Merge pull request #6 from dulmandakh/allow_basic_auth

allow_basic_auth decorator
dulmandakh · Oct 15, 2021 · 5a583a4 · 5a583a4
2 parents 679a5a9 + 58ef3db
commit 5a583a4
Show file tree

Hide file tree

Showing 3 changed files with 39 additions and 12 deletions.
diff --git a/ariadne_django_ext/decorators.py b/ariadne_django_ext/decorators.py
@@ -1,13 +1,37 @@
+from base64 import b64decode
 from functools import wraps
 
+from django.contrib.auth import authenticate
+
 from .utils import is_authenticated
 
 
-def login_required(view):
-    @wraps(view)
+def allow_basic_auth(view_func):
+    @wraps(view_func)
+    def wrapper(request, *args, **kwargs):
+        if not is_authenticated(request):
+            http_auth = request.META.get("HTTP_AUTHORIZATION")
+            if http_auth and http_auth.startswith("Basic"):
+                try:
+                    _, token = http_auth.split()
+                    username, password = b64decode(token).decode().split(":")
+                    user = authenticate(
+                        request=request, username=username, password=password
+                    )
+                    if user and user.is_active:
+                        request.user = user
+                except Exception:
+                    pass
+        return view_func(request, *args, **kwargs)
+
+    return wrapper
+
+
+def login_required(view_func):
+    @wraps(view_func)
     def wrapper(request, *args, **kwargs):
-        if is_authenticated(request):
-            return view(request, *args, **kwargs)
+        if is_authenticated(request, is_active=True, raise_exception=True):
+            return view_func(request, *args, **kwargs)
 
     return wrapper
 

diff --git a/ariadne_django_ext/directives.py b/ariadne_django_ext/directives.py
@@ -1,17 +1,19 @@
 from ariadne import SchemaDirectiveVisitor
+from django.core.exceptions import PermissionDenied
 from graphql import default_field_resolver
 
-from .utils import PermissionDenied, is_authenticated
+from .utils import is_authenticated
 
 
 class IsAuthenticatedDirective(SchemaDirectiveVisitor):
     def visit_field_definition(self, field, _):
         original_resolver = field.resolve or default_field_resolver
 
         def resolve_for_authenticated_user(parent, info, **kwargs):
-            user = is_authenticated(info.context["request"])
-            if user:
-                return original_resolver(parent, info, user=user, **kwargs)
+            user = is_authenticated(
+                info.context["request"], is_active=True, raise_exception=True
+            )
+            return original_resolver(parent, info, user=user, **kwargs)
 
         field.resolve = resolve_for_authenticated_user
         return field
@@ -22,7 +24,7 @@ def visit_field_definition(self, field, _):
         original_resolver = field.resolve or default_field_resolver
 
         def resolve_for_authenticated_user(parent, info, **kwargs):
-            user = is_authenticated(info.context["request"])
+            user = is_authenticated(info.context["request"], is_active=True)
             if user and user.is_staff:
                 return original_resolver(parent, info, user=user, **kwargs)
             raise PermissionDenied()

diff --git a/ariadne_django_ext/utils.py b/ariadne_django_ext/utils.py
@@ -1,8 +1,9 @@
 from django.core.exceptions import PermissionDenied
 
 
-def is_authenticated(request):
+def is_authenticated(request, is_active=False, raise_exception=False):
     user = getattr(request, "user")
-    if user and user.is_authenticated and user.is_active:
+    if user and user.is_authenticated and (not is_active or user.is_active):
         return user
-    raise PermissionDenied()
+    if raise_exception:
+        raise PermissionDenied()