-
-
Save BolajiOlajide/5a2add3eed7edcf4627ee79c0b248ce1 to your computer and use it in GitHub Desktop.
JWT authentication middleware for django rest framework that populates the request.user object
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from django.utils.functional import SimpleLazyObject | |
from django.contrib.auth.models import AnonymousUser | |
from rest_framework.request import Request | |
from rest_framework_jwt.authentication import JSONWebTokenAuthentication | |
def get_user_jwt(request): | |
""" | |
Replacement for django session auth get_user & auth.get_user for | |
JSON Web Token authentication. Inspects the token for the user_id, | |
attempts to get that user from the DB & assigns the user on the | |
request object. Otherwise it defaults to AnonymousUser. | |
This will work with existing decorators like LoginRequired, whereas | |
the standard restframework_jwt auth only works at the view level | |
forcing all authenticated users to appear as AnonymousUser ;) | |
Returns: instance of user object or AnonymousUser object | |
""" | |
user = None | |
try: | |
user_jwt = JSONWebTokenAuthentication().authenticate(Request(request)) | |
if user_jwt is not None: | |
# store the first part from the tuple (user, obj) | |
user = user_jwt[0] | |
except: | |
pass | |
return user or AnonymousUser() | |
class JWTAuthenticationMiddleware(object): | |
""" Middleware for authenticating JSON Web Tokens in Authorize Header """ | |
def process_request(self, request): | |
request.user = SimpleLazyObject(lambda : get_user_jwt(request)) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment