FAQ | This is a LIVE service | Changelog

Skip to content
Snippets Groups Projects

add user when authenticating

Merged Dr Rich Wareham requested to merge add-user into main
  1. Oct 02, 2023
  2. Jun 29, 2023
    • Dr Rich Wareham's avatar
      c5e5ce1a
    • Dr Rich Wareham's avatar
      feat: add user when authenticating · 9c53abab
      Dr Rich Wareham authored
      When authenticating a principal add a synthetic "APIGatewayUser" object
      as the request user. This object is not backed by a database object but
      does have an id meaning that DRF templates used to render the API views
      will correctly identify the authenticated user.
      
      This unpacked somewhat because of a slight break with Django convention
      exhibited by this app.
      
      One needs to be _very_ careful with what is imported as a side-effect of
      importing the top-level application module. That is because that module
      is imported at application configure time as part of configuring the
      application. It follows that applications in general are not yet
      configured when the top-level application module is imported.
      
      The top-level module here then directly imports some of the
      implementation. So now our implementation must not rely on applications
      having been configured at import time.
      
      We got away with this due to the simplicity of the application but
      attempting to derive from AnonymousUser triggered the problem: trying to
      import anything from django.contrib.auth.models threw an exception about
      applications not being configured.
      
      The convention for DRF authentication classes is for them to sit in a
      submodule named "authentication" within the top-level application. This
      is for good reason; trying to have them in the top-level leads to this
      sort of pain.
      
      Unfortunately we have users in the wild using
      "apigatewayauth.APIGatewayAuthentication" in their settings and so we
      need to support that until users are fixed up to use
      "apigatewayauth.authentication.APIGatewayAuthentication".
      
      In the meantime, do some nasty hackery to support what was required by
      the original issue.
      
      Closes #2
      9c53abab
Loading