info.context.user always AnonymousUser when using apache wsgi

Question

info.context.user always AnonymousUser when using apache wsgi

W1773ND opened this issue 3 years ago · comments

Hi everyone,

Problem

After obtaining the token via the tokenAuth mutation, I pass it in the header for the Me request. Locally everything is fine. But once online, I am anonymous with the same manipulation. Someone has already encountered and solved this problem?

Environment

Django==3.1.7
django-graphql-jwt==0.3.0
graphene==2.1.8
graphene-django==2.15.0
pyJWT==1.7.0

Configuration

setting.py

MIDDLEWARE = [
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'corsheaders.middleware.CorsMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
    # 'graphql_jwt.middleware.JSONWebTokenMiddleware',
]

AUTHENTICATION_BACKENDS = [
    'graphql_auth.backends.GraphQLAuthBackend',
    'django.contrib.auth.backends.ModelBackend',
]

GRAPHENE = {
    'SCHEMA': 'odoyapi.schemas.schema',
    'SCHEMA_INDENT': 4,
    'MIDDLEWARE': [
        'graphql_jwt.middleware.JSONWebTokenMiddleware',
        'graphene_django.debug.DjangoDebugMiddleware',
    ],
}

GRAPHQL_JWT = {
    'JWT_LONG_RUNNING_REFRESH_TOKEN': True,
    "JWT_ALLOW_ANY_CLASSES": [
        "graphql_auth.relay.Register",
        "graphql_auth.relay.VerifyAccount",
        "graphql_auth.relay.ResendActivationEmail",
        "graphql_auth.relay.SendPasswordResetEmail",
        "graphql_auth.relay.PasswordReset",
        "graphql_auth.relay.ObtainJSONWebToken",
        "graphql_auth.relay.VerifyToken",
        "graphql_auth.relay.RefreshToken",
        "graphql_auth.relay.RevokeToken",
        "graphql_auth.relay.VerifySecondaryEmail",
    ],
}

GRAPHQL_AUTH = {
    "REGISTER_MUTATION_FIELDS": {"email": "String", "hiring_date": "Date"},
    "REGISTER_MUTATION_FIELDS_OPTIONAL": {"mobile": "String", "group": "String"},
    "LOGIN_ALLOWED_FIELDS": {"email": "String", "password": "String"},
}

Wilfried FUTCHEA · Answer 1 · Fri Jul 02 2021 02:25:32 GMT+0800 (China Standard Time)

The solution proposed by @merodrem for a similar problem works here.
Thanks to him.
#272

Wilfried FUTCHEA · Answer 2 · Fri Jul 02 2021 22:39:12 GMT+0800 (China Standard Time)

The solution works on clients like insomnia but not for the React client. Even worse, once the tokenAuth mutation is passed, the Me mutation can be passed without even having to put the token in the header.
I don't understand it anymore

Wilfried FUTCHEA · Answer 3 · Sun Jul 04 2021 21:39:13 GMT+0800 (China Standard Time)

Finally...

I finally got over this bug from hell...
The main problem is not graphql_JWT but rather the apache configuration!
For all those who arrive here from Google, before cursing this beautiful package, add this in your apache configuration

WSGIPassAuthorization On