Re[2]: How to authenticate a user in websocket connection in django channels when using token authentication

2017-11-16 Thread Dominik Szmaj 
Ok, this was entirely my fault. I created groups with id of a 
user.username and didn't add message.reply_channel to this group right 
after successful token verification.


__
Pozdrawiam,
Dominik Szmaj

W dniu 15.11.2017 21:13:00, "Dominik Szmaj"  
pisze



Hey,

I've done this websocket authorization almost exactly like Robin, and 
it's working (like receiving token with query params, verifying it and 
things) but it's not properly opening connection (like its not sending 
accept: True, which I do after verification) and connection is 
permanently in pending state don't receiving anything. No errors in log 
or js console except ws connection timeouts.


Could anyone point at possible cause?

Best regards,
Dominik

W dniu piątek, 15 września 2017 19:09:57 UTC+2 użytkownik Andrew Godwin 
napisał:
You'll have to write your own authentication code that runs in 
`connect` and puts a user into the channel session - there's nothing 
built in that will really help you past that I'm afraid.


Andrew

On Thu, Sep 14, 2017 at 6:35 PM, Robin Lery  wrote:
I am using a frontend framework (Vuejs ) and 
django-rest-framework  for the 
REST API in my project. Also, for JSON web token authentication I am 
using django-rest-framework-jwt 
. After a 
successful login, the user is provided with a token. This token is 
passed into every request to fetch any API related stuff.


Now I would like to integrate django channels 
 into my 
project. So, after successful login, when the token is received in 
the client side, I would like to initiate a websocket connection. 
Then on the server (consumer), I would like to check if the requested 
user is not anonymous. If the requested user is anonymous, I would 
like to close the connenction or else accept it.


This is how I have till now:

client side:

const socket =newWebSocket("ws://"+"dev.site.com"+"/chat/");
routing.py:

channel_routing =[
route("websocket.connect", ws_connect),..]
consumers:

def ws_connect(message):# if the user is no anonymous
message.reply_channel.send({"accept":True})# else
message.reply_channel.send({"close":True})
In the documentation 
 
there's a decorator @channel_session_user_from_http which will 
provide a message.user. But I am using a token instead of a session. 
How can I check a user on connection when using token authentication, 
so that I can accept or close connection. Or, if there is a better 
way could you please advise me with it. Thank you.



--
You received this message because you are subscribed to the Google 
Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, 
send an email to django-users...@googlegroups.com.

To post to this group, send email to django...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/CA%2B4-nGp5KhvYKdhD%3Dufus-jmHz%2BN%2BLPzOuX1R3V%2BPOYt8U4QXA%40mail.gmail.com 
.
For more options, visit https://groups.google.com/d/optout 
.




--
You received this message because you are subscribed to a topic in the 
Google Groups "Django users" group.
To unsubscribe from this topic, visit 
https://groups.google.com/d/topic/django-users/io01DlrEszg/unsubscribe.
To unsubscribe from this group and all its topics, send an email to 
django-users+unsubscr...@googlegroups.com.

To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/2f013dc0-597b-43ad-acd1-b9643d6d167d%40googlegroups.com 
.

For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google Groups "Django 
users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/emda42f45e-15c4-487d-8391-694265b73b08%40dszmaj-glb7u.
For more options, visit https://groups.google.com/d/optout.

Re: How to authenticate a user in websocket connection in django channels when using token authentication

2017-11-15 Thread Dominik Szmaj 
Hey, 

I've done this websocket authorization almost exactly like Robin, and it's 
working (like receiving token with query params, verifying it and things) 
but it's not properly opening connection (like its not sending accept: 
True, which I do after verification) and connection is permanently in 
pending state don't receiving anything. No errors in log or js console 
except ws connection timeouts.

Could anyone point at possible cause?

