search

Comp-490-SeniorProject / site

MIT License
0 stars 1 forks source link

Investigate why some endpoints don't require authentication #57

Open MarkKoz opened 2 years ago

MarkKoz commented 2 years ago

Apparently GET for devices endpoint doesn't require auth event though I thought I configured all endpoints to require it. It might be related to CSRF tokens only being necessary for certain types of requests by default (POST and DELETE for example). Ideally everything should be authenticated since users shouldn't be able to see other users' devices etc.

MarkKoz commented 2 years ago

GET /api/devices while not logged in also causes this server error

Internal Server Error: /api/devices/
Traceback (most recent call last):
  File "/home/mark/repos/python/comp490/.venv/lib/python3.10/site-packages/django/db/models/fields/__init__.py", line 1823, in get_prep_value
    return int(value)
  File "/home/mark/repos/python/comp490/.venv/lib/python3.10/site-packages/django/contrib/auth/models.py", line 420, in __int__
    raise TypeError('Cannot cast AnonymousUser to int. Are you trying to use it in place of User?')
TypeError: Cannot cast AnonymousUser to int. Are you trying to use it in place of User?

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/home/mark/repos/python/comp490/.venv/lib/python3.10/site-packages/django/core/handlers/exception.py", line 47, in inner
    response = get_response(request)
  File "/home/mark/repos/python/comp490/.venv/lib/python3.10/site-packages/django/core/handlers/base.py", line 181, in _get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
  File "/home/mark/repos/python/comp490/.venv/lib/python3.10/site-packages/django/views/decorators/csrf.py", line 54, in wrapped_view
    return view_func(*args, **kwargs)
  File "/home/mark/repos/python/comp490/.venv/lib/python3.10/site-packages/rest_framework/viewsets.py", line 125, in view
    return self.dispatch(request, *args, **kwargs)
  File "/home/mark/repos/python/comp490/.venv/lib/python3.10/site-packages/rest_framework/views.py", line 509, in dispatch
    response = self.handle_exception(exc)
  File "/home/mark/repos/python/comp490/.venv/lib/python3.10/site-packages/rest_framework/views.py", line 469, in handle_exception
    self.raise_uncaught_exception(exc)
  File "/home/mark/repos/python/comp490/.venv/lib/python3.10/site-packages/rest_framework/views.py", line 480, in raise_uncaught_exception
    raise exc
  File "/home/mark/repos/python/comp490/.venv/lib/python3.10/site-packages/rest_framework/views.py", line 506, in dispatch
    response = handler(request, *args, **kwargs)
  File "/home/mark/repos/python/comp490/.venv/lib/python3.10/site-packages/rest_framework/mixins.py", line 38, in list
    queryset = self.filter_queryset(self.get_queryset())
  File "/home/mark/repos/python/comp490/web/api/viewsets/device.py", line 11, in get_queryset
    return Device.objects.filter(owner=self.request.user)
  File "/home/mark/repos/python/comp490/.venv/lib/python3.10/site-packages/django/db/models/manager.py", line 85, in manager_method
    return getattr(self.get_queryset(), name)(*args, **kwargs)
  File "/home/mark/repos/python/comp490/.venv/lib/python3.10/site-packages/django/db/models/query.py", line 941, in filter
    return self._filter_or_exclude(False, args, kwargs)
  File "/home/mark/repos/python/comp490/.venv/lib/python3.10/site-packages/django/db/models/query.py", line 961, in _filter_or_exclude
    clone._filter_or_exclude_inplace(negate, args, kwargs)
  File "/home/mark/repos/python/comp490/.venv/lib/python3.10/site-packages/django/db/models/query.py", line 968, in _filter_or_exclude_inplace
    self._query.add_q(Q(*args, **kwargs))
  File "/home/mark/repos/python/comp490/.venv/lib/python3.10/site-packages/django/db/models/sql/query.py", line 1393, in add_q
    clause, _ = self._add_q(q_object, self.used_aliases)
  File "/home/mark/repos/python/comp490/.venv/lib/python3.10/site-packages/django/db/models/sql/query.py", line 1412, in _add_q
    child_clause, needed_inner = self.build_filter(
  File "/home/mark/repos/python/comp490/.venv/lib/python3.10/site-packages/django/db/models/sql/query.py", line 1347, in build_filter
    condition = self.build_lookup(lookups, col, value)
  File "/home/mark/repos/python/comp490/.venv/lib/python3.10/site-packages/django/db/models/sql/query.py", line 1193, in build_lookup
    lookup = lookup_class(lhs, rhs)
  File "/home/mark/repos/python/comp490/.venv/lib/python3.10/site-packages/django/db/models/lookups.py", line 25, in __init__
    self.rhs = self.get_prep_lookup()
  File "/home/mark/repos/python/comp490/.venv/lib/python3.10/site-packages/django/db/models/fields/related_lookups.py", line 117, in get_prep_lookup
    self.rhs = target_field.get_prep_value(self.rhs)
  File "/home/mark/repos/python/comp490/.venv/lib/python3.10/site-packages/django/db/models/fields/__init__.py", line 1825, in get_prep_value
    raise e.__class__(
TypeError: Field 'id' expected a number but got <django.contrib.auth.models.AnonymousUser object at 0x7f8aa39428f0>.