search

WDI-SEA / project-4-issues

Open an issue to receive help on project 4 issues
0 stars 0 forks source link

Authentication/Permissions bug Django #35

Closed Mackmiller closed 2 years ago

Mackmiller commented 2 years ago

What stack are you using?

(ex: MERN(mongoose + react), DR(django + react), PEN, etc.)

DR

What's the problem you're trying to solve?

I started toying around with the permissions/auth classes for a certain endpoint in my server, /shows/

Goal: /shows/ url is accessible to both users and nonusers. Current behavior: /shows/ content is showing up correctly, but app crashes if user tries to sign out while on /shows/ url. I know it has to do with me messing with the auth/permission classes....

Post any code you think might be relevant (one fenced block per file)

I included these overrides in my show_views:

# Override the authentication/permissions classes so this endpoint
# is not authenticated & we don't need any permissions to access it.
authentication_classes = ()
permission_classes = ()

If you see an error message, post it here. If you don't, what unexpected behavior are you seeing?

Unhandled Rejection (TypeError): Cannot read properties of null (reading 'token')

What is your best guess as to the source of the problem?

I don't have a complete grasp on token auth in django yet

What things have you already tried to solve the problem?

modifying various code in both server and client repos. Usually just results in additional bugs or no progress forward.

tkolsrud commented 2 years ago

Hmm, I mean I can't remember what's under the hood in Django off the top of my head, but i'm assuming sign out has some kind of route that it's acting through?

tkolsrud commented 2 years ago

Which then should be redirecting when the user initiates the method

Mackmiller commented 2 years ago

I definitely think it has to do with these two items in my django route, yes:

authentication_classes = ()
permission_classes = ()

I've started playing around with putting different things in the (), but I don't think it's correct.

The alternative would be to just have the entire app as authenticated, which would mean swapping out the code above with:

permission_classes=(IsAuthenticated,)

and then I have no problems. lol

Mackmiller commented 2 years ago

okay, think I might have fixed it but don't understand why lol. I deleted the permission_classes line of override code so that I just had authentication_classes = () as an override and it appears to be working. let me do a few more tests and I'll follow up

Mackmiller commented 2 years ago

^^ that first attempt at a fix was very buggy. I ended up adding back in both lines of code to my route and now it seems to be working. I think actually the problem stemmed from my auth header in the client side, which I have since commented out. Not feeling comfy but I've been testing it and seems stable now.