How to check if a request consists of session id and csref token in the cookie in Django rest framework?
my rest_framework authentication and permission classes
"DEFAULT_PERMISSION_CLASSES": [
"rest_framework.permissions.IsAuthenticated",
"rest_framework.permissions.IsAdminUser",
"rest_framework.permissions.AllowAny",
],
"DEFAULT_AUTHENTICATION_CLASSES": (
"rest_framework_simplejwt.authentication.JWTAuthentication",
"rest_framework.authentication.SessionAuthentication",
"rest_framework.authentication.BasicAuthentication"
),
login view
class UserLoginView(generics.RetrieveAPIView):
"""
View for a user to login through 1FA.
The view provides a post request that accepts a email and password.
Returns a jwt token as a response to authenticated user.
"""
throttle_scope = "login"
permission_classes = (permissions.AllowAny,)
serializer_class = UserLoginSerializer
def post(self, request):
"""
POST request to login a user.
"""
#if session key is not present then create a session for the user
serializer = self.serializer_class(data=request.data)
serializer.is_valid(raise_exception=True)
if not request.session.session_key:
request.session.save()
return Response("logged in")
In my login view if user credentials are valid i am creating a user session if not created yet. For all other requests i need to ensure that user has a active session i.e. a session id in the cookie and csrf token to secure the application , is there method provided by rest framework to do that or i need to write my own permission classes for the views