Request.user.is_authenticated check not working as expected for routes outside of those provided by Django Allauth
I am having issue where request.user.is_authenticated returns false with a valid X-Session-Token sent in the header whenever a request is sent to other part of the app apart from those url provided by allauth and headless. I am new to Django and in fact, this is my first Django project. I might be missing some things but haven't found solution elsewhere.
I used custom user via CustomAccountAdapter which extends allauth.account.adapter.DefaultAccountAdapterby overriding the save_user function based on what I digested from the documentation. I defined custom token strategy to generate access_token and refresh token while copying the implemention of session token from allauth:
from allauth.account.adapter import DefaultAccountAdapter
from users.models.user_profile import UserProfile
from allauth.account.utils import user_email, user_username
import json
class CustomAccountAdapter(DefaultAccountAdapter):
def save_user(self, request, user, form, commit=True):
data = json.loads(request.body)
email = data.get("email")
username = data.get("username")
user_email(user, email)
user_username(user, username)
if "password" in data:
user.set_password(data["password"])
else:
user.set_unusable_password()
self.populate_username(request, user)
user.is_creator = data.get('is_creator', False)
if commit:
# Ability not to commit makes it easier to derive from
# this adapter by adding
user.save()
if data.get('birth_date', False):
UserProfile.objects.create(user=user, birth_date=data.get('birth_date', None))
return user
I have a custom middleware where I want to block unauthenticated request from accessing some route patterns but the middleware could not get request. User
from django.http import JsonResponse
from django.utils.deprecation import MiddlewareMixin
class BlockAnonymousUsersMiddleware(MiddlewareMixin):
def process_request(self, request):
print(request.user)
protected_paths = ['/api/']
for path in protected_paths:
if request.path.startswith(path) and not request.user.is_authenticated:
return JsonResponse({
'status': 401,
'errors': [{'message': 'Authentication required'}]
})
Here is the middleware used in the app as contained in settings.py
MIDDLEWARE = [
'corsheaders.middleware.CorsMiddleware',
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'allauth.account.middleware.AccountMiddleware',
'users.middlewares.BlockAnonymousUsersMiddleware',
]
My CustomTokenStrategy seem not to be the cause as commenting it makes no difference