46 lines
1.4 KiB
Python
46 lines
1.4 KiB
Python
"""
|
|
Authentication utilities for the API
|
|
"""
|
|
|
|
from rest_framework import authentication
|
|
from rest_framework.exceptions import AuthenticationFailed
|
|
from rest_framework_simplejwt.authentication import JWTAuthentication
|
|
|
|
|
|
class SwaggerAuthentication(authentication.BaseAuthentication):
|
|
"""
|
|
Custom authentication class for Swagger UI
|
|
"""
|
|
|
|
def authenticate(self, request):
|
|
# Get the authentication header
|
|
auth_header = request.META.get("HTTP_AUTHORIZATION", "")
|
|
|
|
# Try JWT authentication first
|
|
if auth_header.startswith("Bearer "):
|
|
jwt_auth = JWTAuthentication()
|
|
try:
|
|
return jwt_auth.authenticate(request)
|
|
except:
|
|
pass
|
|
|
|
# Fall back to session authentication
|
|
if request.user and request.user.is_authenticated:
|
|
return (request.user, None)
|
|
|
|
return None
|
|
|
|
|
|
class RejectBasicAuthentication(authentication.BaseAuthentication):
|
|
"""
|
|
Explicitly reject HTTP Basic Auth across the API with a clear error message.
|
|
"""
|
|
|
|
def authenticate(self, request):
|
|
auth_header = request.META.get("HTTP_AUTHORIZATION", "")
|
|
if auth_header.startswith("Basic "):
|
|
raise AuthenticationFailed(
|
|
"Basic authentication is disabled. Use Bearer token (JWT) in the Authorization header."
|
|
)
|
|
return None
|