You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
AuthedContext.getAuth throws an exception when underlying AuthMiddleware returns None (or if middleware was not applied). Was initially raised here.
Here's how I first time stumbled upon this.
I wanted to have a route /entities without authorization required (but instead behavior would be slightly different when user is not anonymous)
My authorization logic was: request.headers.get("apikey").flatMap(db.getPermissionById), so whenever apikey was not present in DB or request - AuthMiddleware returned None
Whenever AuthMiddleware returned None - I got NoSuchElementException in getAuth
I guess my design goals in 1st and 2nd points were slightly invalid and I got fixed this by changing authorization logic to always return something, e.g. Anonymous even when no apikey is available and using url >>> Auth.auth(), but it made my endpoint to officially require authorization.
If design of AuthMiddleware is to never return None - we need to remove AuthedContext.getAuth entirely and use only >>> Auth.auth()
If it is okay to return None for "anonymous users" - we need to make it return Option[AuthInfo] (this is what I did in 0.19 #253)
Somehow make it impossible to call authentication method without AuthMiddleware being applied (I guess this is a long-term goal of this ticket)
The text was updated successfully, but these errors were encountered:
AuthedContext.getAuththrows an exception when underlyingAuthMiddlewarereturnsNone(or if middleware was not applied). Was initially raised here.Here's how I first time stumbled upon this.
/entitieswithout authorization required (but instead behavior would be slightly different when user is not anonymous)request.headers.get("apikey").flatMap(db.getPermissionById), so wheneverapikeywas not present in DB or request -AuthMiddlewarereturnedNoneAuthMiddlewarereturnedNone- I gotNoSuchElementExceptioningetAuthI guess my design goals in 1st and 2nd points were slightly invalid and I got fixed this by changing authorization logic to always return something, e.g.
Anonymouseven when noapikeyis available and usingurl >>> Auth.auth(), but it made my endpoint to officially require authorization.AuthMiddlewareis to never returnNone- we need to removeAuthedContext.getAuthentirely and use only>>> Auth.auth()Nonefor "anonymous users" - we need to make it returnOption[AuthInfo](this is what I did in 0.19 #253)AuthMiddlewarebeing applied (I guess this is a long-term goal of this ticket)The text was updated successfully, but these errors were encountered: