1

The problem I'm having

  • I'm currently using Django v1.9 as a back-end for my Angular2 app (I'm not using the Django REST Framework yet, just using Django's authentication system and dumping JSON)
  • I'm trying to authenticate the user, log them in, and then allow them to edit their profile.
  • The first two steps seem to work. However, I'm having some trouble with request.user.is_authenticated() - it consistently returns false, even though I have called the login() function on the user previously.

The part that seems to work

@csrf_exempt
def userlogin(request):

  body_unicode = request.body.decode('utf-8')
  body = json.loads(body_unicode)
  input_u = body['uname']
  input_p = body['pword']

  worked = False

  user = authenticate(username=input_u, password=input_p)

  if user is not None:
      login(request, user)
      context = { "login_data" : { "logged_in" : True, "user_id" : user.id } }
  else:
      context = { "login_data" : { "logged_in" : False, "user_id" : 0 } }

  return HttpResponse(json.dumps(context), content_type="application/json")

The part I'm struggling with

@ensure_csrf_cookie
def user(request):
  is_auth = False

  if request.user.is_authenticated():
    is_auth = True

  context = { "is_auth" : is_auth }

  return HttpResponse(json.dumps(context), content_type="application/json")

Note: I'm using is_authenticated() (function) and not is_authenticated (property) as I'm on Django v1.9 and not v.1.10 (source). I was previously making the mistake of checking for the property and it always returned true, but when I'd try to return the ID of the user from the request object it would always be null.

I keep getting false here. This is the first time I've tried auth with Django, so I just wanted to ask some questions here:

  • Am I doing something terribly wrong? I think I have all of the stuff I need in my settings:

    INSTALLED_APPS = [
    'search.apps.SearchConfig',
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'rest_framework',
    'corsheaders'
]

I also have 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.auth.middleware.SessionAuthenticationMiddleware' in my middleware.

  • How exactly does Django know that the user is authenticated? I assume that since I have sessions activated, it checks for the session cookie. However, I suspect this could be the issue. On inspection, I had a cookie placed this afternoon for localhost. However, since then I've signed in and not been able to update it. I even tried Django's in-built test cookie function (source) but it wouldn't work when I tested it. My settings should be okay, I have the following:

    INSTALLED_APPS = ['django.contrib.sessions']

SESSION_ENGINE = "django.contrib.sessions.backends.signed_cookies"

MIDDLEWARE_CLASSES = [
  ...
  'django.contrib.sessions.middleware.SessionMiddleware',
  ...
  'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
  ...]

    I suspect I'm missing something obvious but I've been reading other threads for a while now with no luck.

Thanks, guys! Nick

Community
  • 1
  • 1
Nicholas James Hall
  • 69
  • 1
  • 7
  • Are you sure the user is not None, when you use authenticate method? – Windsooon Sep 11 '16 at 05:08
  • 100% - it returns "logged_in" = True as I would expect. – Nicholas James Hall Sep 11 '16 at 11:38
  • Please add you user model. – Windsooon Sep 11 '16 at 13:09
  • Hey Aison. I'm using the default User model from django.contrib.auth.models, I haven't made any adjustments / extensions to it. – Nicholas James Hall Sep 11 '16 at 13:17
  • Now you problem is only why user_id return Null, the function is_authenticated() now works well right? – Windsooon Sep 11 '16 at 13:44
  • Not quite. I'm able to log the user in with success, but when I check whether the user is authenticated later with is_authenticated(), it always returns false. Consistent with this, request.user.id is always null in this view. As such, I think that Django can't access the session cookie. – Nicholas James Hall Sep 11 '16 at 14:14
  • Did you add Authentication middleware? – Windsooon Sep 11 '16 at 15:23
  • I fixed it! Problem was that Angular wasn't sending the session cookie to Django because I'm using CORS. Fixed it by adding { withCredentials : true } to my RequestOptions object. More here: http://stackoverflow.com/questions/39431386/angular2-and-django-csrf-token-headache/39436142?noredirect=1#comment66195079_39436142 – Nicholas James Hall Sep 11 '16 at 19:13

2 Answers2

1

Found the solution to my own problem from another problem I was having.

The issue is that Angular wasn't sending cookies to the Django server. As Angular is using CORS by default, I had to add { withCredentials : true } to my RequestOptions object.

Example: editUser(userdata) {

    console.log("UserService: createUser function called");
    console.log(JSON.stringify(userdata));

    if(this.validateData(userdata)) {

        let headers = new Headers({
            'Content-Type': 'application/json',
            'X-CSRFToken': this.getCookie('csrftoken')
        });

        let options = new RequestOptions({ headers: headers, withCredentials: true });

        return this._http
            .post(
                this._editUserUri,
                JSON.stringify(userdata),
                options)
            .map(res => {
                console.log(res.json());
                return res.json();
            })
    }

}

Explained thoroughly here: Angular2 and Django: CSRF Token Headache

Community
  • 1
  • 1
Nicholas James Hall
  • 69
  • 1
  • 7
0

You don't have the contrib.auth app in INSTALLED_APPS.

Daniel Roseman
  • 588,541
  • 66
  • 880
  • 895