Authentication error with 0.1.3 release

[XiweiAtVian]

REST API interface GET access as "GET /services/p/p/" got complain :

{
    "detail": "Authentication credentials were not provided."
}

Here is the setup of view and URL conf

from adrf.views import APIView as AsyncAPIView
@authentication_classes([authentication.SessionAuthentication, ExpiringTokenAuthentication])
@permission_classes([permissions.IsAuthenticated])
class DummyView(AsyncAPIView):
    async def get(self, request, category, slug): pass 

path('services/<str:category>/<str:slug>/', DummyView.as_view()

It's fine with 0.1.2, but starts fail with 0.1.3.

[em1208]

@XiweiAtVian Can you please try:

class DummyView(AsyncAPIView): 
    authentication_classes = [authentication.SessionAuthentication, ExpiringTokenAuthentication]
    permission_classes = [permissions.IsAuthenticated]
    async def get(self, request, category, slug): pass 

instead of using the decorators and see if it makes any difference? Thanks!

[ntsphwoelfel]

@XiweiAtVian Can you please try:

class DummyView(AsyncAPIView): 
    authentication_classes = [authentication.SessionAuthentication, ExpiringTokenAuthentication]
    permission_classes = [permissions.IsAuthenticated]
    async def get(self, request, category, slug): pass 

instead of using the decorators and see if it makes any difference? Thanks!

I'm using that version and got the same problem. (I assume authentication is from rest_framework import authentication) Reverted back to 0.1.2 and that works again.

[SilverFoxA]

+1

I'm using the latest version with my existing application and I found the same error.

[mliudev]

I have the same issue and it appears that the request.user attribute is lost somewhere along the way. I put a breakpoint in rest_framework.authentication.SessionAuthentication and inspected the user object but it was empty.

This is with Django 5.0.1.

[Crazy0416]

@mliudev I found the location where request.user was lost.
I use adrf's APIView. This class has initialize_request method, this method override origin request instance and return new request instance

[mliudev]

@mliudev I found the location where request.user was lost. I use adrf's APIView. This class has initialize_request method, this method override origin request instance and return new request instance

This is overriding DRF's initialize_request with an AsyncRequest instead of a sync request:

• https://github.com/em1208/adrf/blob/0.1.4/adrf/requests.py#L9
• https://github.com/encode/django-rest-framework/blob/3.14.0/rest_framework/views.py#L385

The AsyncRequest wraps DRF's Request with async_to_sync helpers. The user is probably being lost somewhere in here. I just don't know why or how.

EDIT

Oh I see:

• adrf/adrf/requests.py

  Line 44 in cad2922

  self._authenticator, self.user, self.auth = None, None, None

After that I guess the user never gets set again.

[em1208]

Thanks @mliudev for looking into this. I just released version 0.1.5 which should fix this issue.

[mliudev]

Thanks for this! Will test and let you know how it goes.

[mliudev]

It works!