Last active
July 1, 2021 21:27
-
-
Save ajaidanial/191e18fea29f95a9d2a7b5cd419963f4 to your computer and use it in GitHub Desktop.
Revisions
-
ajaidanial revised this gist
Jul 1, 2021 . 1 changed file with 3 additions and 3 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -4,7 +4,7 @@ from rest_framework.reverse import reverse_lazy class AppSessionToTokenAuthConversionMiddleware(SessionMiddleware): """ Apps SessionMiddleware to insert the session cookie id to the request body. This is used as a token by the app FE to send requests. Also this takes the session cookie id from the Authorization header @@ -17,7 +17,7 @@ class AppSessionHelperMiddleware(SessionMiddleware): def process_response(self, request, response): """Pass the sessionid from response cookies to the response body.""" response = super(AppSessionToTokenAuthConversionMiddleware, self).process_response( request, response ) @@ -40,7 +40,7 @@ def process_request(self, request): if sessionid: request.COOKIES[self.session_cookie_name] = sessionid return super(AppSessionToTokenAuthConversionMiddleware, self).process_request(request) def get_sessionid_from_authorization_header(self, request): """ -
Jul 1, 2021 . 1 changed file with 0 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -3,8 +3,6 @@ from rest_framework.authentication import get_authorization_header from rest_framework.reverse import reverse_lazy class AppSessionHelperMiddleware(SessionMiddleware): """ -
Jul 1, 2021 . 1 changed file with 12 additions and 4 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,8 +1,16 @@ from django.conf import settings from django.contrib.sessions.middleware import SessionMiddleware from rest_framework.authentication import get_authorization_header from rest_framework.reverse import reverse_lazy SESSION_TIMEOUT_KEY = "_session_init_timestamp_" class AppSessionHelperMiddleware(SessionMiddleware): """ Apps SessionMiddleware to insert the session cookie id to the request body. This is used as a token by the app FE to send requests. Also this takes the session cookie id from the Authorization header and inserts it into request cookies. """ authorization_keyword = settings.SESSION_COOKIE_NAME @@ -38,8 +46,8 @@ def process_request(self, request): def get_sessionid_from_authorization_header(self, request): """ Gets the session-id from the Authorization header in the request. Passed as `{self.authorization_keyword} <token>`. Valid length is 2. """ auth = get_authorization_header(request).split() -
Jul 1, 2021 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,59 @@ class AppSessionHelperMiddleware(SessionMiddleware): """ Apps SessionMiddleware to insert the session cookie id to the request body. This is used as a token by the mobile app FE to send requests. Also this takes the session cookie id from the Authorization header and inserts it into the request cookies. Used to by pass cookie reading and writing issues in the FE. """ authorization_keyword = settings.SESSION_COOKIE_NAME session_cookie_name = settings.SESSION_COOKIE_NAME def process_response(self, request, response): """Pass the sessionid from response cookies to the response body.""" response = super(AppSessionHelperMiddleware, self).process_response( request, response ) if ( request.path == reverse_lazy("authentication:login") and self.session_cookie_name in response.cookies.keys() ): # update session id in response body session_id = response.cookies[self.session_cookie_name].value response.data[self.session_cookie_name] = session_id response._is_rendered = False response.render() return response def process_request(self, request): """Get the sessionid from the request Authorization header and pass it to the request.""" sessionid = self.get_sessionid_from_authorization_header(request) if sessionid: request.COOKIES[self.session_cookie_name] = sessionid return super(AppSessionHelperMiddleware, self).process_request(request) def get_sessionid_from_authorization_header(self, request): """ Get the sessionid from the Authorization header. Passed as `sessionid <token>`. Its valid length is 2. """ auth = get_authorization_header(request).split() if ( not auth or auth[0].lower() != self.authorization_keyword.lower().encode() or len(auth) != 2 ): return None try: return auth[1].decode() except UnicodeError: pass return None