Request.user.is_authenticated check not working as expected for routes outside of those provided by Django Allauth

I am having issue where request.user.is_authenticated returns false with a valid X-Session-Token sent in the header whenever a request is sent to other part of the app apart from those url provided by allauth and headless. I am new to Django and in fact, this is my first Django project. I might be missing some things but haven't found solution elsewhere.

I used custom user via CustomAccountAdapter which extends allauth.account.adapter.DefaultAccountAdapterby overriding the save_user function based on what I digested from the documentation. I defined custom token strategy to generate access_token and refresh token while copying the implemention of session token from allauth:

from allauth.account.adapter import DefaultAccountAdapter
from users.models.user_profile import UserProfile
from allauth.account.utils import user_email, user_username

import json

class CustomAccountAdapter(DefaultAccountAdapter):
        
    def save_user(self, request, user, form, commit=True):     
        data = json.loads(request.body)
        email = data.get("email")
        username = data.get("username")
        user_email(user, email)
        user_username(user, username)
        if "password" in data:
            user.set_password(data["password"])
        else:
            user.set_unusable_password()
        self.populate_username(request, user)
        user.is_creator = data.get('is_creator', False)
        if commit:
            # Ability not to commit makes it easier to derive from
            # this adapter by adding
            user.save()
            if data.get('birth_date', False):
                UserProfile.objects.create(user=user, birth_date=data.get('birth_date', None))        
                        
        return user

I have a custom middleware where I want to block unauthenticated request from accessing some route patterns but the middleware could not get request. User

from django.http import JsonResponse
from django.utils.deprecation import MiddlewareMixin

class BlockAnonymousUsersMiddleware(MiddlewareMixin):
    def process_request(self, request):
        print(request.user)
        protected_paths = ['/api/']
        for path in protected_paths:
            if request.path.startswith(path) and not request.user.is_authenticated:
                return JsonResponse({
                    'status': 401,
                    'errors': [{'message': 'Authentication required'}]
                })
Here is the middleware used in the app as contained in settings.py

 MIDDLEWARE = [
    'corsheaders.middleware.CorsMiddleware',
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
    'allauth.account.middleware.AccountMiddleware',
    'users.middlewares.BlockAnonymousUsersMiddleware',
]

My CustomTokenStrategy seem not to be the cause as commenting it makes no difference

Back to Top