Why is request.user not being populated in Django when using custom JWT middleware?

I'm implementing custom JWT authentication in Django and I'm using middleware to decode the JWT token and assign request.user to the authenticated user. However, when I try to access request.user inside my view or decorator, it's not being populated, even though the middleware is correctly decoding the token and assigning it.

class JWTAuthenticationMiddleware:
    def __init__(self, get_response):
        self.get_response = get_response

    def __call__(self, request):
        # Check for the presence of the JWT in the Authorization header
        # Debugging the Authorization header
        print(f"Authorization Header: {request.headers.get('Authorization')}")
        auth_header = request.headers.get("Authorization")
        if auth_header and auth_header.startswith("Bearer "):
            token = auth_header.split(" ")[1]
            try:
                user = decode_jwt_token(token)
                print(f"JWT Decoded Payload: {user}")  #  Print decoded token
                request.user = user  #  Assign the user here
                request._force_auth_user = user
                print(f"JWT Middleware: User assigned: {request.user.email} - {request.user.role}")
            except jwt.ExpiredSignatureError:
                print("JWT Middleware: Token expired")
            except jwt.DecodeError:
                print("JWT Middleware: Invalid token")

        response = self.get_response(request)
        print(
            f"JWT Middleware (After Response): {request.user if hasattr(request, 'user') else 'No User'}"
        )  # Debug after response
        return response

class InviteUserView(APIView):
    """Invite a user via email with role assignment"""

    @bypass_csrf
    @authorize
    @role_required([UserRoleEnum.SUPER_ADMIN.value])
    def post(self, request):
        print(f"DEBUG: User in request inside view - {getattr(request, 'user', 'No User')}")
        serializer = UserInvitationSerializer(data=request.data)
        try:
            if serializer.is_valid():
                invitation_link = send_invitation(request, serializer, request.user)
                response = create_response(201, ResponseCodes.SUCCESS, True, invitation_link, None, None)
        except Exception as e:
            response = create_response(500, ResponseCodes.ERROR, False, {}, str(e), str(e))

        return response

def authorize(view_func):
    """Decorator to ensure that the user is authenticated via JWT."""

    @functools.wraps(view_func)
    def wrapper(request, *args, **kwargs):
        print(f"DEBUG: User in request BEFORE middleware - {getattr(request, 'user', 'No User')}")  # Debugging line
        if not hasattr(request, "user") or isinstance(request.user, AnonymousUser):
            return create_response(
                401,
                ResponseCodes.UNAUTHORIZED.name,
                False,
                None,
                "Authentication required.",
                ResponseCodes.UNAUTHORIZED.value,
            )
        print(f"DEBUG: User in request AFTER middleware - {request.user}")
        return view_func(request, *args, **kwargs)

    return wrapper

Вернуться на верх

Последние вопросы и ответы

Switching from WSGI to ASGI (Gunicorn + Uvicorn) in Django Production – Site Not Loading