Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

verify_session() is not usable in Django Rest Framework #105

Closed
wolzenbug opened this issue Apr 7, 2022 · 4 comments
Closed

verify_session() is not usable in Django Rest Framework #105

wolzenbug opened this issue Apr 7, 2022 · 4 comments
Assignees
@KShivendu

Comments

@wolzenbug
Copy link

Hey guys!
The support has asked me to create a ticket for this case. We agreed that this is not an issue with your SDK. We think it's because I was using the documented Django approach for the Django Rest Framework.

After decorating an example view with verify_session() like this:

from supertokens_python.recipe.session.framework.django.syncio import verify_session

class UserAPI(generics.RetrieveAPIView):
  serializer_class = UserSerializer
  @verify_session()
  def get_object(self):
    return self.request.user

I was facing the following error:

backend_1 | File "/usr/local/lib/python3.8/site-packages/supertokens_python/recipe/session/api/implementation.py", line 51, in verify_session
backend_1 | method = normalise_http_method(api_options.request.method())
backend_1 | File "/usr/local/lib/python3.8/site-packages/supertokens_python/framework/django/django_request.py", line 45, in method
backend_1 | if self.request.method is None:
backend_1 | AttributeError: 'UserAPI' object has no attribute 'method'

Versions:
django = 3.2.11
djangorestframework = 3.12.4
supertokens-python = 0.6.1

To quote the support team (rp on discord):
I think that's the issue as well. We haven't designed the verify_session function to work in that way,. Though it would be nice if we would have done it the "django way". So we are investigating it. If you open an issue, you can keep track of the progress etc more easily.
@KShivendu
Copy link
Contributor

KShivendu commented Apr 7, 2022
edited
Loading

Hey @wolzenbug

Try this:

from supertokens_python.recipe.session.framework.django.syncio import verify_session
from django.utils.decorators import method_decorator

@method_decorator(verify_session(), name='dispatch')
class UserAPI(generics.RetrieveAPIView):
  ...

@wolzenbug
Copy link
Author

Hey @KShivendu

Thank you for your fast reply. Your proposed solution fixed the error!

Now I face the following problem:

backend_1 | Unauthorized: /api/auth/user/
backend_1 | [07/Apr/2022 15:47:51] "GET /api/auth/user/ HTTP/1.1" 401 26

Looks like the request from my React (with axios and your interceptor) client to my DRF backend is missing some auth credentials. Do you have any information about how to send them appropriately?

@rishabhpoddar
Copy link
Contributor

Well, the cookies should be added automatically if the config is done correctly. Here is a list of reasons on what could be wrong: supertokens/supertokens-website#68

I'm closing this issue since the last query is not related to the original comment.

@roshi112
Copy link

Cons of Using @method_decorator:
Overhead: If you have multiple methods within the view where some might not require session verification, it could lead to unnecessary overhead for those methods.
Less Flexibility: It may limit flexibility if you need to apply different decorators or session handling logic for specific methods in the future.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@KShivendu KShivendu

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@rishabhpoddar @wolzenbug @KShivendu @roshi112