Update: I found the root cause. Apparently all my ldap users were not
marked as active in django.
Still, difference in behavior of normal views and API views regarding this
type of users is kind of strange.
Fernando, thank you for responding. However, I did try both session and
token authentication. It doesn't appear to make any difference in this
situation.
Regards,
Denis
On Wednesday, September 1, 2021 at 1:20:40 AM UTC+3 fherd...@gmail.com
wrote:
> Hi!
>
> I recommend Django Rest Framework and using Rest APIs to validations with
> a token, the question is ¿how know if a user is authenticated?
>
> The validation recommendation is to check the token and know that the
> user is authenticated...
>
> *____________________________________*
> *FERNANDO HERNÁNDEZ DE LA CRUZ*
>
> *Programador*
> *Teléfono : 993 3987 964*
>
> *Villahermosa, Tabasco, México.*
>
>
>
>
> El mar, 31 ago 2021 a las 16:54, Denis Nesterov (<fuz...@gmail.com>)
> escribió:
>
>> Hey everyone.
>>
>> I've stumbled on some unexpected behavior of @api_view decorator when
>> working with LDAP authentication backend of django_auth_ldap. When I try to
>> address request.user it returns as AnonymousUser.
>> Functions without @api_view against ldap users work as expected and
>> @api_view against local users works fine as well. Also, when using
>> rest_framework.permissions.IsAuthenticated it returns true even though
>> request.user.is_authenticated returns false.
>>
>> For example:
>> @api_view(['GET'])
>> def api(request):
>> if request.user.is_authenticated:
>> test_json = {
>> 'Is authenticated':str(request.user)
>> }
>> else:
>> test_json = {
>> 'Not authenticated':{
>> 'user': str(request.user),
>> 'request_isauth': request.user.is_authenticated,
>> 'rest_isauth':bool(IsAuthenticated),
>> 'username': request.user.username,
>> }
>> }
>> return Response(test_json)
>>
>> When called from under authenticated ldap user it produces following
>> results:
>> { "Not authenticated": { "user": "AnonymousUser", "request_isauth":
>> false, "rest_isauth": true, "username": "" } }
>>
>> versions are:
>> Django==3.2.6
>> django-auth-ldap==3.0.0
>> djangorestframework==3.12.4
>>
>> I'm not sure if I should report it as an issue for this project or ldap
>> one.
>> Meanwhile I could use an advise on a workaround. Unfortunately
>> IsAuthenticated is not enough for me. I also need to check user's superuser
>> status and group membership.
>>
>> Thanks,
>> Denis
>>
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Django REST framework" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to django-rest-fram...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/django-rest-framework/58fd71c3-140f-4a3b-8229-e82534836171n%40googlegroups.com
>>
>> <https://groups.google.com/d/msgid/django-rest-framework/58fd71c3-140f-4a3b-8229-e82534836171n%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>>
>
--
You received this message because you are subscribed to the Google Groups
"Django REST framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-rest-framework+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-rest-framework/e3139498-a346-4137-a7ef-b750e00e9b93n%40googlegroups.com.
