Search code examples
djangoangularjstastypie

request.user is Anonymous even after login in Angularjs , django-tastypie

I'm having big trouble with login in Tastypie and Django.

Through AngularJSs I send my login request like below :

var request = $http({
                    method: "post",
                    url: API_URL + "api/v1/global/login/",
                    data: {'user':$scope.login_user, 'password':$scope.password}


                });

Then inside LoginResource in api.py I added separate function (different types of users in my project) :

def login(self, request, **kwargs):
        self.method_check(request, allowed=['post'])
        data = self.deserialize(request, request.body, format=request.META.get('CONTENT_TYPE', 'application/json'))
        user = data.get('user', '')
        password = data.get('password', '')
        user = authenticate(username=user, password=password)
        if user.is_active:
           login(request, user)
           print(request.user.is_authenticated(), request.user.id, request.session.session_key)

                return self.create_response(request, {
                    'success': True,
                })

The request.user.is_authenticated() shows True value.

I have MessageResource in my api.py :

class MessagesResource(ModelResource):
    login_user = fields.ForeignKey(UserResource, 'login_user', null=True, full=True)
    from_person = fields.ForeignKey(UserResource, 'from_person', null=True, full=True)
    to_person = fields.ForeignKey(UserResource, 'to_person', null=True, full=True)
    create_user = fields.ForeignKey(UserResource, 'create_user', null=True, full=True)
    update_user = fields.ForeignKey(UserResource, 'update_user', null=True, full=True)
    class Meta:
        allowed_methods = ['get','post','delete','put','patch']
        queryset = Messages.objects.all()
        resource_name = 'messages'
        authorization = Authorization()
        authentication = Authentication()
        always_return_data = True
        filtering = { 
            'from_person':ALL,
            'to_person':ALL_WITH_RELATIONS,
            'status':ALL
                    }

    def get_object_list(self, request):
        print('request.user.id=',request.user.id)
        return super(MessagesResource, self).get_object_list(request).filter(to_person__id=request.user.id)

Here inside get_object_list request.user.id is None. What am i doing wrong?

Note: After login in login controller I redirected to 'Dashboard.html'.. Does this redirect has any effect in this request ?

EDIT: This is my login resource

class GlobalLoginResource(ModelResource):
    class Meta:
        queryset = User.objects.all()
        allowed_methods = ['get','post']
        resource_name = 'global'
        authorization = DjangoAuthorization()
        excludes = ['password']
Solution

  • If you are using standard Authentication which means "no authentication at all", the method is_authenticated doesn't check or assign user to request. So user bundle.request.user will be anonymous in this particular resource. I see you have signed request up in login resource. So guessing you will have to use SessionAuthenctication or generate api_key in login. And use that in MessageResource as ApiKeyAuthentication or other.

    You should see how is_authenticated works for each authentication method: Authentication BasicAuthentication ApiKeyAuthentication SessionAuthentication

    Note response: Redirect is not related here.