Django says current user is unauthenticated although logged in
I havent really changed anything and added a View to update some user data. Then i wanted to test my View and Django says that the current user is not authenticated. I logged out and logged in multiple Times and also looked at the requests in Burp. To me every looks fine, it always sends the session_id and also login goes through without problems. I also get my User Object returned to the frontend on login.
When i then try the "edit" function for the User then i'm unauthenticated...
This is my login:
@action(methods=['post'], detail=False, url_path='sign-in', url_name='sign-in')
def login_user(self, request):
email = str(request.data.get('email'))
password = str(request.data.get('password'))
if email is None or password is None:
return _ERROR_INCOMPLETE_CREDENTIALS
# User authentication...
user = authenticate_user(email=email, password=password)
if user is None:
return _ERROR_BAD_CREDENTIALS
user_profile = UserProfile.objects.get(id=user.id)
serialized_user = UserProfileSerializer([user_profile], many=True).data
print(serialized_user)
res = login(request, user)
print(res)
return Response(serialized_user, status=status.HTTP_200_OK)
This is the custom authenticate_user Method:
def authenticate_user(email, password):
try:
user = User.objects.get(email=email)
except User.DoesNotExist:
return None
else:
if user.check_password(password):
return user
return None
This is a view which fails due to unauthentication:
@action(methods=['get'], detail=False, url_name='current', url_path='current')
def get_current_user(self, request):
if not request.user.is_authenticated:
return Response({"detail": "You need to be logged in for this!"}, status=status.HTTP_401_UNAUTHORIZED)
user = request.user
user_profile = UserProfile.objects.get(id=user.id)
return Response(UserProfileSerializer([user_profile], many=True).data)