Infinite loop with Django, MongoDB and Djongo with HasApiKey - Solved?
Closed this issue · 1 comments
Manu-Fraile commented
Hi! I found a bug when using HasApiKey as the permission class for my views. In my project I'm using Django, MongoDB and Djongo. The issue was that while checking the Api-Key I always ended up in an infinite loop inside djongo.
I found a solution that is working good for me by rewriting the method has_permission
inside the BaseHasApiKey
class:
def has_permission(self, request: HttpRequest, view: typing.Any) -> bool:
assert self.model is not None, (
"%s must define `.model` with the API key model to use"
% self.__class__.__name__
)
key = self.get_key(request)
# TODO rewrite KeyParser to handle custom header
request_keyword, request_auth = request.META.get("HTTP_AUTHORIZATION").split(" ")
request_prefix, _ = request_auth.split(".")
if key and request_keyword == self.key_parser.keyword and self.model.objects.filter(prefix=request_prefix).exists():
key_model = self.model.objects.get(prefix=request_prefix)
return key_model.is_valid(key)
else:
return False
If I am breaking anything that I'm not aware of, please let me know. On the other hand, if this could contribute somehow, do not hesitate to let me know.
Cheers!
florimondmanca commented
Hello @Manu-Fraile
Could you provide a traceback for the infinite loop you’re using? Was that a maximum recursion depth error? Where does it say it loops on exactly?