[tasks] Trying to fix webhooks for Todoist
This commit is contained in:
@ -6,7 +6,7 @@ from profiles.models import UserProfile
|
||||
from rest_framework import status
|
||||
from rest_framework.authentication import BaseAuthentication
|
||||
from rest_framework.exceptions import AuthenticationFailed
|
||||
from rest_framework.permissions import BasePermission
|
||||
from rest_framework.permissions import IsAuthenticated
|
||||
from rest_framework.response import Response
|
||||
from rest_framework.views import APIView
|
||||
from scrobbles.scrobblers import (
|
||||
@ -25,12 +25,21 @@ class TodoistTokenAuthentication(BaseAuthentication):
|
||||
def authenticate(self, request):
|
||||
auth_header = request.META.get("HTTP_AUTHORIZATION", "")
|
||||
|
||||
logger.info(
|
||||
"[todoist_auth] Raw auth header: %s",
|
||||
auth_header[:20] if auth_header else "None",
|
||||
)
|
||||
|
||||
if not auth_header:
|
||||
return None
|
||||
|
||||
parts = auth_header.split()
|
||||
|
||||
if len(parts) != 2 or parts[0] != self.keyword:
|
||||
logger.warning(
|
||||
"[todoist_auth] Invalid auth header format: parts=%s",
|
||||
parts,
|
||||
)
|
||||
return None
|
||||
|
||||
token = parts[1]
|
||||
@ -38,24 +47,23 @@ class TodoistTokenAuthentication(BaseAuthentication):
|
||||
profile = UserProfile.objects.filter(todoist_auth_key=token).first()
|
||||
|
||||
if not profile:
|
||||
logger.warning("[todoist_auth] No profile found for token")
|
||||
raise AuthenticationFailed("Invalid token")
|
||||
|
||||
if not profile.user:
|
||||
logger.warning("[todoist_auth] No user associated with profile")
|
||||
raise AuthenticationFailed("No user associated with token")
|
||||
|
||||
logger.info("[todoist_auth] Authenticated user: %s", profile.user.id)
|
||||
return (profile.user, profile)
|
||||
|
||||
|
||||
class IsAuthenticatedForTodoist(BasePermission):
|
||||
def has_permission(self, request):
|
||||
return (
|
||||
hasattr(request, "user") and request.user and request.user.is_authenticated
|
||||
)
|
||||
def authenticate_header(self, request):
|
||||
return self.keyword
|
||||
|
||||
|
||||
class TodoistWebhookView(APIView):
|
||||
authentication_classes = [TodoistTokenAuthentication]
|
||||
permission_classes = [IsAuthenticatedForTodoist]
|
||||
permission_classes = [IsAuthenticated]
|
||||
|
||||
@property
|
||||
def logger(self):
|
||||
|
||||
Reference in New Issue
Block a user