Best regards,
Dominik

W dniu piątek, 15 września 2017 19:09:57 UTC+2 użytkownik Andrew Godwin 
napisał:
>
> You'll have to write your own authentication code that runs in `connect` 
> and puts a user into the channel session - there's nothing built in that 
> will really help you past that I'm afraid.
>
> Andrew
>
> On Thu, Sep 14, 2017 at 6:35 PM, Robin Lery  > wrote:
>
>> I am using a frontend framework (Vuejs ) and 
>> django-rest-framework  for the 
>> REST API in my project. Also, for JSON web token authentication I am using 
>> django-rest-framework-jwt 
>> . After a 
>> successful login, the user is provided with a token. This token is passed 
>> into every request to fetch any API related stuff.
>>
>> Now I would like to integrate django channels 
>>  into my project. 
>> So, after successful login, when the token is received in the client side, 
>> I would like to initiate a websocket connection. Then on the server 
>> (consumer), I would like to check if the requested user is not anonymous. 
>> If the requested user is anonymous, I would like to close the connenction 
>> or else accept it.
>>
>> This is how I have till now:
>>
>> client side:
>>
>> const socket = new WebSocket("ws://" + "dev.site.com"+ "/chat/");
>>
>> routing.py:
>>
>> channel_routing = [
>> route("websocket.connect", ws_connect),
>> ...
>> ...]
>>
>> consumers:
>>
>> def ws_connect(message):
>>
>> # if the user is no anonymous
>> message.reply_channel.send({
>> "accept": True
>> })
>>
>> # else
>> message.reply_channel.send({
>> "close": True
>> })
>>
>> In the documentation 
>> 
>>  
>> there's a decorator @channel_session_user_from_http which will provide a 
>> message.user. But I am using a token instead of a session. How can I 
>> check a user on connection when using token authentication, so that I can 
>> accept or close connection. Or, if there is a better way could you please 
>> advise me with it. Thank you.
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Django users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to django-users...@googlegroups.com .
>> To post to this group, send email to django...@googlegroups.com 
>> .
>> Visit this group at https://groups.google.com/group/django-users.
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/django-users/CA%2B4-nGp5KhvYKdhD%3Dufus-jmHz%2BN%2BLPzOuX1R3V%2BPOYt8U4QXA%40mail.gmail.com
>>  
>> 
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/2f013dc0-597b-43ad-acd1-b9643d6d167d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: How to authenticate a user in websocket connection in django channels when using token authentication

2017-09-16 Thread Robin Lery 
Ok, thanks. So, I was confused about two things on authenticating a user.

1. What to do with the token?

   - You can pass the token as a query string and get that query params.
   Read more about how to get the query params here
   
.

   - Or if you are already passing it in the request's authorization
   header, you can get it from there (like my final code below). Remeber to
   first fake that request.

2. How validate that token and get the user?

   - Finally, VerifyJSONWebTokenSerializer class was all I needed to
   validate the token, and get that token's user object. You can read the
   actual code of django-rest-framework-jwt here
   

   .


So, I ended up doing this way:

def ws_connect(message):
message.content.setdefault('method', 'FAKE')
django_request = AsgiRequest(message)
token = django_request.GET['token'].split(' ')[1]
try:
data = {'token': token}
valid_data = VerifyJSONWebTokenSerializer().validate(data)
user = valid_data['user']
...
...
message.reply_channel.send({
"accept": True
})
except (KeyError, InvalidTokenError, ValidationError,):
...
...
message.reply_channel.send({
"text": "Authentication error",
"close": True
})



On Fri, Sep 15, 2017 at 10:37 PM, Andrew Godwin  wrote:

> You'll have to write your own authentication code that runs in `connect`
> and puts a user into the channel session - there's nothing built in that
> will really help you past that I'm afraid.
>
> Andrew
>
> On Thu, Sep 14, 2017 at 6:35 PM, Robin Lery  wrote:
>
>> I am using a frontend framework (Vuejs ) and
>> django-rest-framework  for the
>> REST API in my project. Also, for JSON web token authentication I am using
>> django-rest-framework-jwt
>> . After a
>> successful login, the user is provided with a token. This token is passed
>> into every request to fetch any API related stuff.
>>
>> Now I would like to integrate django channels
>>  into my project.
>> So, after successful login, when the token is received in the client side,
>> I would like to initiate a websocket connection. Then on the server
>> (consumer), I would like to check if the requested user is not anonymous.
>> If the requested user is anonymous, I would like to close the connenction
>> or else accept it.
>>
>> This is how I have till now:
>>
>> client side:
>>
>> const socket = new WebSocket("ws://" + "dev.site.com"+ "/chat/");
>>
>> routing.py:
>>
>> channel_routing = [
>> route("websocket.connect", ws_connect),
>> ...
>> ...]
>>
>> consumers:
>>
>> def ws_connect(message):
>>
>> # if the user is no anonymous
>> message.reply_channel.send({
>> "accept": True
>> })
>>
>> # else
>> message.reply_channel.send({
>> "close": True
>> })
>>
>> In the documentation
>> 
>> there's a decorator @channel_session_user_from_http which will provide a
>> message.user. But I am using a token instead of a session. How can I
>> check a user on connection when using token authentication, so that I can
>> accept or close connection. Or, if there is a better way could you please
>> advise me with it. Thank you.
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Django users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to django-users+unsubscr...@googlegroups.com.
>> To post to this group, send email to django-users@googlegroups.com.
>> Visit this group at https://groups.google.com/group/django-users.
>> To view this discussion on the web visit https://groups.google.com/d/ms
>> gid/django-users/CA%2B4-nGp5KhvYKdhD%3Dufus-jmHz%2BN%2BLPzOu
>> X1R3V%2BPOYt8U4QXA%40mail.gmail.com
>> 
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-users+unsubscr...@googlegroups.com.
> To post to this group, send email to django-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/django-users.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/django-users/CAFwN1upzHZq%3Dk-scq92PvsatQE4LsQCqjE4DZ%2B-
>

