MirrorMirror
/
funkwhale
mirror of https://dev.funkwhale.audio/funkwhale/funkwhale.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Now support Bearer auth in complement of JWT

This commit is contained in:
Eliot Berriot 2018-04-26 15:17:51 +02:00
parent 2477aa31f9
commit d2c2fb837e
No known key found for this signature in database
GPG Key ID: DD6965E2476E5C27
3 changed files with 38 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
api/config/settings/common.py
View File

@ -377,6 +377,7 @@ REST_FRAMEWORK = {
), ),
'DEFAULT_AUTHENTICATION_CLASSES': ( 'DEFAULT_AUTHENTICATION_CLASSES': (
'funkwhale_api.common.authentication.JSONWebTokenAuthenticationQS', 'funkwhale_api.common.authentication.JSONWebTokenAuthenticationQS',
'funkwhale_api.common.authentication.BearerTokenHeaderAuth',
'rest_framework_jwt.authentication.JSONWebTokenAuthentication', 'rest_framework_jwt.authentication.JSONWebTokenAuthentication',
'rest_framework.authentication.SessionAuthentication', 'rest_framework.authentication.SessionAuthentication',
'rest_framework.authentication.BasicAuthentication', 'rest_framework.authentication.BasicAuthentication',

3
api/funkwhale_api/common/auth.py
View File

@ -29,9 +29,6 @@ class TokenHeaderAuth(BaseJSONWebTokenAuthentication):
class TokenAuthMiddleware: class TokenAuthMiddleware:
"""
Custom middleware (insecure) that takes user IDs from the query string.
"""
def __init__(self, inner): def __init__(self, inner):
# Store the ASGI application we were passed # Store the ASGI application we were passed

37
api/funkwhale_api/common/authentication.py
View File

@ -1,3 +1,6 @@
from django.utils.encoding import smart_text
from django.utils.translation import ugettext as _
from rest_framework import exceptions from rest_framework import exceptions
from rest_framework_jwt import authentication from rest_framework_jwt import authentication
from rest_framework_jwt.settings import api_settings from rest_framework_jwt.settings import api_settings
@ -18,3 +21,37 @@ class JSONWebTokenAuthenticationQS(
def authenticate_header(self, request): def authenticate_header(self, request):
return '{0} realm="{1}"'.format( return '{0} realm="{1}"'.format(
api_settings.JWT_AUTH_HEADER_PREFIX, self.www_authenticate_realm) api_settings.JWT_AUTH_HEADER_PREFIX, self.www_authenticate_realm)
class BearerTokenHeaderAuth(
authentication.BaseJSONWebTokenAuthentication):
"""
For backward compatibility purpose, we used Authorization: JWT <token>
but Authorization: Bearer <token> is probably better.
"""
www_authenticate_realm = 'api'
def get_jwt_value(self, request):
auth = authentication.get_authorization_header(request).split()
auth_header_prefix = 'bearer'
if not auth:
if api_settings.JWT_AUTH_COOKIE:
return request.COOKIES.get(api_settings.JWT_AUTH_COOKIE)
return None
if smart_text(auth[0].lower()) != auth_header_prefix:
return None
if len(auth) == 1:
msg = _('Invalid Authorization header. No credentials provided.')
raise exceptions.AuthenticationFailed(msg)
elif len(auth) > 2:
msg = _('Invalid Authorization header. Credentials string '
'should not contain spaces.')
raise exceptions.AuthenticationFailed(msg)
return auth[1]
def authenticate_header(self, request):
return '{0} realm="{1}"'.format('Bearer', self.www_authenticate_realm)