info.context.user always AnonymousUser when using apache wsgi
W1773ND opened this issue · comments
Hi everyone,
Problem
After obtaining the token via the tokenAuth mutation, I pass it in the header for the Me request. Locally everything is fine. But once online, I am anonymous with the same manipulation. Someone has already encountered and solved this problem?
Environment
Django==3.1.7
django-graphql-jwt==0.3.0
graphene==2.1.8
graphene-django==2.15.0
pyJWT==1.7.0
Configuration
setting.py
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
# 'graphql_jwt.middleware.JSONWebTokenMiddleware',
]
AUTHENTICATION_BACKENDS = [
'graphql_auth.backends.GraphQLAuthBackend',
'django.contrib.auth.backends.ModelBackend',
]
GRAPHENE = {
'SCHEMA': 'odoyapi.schemas.schema',
'SCHEMA_INDENT': 4,
'MIDDLEWARE': [
'graphql_jwt.middleware.JSONWebTokenMiddleware',
'graphene_django.debug.DjangoDebugMiddleware',
],
}
GRAPHQL_JWT = {
'JWT_LONG_RUNNING_REFRESH_TOKEN': True,
"JWT_ALLOW_ANY_CLASSES": [
"graphql_auth.relay.Register",
"graphql_auth.relay.VerifyAccount",
"graphql_auth.relay.ResendActivationEmail",
"graphql_auth.relay.SendPasswordResetEmail",
"graphql_auth.relay.PasswordReset",
"graphql_auth.relay.ObtainJSONWebToken",
"graphql_auth.relay.VerifyToken",
"graphql_auth.relay.RefreshToken",
"graphql_auth.relay.RevokeToken",
"graphql_auth.relay.VerifySecondaryEmail",
],
}
GRAPHQL_AUTH = {
"REGISTER_MUTATION_FIELDS": {"email": "String", "hiring_date": "Date"},
"REGISTER_MUTATION_FIELDS_OPTIONAL": {"mobile": "String", "group": "String"},
"LOGIN_ALLOWED_FIELDS": {"email": "String", "password": "String"},
}
The solution works on clients like insomnia but not for the React client. Even worse, once the tokenAuth mutation is passed, the Me mutation can be passed without even having to put the token in the header.
I don't understand it anymore
Finally...
I finally got over this bug from hell...
The main problem is not graphql_JWT but rather the apache configuration!
For all those who arrive here from Google, before cursing this beautiful package, add this in your apache configuration
WSGIPassAuthorization On