Olorin92
commented
5 years ago One recommendation could be a simple check to see if the request.user has already been set, and if it has, user the ID of that user - otherwise fall back to the session_data _auth_user_id.
Happy to create a pull request doing this for your review if you'd like.
stephenmcd
As per the title, it seems that the _upload_file and the @flash_login_required decorator by extension requires you to be using Django session authentication:
user_id = session_data['_auth_user_id']
This line will fail in the flash_login_required decorator if not using Django auth, and so you won't be able to upload any files successfully.
Would it be possible to make this part of the code 'pluggable', to allow custom auths to handle the fetching of the user_id?