2025-summer/team-3
12
Fork 0
Code Issues Pull requests Projects Releases Activity

force session for all users, even not logged in, to ensure they can save routing settings via api

Browse source
This commit is contained in:
Gwendolyn 2023-12-21 16:32:26 +01:00
parent 348c176502
commit 511a40fb5a
3 changed files with 5 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

7
src/c3nav/api/api.py
View file

@ -55,9 +55,10 @@ class APIKeySchema(BaseSchema):
summary="get session-bound key") summary="get session-bound key")
def session_key(request): def session_key(request):
""" """
Get an API key that is bound to the transmitted session cookie. Get an API key that is bound to the transmitted session cookie, or a newly created session cookie if none is sent.
Keep in mind that this API key will be invalid if the session gets signed out or similar. Keep in mind that this API key will be invalid if the session gets signed out or similar.
""" """
session_id = request.COOKIES.get(settings.SESSION_COOKIE_NAME, None) if request.session.session_key is None:
return {"key": "anonymous" if session_id is None else f"session:{session_id}"} request.session.create()
return {"key": f"session:{request.session.session_key}"}

2
src/c3nav/api/auth.py
View file

@ -70,8 +70,6 @@ class APIKeyAuth(APIKeyHeader):
elif key.startswith("session:"): elif key.startswith("session:"):
session = self.SessionStore(key.removeprefix("session:")) session = self.SessionStore(key.removeprefix("session:"))
user = auth_get_user(FakeRequest(session=session)) user = auth_get_user(FakeRequest(session=session))
if not user.is_authenticated:
raise APIKeyInvalid
request.user = user request.user = user
return APIAuthDetails( return APIAuthDetails(
key_type=APIKeyType.SESSION, key_type=APIKeyType.SESSION,

2
src/c3nav/static/c3nav/js/api.js
View file

@ -10,7 +10,7 @@
authenticate() { authenticate() {
return fetch(this.base+'auth/session/', { return fetch(this.base+'auth/session/', {
credentials: 'include', credentials: 'same-origin',
method: 'GET', method: 'GET',
}) })
.then(res => res.json()) .then(res => res.json())