How to auto redirect if not authenticated?

[Skelmis]

My base application has a lot of features for authentication that the admin panel doesnt mirror (and thats okay). Is there a way that instead of using the built in auth form, I can redirect users to a custom link on no auth?

I am happy to subclass things if it means I can make this happen

[dantownsend]

I think it would be tricky - the login is handled by this:

piccolo_admin/piccolo_admin/endpoints.py

Line 775 in 55c3ec7

app=session_login(

Because of the way the code is structured, it makes it hard to override.

The auth needs decoupling more from the admin more to make this easier.

You might be able to wrap the entire admin panel in some ASGI middleware, detect when the login endpoint is called, and perform additional logic?

[Skelmis]

Yea I agree it's hard to override, I think something like #442 would be potentially perfect for this given it splits everything out. Albiet I'm not entirely sure on that because we'd need the frontend to actually honor redirects still.

I tried the following, and it serves the redirects but the admin portal doesnt redirect only the under the hood requests get redirected so the end user never ends up on the auth page. Any ideas?

Note I dont plan on recreating my whole auth suite in the ASGI middleware, I'd much prefer the user is just sent to the auth suite

class AuthRedirectMiddleware:
    def __init__(
        self,
        app,
        sign_in_link: str,
    ):
        self.app = app
        self.sign_in_link: str = sign_in_link

    async def __call__(self, scope, receive, send):
        if scope["type"] != "http":
            await self.app(scope, receive, send)
            return

        async def intercept_response(message):
            if message["type"] == "http.response.start" and message["status"] == 401:
                message["status"] = 301
                url = URL(scope=scope)
                url = url.replace(path=f"{self.sign_in_link}?next_route={url.path}")
                headers = MutableHeaders(scope=message)
                headers.append("location", str(url))

            await send(message)

        await self.app(scope, receive, intercept_response)

return AuthRedirectMiddleware(admin, sign_in_link)

[dantownsend]

With your custom login page, will that then use session auth, or something else entirely?

[Skelmis]

Its the same session auth as the admin panel, so if authed via the main site one can access the admin panel yea

[dantownsend]

Do you think the only real way to solve this is making Piccolo Admin override-able?

[Skelmis]

Not gonna lie I looked at things more and I am having doubts. I feel like even if I could override things (as mocked via the middleware), the front end may still require changes to support whatever I try to do in the background. Unfortunately I dont know the front end framework well enough to play around with it so I think I'm going to just leave this as is for the meantime

[Skelmis]

I came back to this after some time not thinking about it and figured out a really simple solution I had totally overlooked. By moving my auth checks to before the admin page is loaded it works perfect for my use case. The following example is all I need to achieve this:

@asgi("/admin/", is_mount=True, copy_scope=True)
async def admin(scope: "Scope", receive: "Receive", send: "Send") -> None:
    request = Request(scope, receive, send)
    await EnsureAuth.get_user_from_connection(request, possible_redirect="/admin/")
    await configure_piccolo_admin()(scope, receive, send)

Where get_user_from_connection redirects the user to my own auth pages if the user attempting to navigate to the admin panel is not authenticated

[dantownsend]

Cool, that's a nice solution!