GithubHelp home page GithubHelp logo

Comments (8)

mongkok avatar mongkok commented on May 27, 2024 1

Hi @skitoo :),
I would like to include this feature, unfortunately I do not find an easy way to modify the response object to set the cookie:
https://docs.djangoproject.com/en/2.1/ref/request-response/#django.http.HttpResponse.set_cookie

A decorator for Graphene view could be the best approach:

from django.urls import path

from graphene_django.views import GraphQLView
from graphql_jwt.decoratos import jwt_cookie

urlpatterns = [
    path('graphql/', jwt_cookie(GraphQLView.as_view(), name='JWT-cookie')),
]

Update: Used graphene_django.views instead of graphql_extensions.views.

from django-graphql-jwt.

skitoo avatar skitoo commented on May 27, 2024

I think the best way to inject the cookie into the response is to do it in middleware.
Maybe here ? https://github.com/flavors/django-graphql-jwt/blob/master/graphql_jwt/middleware.py#L75

from django-graphql-jwt.

mongkok avatar mongkok commented on May 27, 2024

Hi @skitoo,

Right now there are two middlewares for authentication:

  • Graphene Middleware: can't access the response object.
  • Django Middleware: will be deprecated in the future

To configure the cookie we can create a new Django middleware JWTCookieMiddleware or a decorator @jwt_cookie for the view, the two implementations are valid and require a new configuration (settings or urls).

from django-graphql-jwt.

v-stickykeys avatar v-stickykeys commented on May 27, 2024

I have found a solution for this using the Django middleware at least, but I'm guessing it will break with your next update:

def process_response(self, request, response):
        patch_vary_headers(response, ('Authorization',))
        '''
        @dev Store JWT token in session cookie
        @author thevaleriemack
        '''
        if response.content.find(b'tokenAuth') != -1:
            try:
                response_content = bytes_to_dict(response.content)
                token_auth = response_content['data']['tokenAuth']['token']
                request.session['tokenAuth'] = token_auth
            except KeyError:
                pass
        return response
def process_request(self, request):
        if (get_authorization_header(request) is not None and
                (not hasattr(request, 'user') or request.user.is_anonymous)):
            try:
                user = authenticate(request=request)
            except JSONWebTokenError as err:
                return JsonResponse({
                    'errors': [{'message': str(err)}],
                }, status=401)

            if user is not None:
                request.user = request._cached_user = user
        '''
        @dev Access JWT from session cookie if it is not in the header
        @author thevaleriemack
        '''
        if (request.session.get('tokenAuth') and not
            request.META.get('HTTP_AUTHORIZATION')):
            request.META['HTTP_AUTHORIZATION'] = jwt_settings.JWT_AUTH_HEADER_PREFIX + " " + request.session['tokenAuth']
            try:
                user = authenticate(request=request)
            except JSONWebTokenError as err:
                return JsonResponse({
                    'errors': [{'message': str(err)}],
                }, status=401)
            if user is not None:
                request.user = request._cached_user = user
        
        return None

It's a bit hacky i guess? Let me know what you think. Any major flaws here?

from django-graphql-jwt.

LiamK avatar LiamK commented on May 27, 2024

@mongkok I'm also wanting to do this, too. Any chance of getting JWTCookieMiddleware in an upcoming release?

from django-graphql-jwt.

mongkok avatar mongkok commented on May 27, 2024

Sorry for the delay in my response

Django's middleware will be deprecated in the future in favour of Graphene's middleware.

I created a pull request #75 to include cookie authentication using a decorator.
I'll release a new version on PyPI as soon as this PR is merged.

from django-graphql-jwt.

skitoo avatar skitoo commented on May 27, 2024

@mongkok Thank you ! :)

from django-graphql-jwt.

bastiW avatar bastiW commented on May 27, 2024

Thank you a lot :)

from django-graphql-jwt.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.