Re: How to authenticate a user in websocket connection in django channels when using token authentication

2017-09-15 Thread Andrew Godwin 
You'll have to write your own authentication code that runs in `connect`
and puts a user into the channel session - there's nothing built in that
will really help you past that I'm afraid.

Andrew

On Thu, Sep 14, 2017 at 6:35 PM, Robin Lery  wrote:

> I am using a frontend framework (Vuejs ) and
> django-rest-framework  for the
> REST API in my project. Also, for JSON web token authentication I am using
> django-rest-framework-jwt
> . After a
> successful login, the user is provided with a token. This token is passed
> into every request to fetch any API related stuff.
>
> Now I would like to integrate django channels
>  into my project.
> So, after successful login, when the token is received in the client side,
> I would like to initiate a websocket connection. Then on the server
> (consumer), I would like to check if the requested user is not anonymous.
> If the requested user is anonymous, I would like to close the connenction
> or else accept it.
>
> This is how I have till now:
>
> client side:
>
> const socket = new WebSocket("ws://" + "dev.site.com"+ "/chat/");
>
> routing.py:
>
> channel_routing = [
> route("websocket.connect", ws_connect),
> ...
> ...]
>
> consumers:
>
> def ws_connect(message):
>
> # if the user is no anonymous
> message.reply_channel.send({
> "accept": True
> })
>
> # else
> message.reply_channel.send({
> "close": True
> })
>
> In the documentation
> 
> there's a decorator @channel_session_user_from_http which will provide a
> message.user. But I am using a token instead of a session. How can I
> check a user on connection when using token authentication, so that I can
> accept or close connection. Or, if there is a better way could you please
> advise me with it. Thank you.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-users+unsubscr...@googlegroups.com.
> To post to this group, send email to django-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/django-users.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/django-users/CA%2B4-nGp5KhvYKdhD%3Dufus-jmHz%2BN%
> 2BLPzOuX1R3V%2BPOYt8U4QXA%40mail.gmail.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/CAFwN1upzHZq%3Dk-scq92PvsatQE4LsQCqjE4DZ%2B-VOFSzPC9o4w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

How to authenticate a user in websocket connection in django channels when using token authentication

2017-09-14 Thread Robin Lery 
I am using a frontend framework (Vuejs ) and
django-rest-framework  for the REST
API in my project. Also, for JSON web token authentication I am using
django-rest-framework-jwt
. After a successful
login, the user is provided with a token. This token is passed into every
request to fetch any API related stuff.

Now I would like to integrate django channels
 into my project. So,
after successful login, when the token is received in the client side, I
would like to initiate a websocket connection. Then on the server
(consumer), I would like to check if the requested user is not anonymous.
If the requested user is anonymous, I would like to close the connenction
or else accept it.

This is how I have till now:

client side:

const socket = new WebSocket("ws://" + "dev.site.com"+ "/chat/");

routing.py:

channel_routing = [
route("websocket.connect", ws_connect),
...
...]

consumers:

def ws_connect(message):

# if the user is no anonymous
message.reply_channel.send({
"accept": True
})

# else
message.reply_channel.send({
"close": True
})

In the documentation

there's a decorator @channel_session_user_from_http which will provide a
message.user. But I am using a token instead of a session. How can I check
a user on connection when using token authentication, so that I can accept
or close connection. Or, if there is a better way could you please advise
me with it. Thank you.

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/CA%2B4-nGp5KhvYKdhD%3Dufus-jmHz%2BN%2BLPzOuX1R3V%2BPOYt8U4QXA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.