Hey everyone.
I've stumbled on some unexpected behavior of @api_view decorator when
working with LDAP authentication backend of django_auth_ldap. When I try to
address request.user it returns as AnonymousUser.
Functions without @api_view against ldap users work as expected and
@api_view against local users works fine as well. Also, when using
rest_framework.permissions.IsAuthenticated it returns true even though
request.user.is_authenticated returns false.
For example:
@api_view(['GET'])
def api(request):
if request.user.is_authenticated:
test_json = {
'Is authenticated':str(request.user)
}
else:
test_json = {
'Not authenticated':{
'user': str(request.user),
'request_isauth': request.user.is_authenticated,
'rest_isauth':bool(IsAuthenticated),
'username': request.user.username,
}
}
return Response(test_json)
When called from under authenticated ldap user it produces following
results:
{ "Not authenticated": { "user": "AnonymousUser", "request_isauth": false,
"rest_isauth": true, "username": "" } }
versions are:
Django==3.2.6
django-auth-ldap==3.0.0
djangorestframework==3.12.4
I'm not sure if I should report it as an issue for this project or ldap one.
Meanwhile I could use an advise on a workaround. Unfortunately
IsAuthenticated is not enough for me. I also need to check user's superuser
status and group membership.
Thanks,
Denis
--
You received this message because you are subscribed to the Google Groups
"Django REST framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-rest-framework/58fd71c3-140f-4a3b-8229-e82534836171n%40googlegroups.com.
