Closed Instrumedley closed 3 years ago
So, I fixed this now by modifying this line in my url
path('graphql/', csrf_exempt(GraphQLView.as_view(graphiql=True))),
to this
path('graphql/', jwt_cookie(GraphQLView.as_view(graphiql=True))),
The former is how the tutorial instructed me to do. But I'm not sure I quite understand the full thing.
When testing on Insomnia I do get a "don't have permission" message if I try to call that mutation without calling login first. If I call Login and then call CreateSession then it works, however I don't need to set Authentication header with the JWT Token, so I'm not really sure now if this is the intended behaviour. I do get to see the JWT there if I do
print(info.context.headers)
{'Content-Length': '236', 'Content-Type': 'application/json', 'Host': 'localhost:8000', 'User-Agent': 'insomnia/2020.5.2', 'Cookie': 'csrftoken=Np24LyNrajUtp4OIqnrX9aFLTY7p0RAqIUJx2pHX6qsB0M6KN5OYio1elI8dwL3A; JWT=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VybmFtZSI6ImdsZWVjaGktYWRtaW4iLCJleHAiOjE2MTgzMTgwOTgsIm9yaWdJYXQiOjE2MTgzMTc3OTh9.e97blG9c3UxGovosXhlL9dRf7_GuhAkE9lbtvAOxRCc', 'Accept': '/'}
Is it some sort of behaviour from Insomnia or what am I missing here?
Reading the JWT official docs clarified my confusion.
A cookie-based authentication does not require sending the tokens as a mutation input argument nor in the headers
Well, for now I'll stick to that since it works. To be honest, your guide and documentation needs a lot of work. By looking at my issue and most of the other issues here I can see your documentation is the one creating some of these confusions.
Prerequisites
For more information, see the CONTRIBUTING guide.
Hi guys, I'm having a hard time getting the library to work properly with regarding protected mutations or using the @login_required decorator. I'm probably doing something wrong but can't figure out why
This is the query for the mutation I'm testing
mutation CreateSession{ createSession(category: "assessment",name: "test 2332", totalSteps: 23, trainingId: 1, userId: 6) { session { id name } } }
And here is the schema class for that mutation
When testing on Insomnia, the Login, Me and VerifyAccount all work fine. If I send the Authentication JWT Token in the header, it gives success, if I don't it gives the error as expected.
However when testing that mutation, I keep getting "You do not have permission to perform this action". I'm sure I'm using the token correctly and it's not expired because at the same time I test this, I test the verify token and it verifies it correctly. I sent a screenshot in any case of the insomnia panels
Here is are the relevant parts of my settings.py
And finally my requirements.txt
aniso8601==7.0.0 asgiref==3.2.10 attrs==20.1.0 bcrypt==3.1.7 beautifulsoup4==4.9.3 cached-property==1.5.1 cachetools==4.1.1 certifi==2019.11.28 cffi==1.14.0 chardet==3.0.4 click==7.1.2 colorama==0.4.4 coreapi==2.3.3 coreschema==0.0.4 cryptography==2.8 defusedxml==0.6.0 dj-database-url==0.5.0 Django==3.0.4 django-adaptors==0.2.5 django-allauth==0.41.0 django-cors-headers==3.2.1 django-csvimport==2.13 django-debug-toolbar==3.2 django-filter==2.2.0 django-graphiql-debug-toolbar==0.1.4 django-graphql-auth==0.3.16 django-graphql-jwt==0.3.0 django-health-check==3.16.2 django-heroku==0.0.0 django-postgres-metrics==0.6.2 django-rest-auth==0.9.5 django-rest-framework==0.1.0 django-rest-swagger==2.2.0 django-storages==1.9.1 djangorestframework==3.11.0 djangorestframework-gis==0.15 djangorestframework-jwt==1.11.0 docker-pycreds==0.4.0 dockerpty==0.4.1 docopt==0.6.2 drf-spectacular==0.13.1 drf-yasg==1.17.1 geojson==2.5.0 google-api-core==1.22.1 google-auth==1.20.1 google-cloud-core==1.4.1 google-cloud-storage==1.26.0 google-resumable-media==0.5.1 googleapis-common-protos==1.52.0 graphdoc==0.2.1 graphene==2.1.8 graphene-django==2.15.0 graphql-core==2.3.2 graphql-relay==2.0.1 gunicorn==20.0.4 idna==2.9 inflection==0.5.1 ingredient-parser==1.0.1 itypes==1.1.0 Jinja2==2.11.1 joblib==1.0.1 jsonschema==3.2.0 markdown2==2.4.0 MarkupSafe==1.1.1 nltk==3.5 oauthlib==3.1.0 openapi-codec==1.3.2 packaging==20.4 paramiko==2.7.1 parse-ingredients==0.0.3 Pillow==7.0.0 promise==2.3 protobuf==3.13.0 psycopg2-binary==2.8.5 pyasn1==0.4.8 pyasn1-modules==0.2.8 pycparser==2.19 Pygments==2.6.1 PyJWT==1.7.1 PyMySQL==1.0.2 PyNaCl==1.4.0 pyparsing==2.4.7 pyrsistent==0.16.0 python-dotenv==0.15.0 python3-openid==3.1.0 pytz==2019.3 PyYAML==5.3 regex==2020.11.13 requests==2.23.0 requests-oauthlib==1.3.0 rsa==4.6 ruamel.yaml==0.16.10 ruamel.yaml.clib==0.2.0 Rx==1.6.1 simplejson==3.17.0 singledispatch==3.6.1 six==1.14.0 soupsieve==2.1 sqlparse==0.3.1 termcolor==1.1.0 text-unidecode==1.3 texttable==1.6.2 tqdm==4.57.0 uritemplate==3.0.1 urllib3==1.25.8 uWSGI==2.0.18 websocket-client==0.56.0 whitenoise==5.0.1
Any clue or help would be much appreciated. Thank you for your time