43 lines
1.4 KiB
Python
43 lines
1.4 KiB
Python
from django.conf import settings
|
|
from django.contrib.auth.hashers import check_password
|
|
from rest_framework import exceptions
|
|
from rest_framework.authentication import CSRFCheck
|
|
from rest_framework_simplejwt.authentication import JWTAuthentication
|
|
|
|
from accounts.models import IAmPrincipalOtp, IAmPrincipal
|
|
from nifty11_project import constants
|
|
from nifty11_project.utils import ApiResponse
|
|
|
|
|
|
def enforce_csrf(request):
|
|
"""
|
|
Enforce CSRF validation for session based authentication.
|
|
"""
|
|
|
|
def dummy_get_response(request): # pragma: no cover
|
|
return None
|
|
|
|
check = CSRFCheck(dummy_get_response)
|
|
# populates request.META['CSRF_COOKIE'], which is used in process_view()
|
|
check.process_request(request)
|
|
reason = check.process_view(request, None, (), {})
|
|
if reason:
|
|
# CSRF failed, bail with explicit error message
|
|
raise exceptions.PermissionDenied("CSRF Failed: %s" % reason)
|
|
|
|
|
|
class CustomAuthentication(JWTAuthentication):
|
|
def authenticate(self, request):
|
|
header = self.get_header(request)
|
|
|
|
if header is None:
|
|
raw_token = request.COOKIES.get(settings.SIMPLE_JWT["AUTH_COOKIE"]) or None
|
|
else:
|
|
raw_token = self.get_raw_token(header)
|
|
if raw_token is None:
|
|
return None
|
|
|
|
validated_token = self.get_validated_token(raw_token)
|
|
enforce_csrf(request)
|
|
return self.get_user(validated_token), validated_token
|