add user when authenticating
- Oct 02, 2023
-
-
Dr Rich Wareham authored
-
- Jun 29, 2023
-
-
Dr Rich Wareham authored
-
Dr Rich Wareham authored
When authenticating a principal add a synthetic "APIGatewayUser" object as the request user. This object is not backed by a database object but does have an id meaning that DRF templates used to render the API views will correctly identify the authenticated user. This unpacked somewhat because of a slight break with Django convention exhibited by this app. One needs to be _very_ careful with what is imported as a side-effect of importing the top-level application module. That is because that module is imported at application configure time as part of configuring the application. It follows that applications in general are not yet configured when the top-level application module is imported. The top-level module here then directly imports some of the implementation. So now our implementation must not rely on applications having been configured at import time. We got away with this due to the simplicity of the application but attempting to derive from AnonymousUser triggered the problem: trying to import anything from django.contrib.auth.models threw an exception about applications not being configured. The convention for DRF authentication classes is for them to sit in a submodule named "authentication" within the top-level application. This is for good reason; trying to have them in the top-level leads to this sort of pain. Unfortunately we have users in the wild using "apigatewayauth.APIGatewayAuthentication" in their settings and so we need to support that until users are fixed up to use "apigatewayauth.authentication.APIGatewayAuthentication". In the meantime, do some nasty hackery to support what was required by the original issue. Closes #2
9c53abab
-