Skip to content

Commit

Permalink
Restore session id (cvat-ai#905)
Browse files Browse the repository at this point in the history
* Restore session id when we use token authorization.
  • Loading branch information
nmanovic authored and Chris Lee-Messer committed Mar 5, 2020
1 parent b6edd4b commit ccb16b0
Show file tree
Hide file tree
Showing 3 changed files with 16 additions and 4 deletions.
15 changes: 14 additions & 1 deletion cvat/apps/authentication/auth.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@
#
# SPDX-License-Identifier: MIT

import os
from django.conf import settings
from django.db.models import Q
import rules
Expand All @@ -11,6 +10,20 @@
from rest_framework.permissions import BasePermission
from django.core import signing
from rest_framework import authentication, exceptions
from rest_framework.authentication import TokenAuthentication as _TokenAuthentication
from django.contrib.auth import login

# Even with token authorization it is very important to have a valid session id
# in cookies because in some cases we cannot use token authorization (e.g. when
# we redirect to the server in UI using just URL). To overkill that we override
# the class to call `login` method which restores the session id in cookies.
class TokenAuthentication(_TokenAuthentication):
def authenticate(self, request):
auth = super().authenticate(request)
session = getattr(request, 'session')
if auth is not None and session.session_key is None:
login(request, auth[0], 'django.contrib.auth.backends.ModelBackend')
return auth

def register_signals():
from django.db.models.signals import post_migrate, post_save
Expand Down
3 changes: 1 addition & 2 deletions cvat/apps/authentication/decorators.py
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
from django.contrib.auth import REDIRECT_FIELD_NAME
from django.http import JsonResponse
from django.conf import settings
from rest_framework.authentication import TokenAuthentication
from cvat.apps.authentication.auth import TokenAuthentication

def login_required(function=None, redirect_field_name=REDIRECT_FIELD_NAME,
login_url=None, redirect_methods=['GET']):
Expand All @@ -21,7 +21,6 @@ def _wrapped_view(request, *args, **kwargs):
tokenAuth = TokenAuthentication()
auth = tokenAuth.authenticate(request)
if auth is not None:
request.user = auth[0]
return view_func(request, *args, **kwargs)

login_url = '{}/login'.format(settings.UI_URL)
Expand Down
2 changes: 1 addition & 1 deletion cvat/settings/base.py
Original file line number Diff line number Diff line change
Expand Up @@ -124,7 +124,7 @@ def generate_ssh_keys():
'rest_framework.permissions.IsAuthenticated',
],
'DEFAULT_AUTHENTICATION_CLASSES': [
'rest_framework.authentication.TokenAuthentication',
'cvat.apps.authentication.auth.TokenAuthentication',
'cvat.apps.authentication.auth.SignatureAuthentication',
'rest_framework.authentication.SessionAuthentication',
'rest_framework.authentication.BasicAuthentication'
Expand Down

0 comments on commit ccb16b0

Please sign in to comment.