Sessions Django issue | Django | Page 1

worn current Nov 16, 2023, 10:44 PM

#

after you authenticate then make a request, check the request headers

#

is session_id being sent inside cookie?

livid gust Nov 16, 2023, 10:48 PM

#

after login:
csrftoken o4EJRzQKrGLpoYx2DWzdXTdzKrOOiJeJ
sessionid yknaf26ewobrhpje96dd3cjv5mnap8ov

#

cookie

#

Headers for profile:
X-CSRFToken: o4EJRzQKrGLpoYx2DWzdXTdzKrOOiJeJ
Authorization: Basic yknaf26ewobrhpje96dd3cjv5mnap8ov

worn current Nov 16, 2023, 10:51 PM

#

this is not correct

#

when you are using session auth Authorization header is not used for auth

#

but the sessionid cookie

#

you need to check the cookie, not Authorization header

livid gust Nov 16, 2023, 10:53 PM

#

i use Insomnia for testing

worn current Nov 16, 2023, 10:53 PM

#

ok put the cookie in your header

livid gust Nov 16, 2023, 10:53 PM

#

Cookie: sessionid=yknaf26ewobrhpje96dd3cjv5mnap8ov

#

right?

worn current Nov 16, 2023, 10:53 PM

#

correct

livid gust Nov 16, 2023, 10:54 PM

#

same problem

worn current Nov 16, 2023, 10:56 PM

#

can you try it from a browser

livid gust Nov 16, 2023, 10:56 PM

#

I don't have authorization form

worn current Nov 16, 2023, 10:56 PM

#

I mean it shouldn't matter, hmm

#

debug is true?

livid gust Nov 16, 2023, 10:57 PM

#

yes

worn current Nov 16, 2023, 10:57 PM

#

login to admin page

livid gust Nov 16, 2023, 10:57 PM

#

and?

worn current Nov 16, 2023, 10:57 PM

#

then go to this endpoint

@api_view(['GET'])
@permission_classes([IsAuthenticated])
def api_public_user_profile(request):
    user = request.user
    user_profile = PublicUser.objects.get(user=user.id)
    serializer = PublicUserSerializer(user_profile)

    return Response({'user': serializer.data}, status=status.HTTP_200_OK)

#

whatever the url is

livid gust Nov 16, 2023, 10:58 PM

#

it use another model

#

PublicUser

#

not standart

worn current Nov 16, 2023, 10:58 PM

#

you are not supposed to have multiple user models

livid gust Nov 16, 2023, 10:59 PM

#

I have 2 models

worn current Nov 16, 2023, 10:59 PM

#

you can't

#

you shouldn't

livid gust Nov 16, 2023, 10:59 PM

#

why?

worn current Nov 16, 2023, 10:59 PM

#

if you want public/manager/freebie whatever, use permissions

#

because it will break things as you can see

livid gust Nov 16, 2023, 11:00 PM

#

I need to add other fields to this model and I have created a separate one

worn current Nov 16, 2023, 11:00 PM

#

libraries use get_user_model to determine what user model is being used

#

then create your custom model?

livid gust Nov 16, 2023, 11:01 PM

#

where do I use "get_user_model"?

worn current Nov 16, 2023, 11:01 PM

#

anytime when you need the user model

#

https://docs.djangoproject.com/en/4.2/topics/auth/customizing/#auth-custom-user

Django Project

Django

The web framework for perfectionists with deadlines.

#

and maybe use one of the auth libraries along with drf to make things easier, dj-rest-auth, djoser etc

livid gust Nov 16, 2023, 11:02 PM

#

How do I use it if I need to use 2 models?

worn current Nov 16, 2023, 11:02 PM

#

why do you need 2 models?

livid gust Nov 16, 2023, 11:02 PM

#

for admin panel and public site

worn current Nov 16, 2023, 11:03 PM

#

admin panel access is determined by is_staff attribute of user model, when you create a user is_staff is False so user can't access admin anyway?

livid gust Nov 16, 2023, 11:03 PM

#

2 models cannot be used?

worn current Nov 16, 2023, 11:04 PM

#

no, and you still didn't answer why you would need 2 models

livid gust Nov 16, 2023, 11:04 PM

#

Okay, I'll try, thanks

#Sessions Django issue