|
7 | 7 | from django.http import HttpRequest, HttpResponse |
8 | 8 | from django.utils.functional import SimpleLazyObject |
9 | 9 | from rest_framework.request import Request |
| 10 | +from rest_framework_simplejwt.exceptions import InvalidToken, TokenError |
| 11 | +from rest_framework_simplejwt.tokens import AccessToken |
10 | 12 |
|
11 | 13 | from api.utils.debug_utils import debug_auth_headers, debug_token_validation |
12 | 14 | from authorization.keycloak import keycloak_manager |
@@ -68,7 +70,28 @@ def get_user_from_keycloak_token(request: HttpRequest) -> User: |
68 | 70 | # For debugging, print the raw token |
69 | 71 | logger.debug(f"Raw token: {token}") |
70 | 72 |
|
| 73 | + # First, try to validate as Django JWT token |
71 | 74 | try: |
| 75 | + logger.debug("Attempting to validate as Django JWT token") |
| 76 | + access_token = AccessToken(token) |
| 77 | + user_id = access_token.get("user_id") |
| 78 | + |
| 79 | + if user_id: |
| 80 | + logger.debug(f"Valid Django JWT token for user_id: {user_id}") |
| 81 | + try: |
| 82 | + user = User.objects.get(id=user_id) |
| 83 | + logger.debug(f"Successfully authenticated user via Django JWT: {user.username}") |
| 84 | + return user |
| 85 | + except User.DoesNotExist: |
| 86 | + logger.warning(f"User with id {user_id} not found in database") |
| 87 | + except (TokenError, InvalidToken) as e: |
| 88 | + logger.debug(f"Not a valid Django JWT token: {e}, trying Keycloak validation") |
| 89 | + except Exception as e: |
| 90 | + logger.debug(f"Error validating Django JWT: {e}, trying Keycloak validation") |
| 91 | + |
| 92 | + # If Django JWT validation failed, try Keycloak token validation |
| 93 | + try: |
| 94 | + logger.debug("Attempting to validate as Keycloak token") |
72 | 95 | # Try direct validation without any complex logic |
73 | 96 | user_info = keycloak_manager.validate_token(token) |
74 | 97 |
|
@@ -102,16 +125,18 @@ def get_user_from_keycloak_token(request: HttpRequest) -> User: |
102 | 125 | logger.debug(f"User organizations from token: {organizations}") |
103 | 126 |
|
104 | 127 | # Sync the user information with our database |
105 | | - user = keycloak_manager.sync_user_from_keycloak(user_info, roles, organizations) |
106 | | - if not user: |
| 128 | + synced_user = keycloak_manager.sync_user_from_keycloak(user_info, roles, organizations) |
| 129 | + if not synced_user: |
107 | 130 | logger.warning("User synchronization failed, returning anonymous user") |
108 | 131 | return cast(User, AnonymousUser()) |
109 | 132 |
|
110 | | - logger.debug(f"Successfully authenticated user: {user.username} (ID: {user.id})") |
| 133 | + logger.debug( |
| 134 | + f"Successfully authenticated user: {synced_user.username} (ID: {synced_user.id})" |
| 135 | + ) |
111 | 136 |
|
112 | 137 | # Return the authenticated user |
113 | | - logger.debug(f"Returning authenticated user: {user.username}") |
114 | | - return user |
| 138 | + logger.debug(f"Returning authenticated user: {synced_user.username}") |
| 139 | + return synced_user |
115 | 140 | except Exception as e: |
116 | 141 | logger.error(f"Error in get_user_from_keycloak_token: {str(e)}") |
117 | 142 | return cast(User, AnonymousUser()) |
0 commit comments