ID so that portlet has access to request parameters?
I would look into whether the WebSphere implementation of public render parameters supports this. If the ExternalContext request parameter map does not expose these values, you can cast the request to a PortletRequest and make use of the Map<String,String[]> getPublicParameterMap() method.
See my article Passing query parameters to JSR-286 portlets here.
I know this is a supported way to do it. I have seen other articles that claim you can simply cast the PortletRequest to something and get the parameters. This is probably not supported in that it depends on a particular implementation and reference to an internal class name. I recommend the above.