I am using following Django (2.0.1)
, djangorestframework (3.7.7)
, djangorestframework-jwt (1.11.0)
on top of python 3.6.3
. By default djangorestframework-jwt
does not include users in django’s usual requst.user
. If you are using code>djangorestframework, chances are you have a huge code base at API which is leveraging this, not to mention at your permission_classes
at viewsets
. Since you are convinced about the fact that jwts are the best tools for your project, no wonder that you would love to migrate from your old token to new jwt tokens. To make the migration steps easier, we will write a middleware that will set request.user
for us.
from django.utils.functional import SimpleLazyObject from rest_framework_jwt.serializers import VerifyJSONWebTokenSerializer from rest_framework.exceptions import ValidationError #from rest_framework.request from Request class AuthenticationMiddlewareJWT(object): def __init__(self, get_response): self.get_response = get_response def __call__(self, request): request.user = SimpleLazyObject(lambda: self.__class__.get_jwt_user(request)) if not request.user.is_authenticated: token = request.META.get('HTTP_AUTHORIZATION', " ").split(' ')[1] print(token) data = {'token': token} try: valid_data = VerifyJSONWebTokenSerializer().validate(data) user = valid_data['user'] request.user = user except ValidationError as v: print("validation error", v) return self.get_response(request)
And you need to register your middleware in settings:
MIDDLEWARE = [ #... 'path.to.AuthenticationMiddlewareJWT', ]