Merge pull request #48 from urbanplatform/fix-middleware-bug

diogosilva30 · web-flow · commit cb2e858a4bed · 2022-11-17T12:42:15.000Z
Version 2.0.2

- Fixed middleware unbound variable `token` error when using a token prefix different from `Bearer`.
- Added new option to customize the expected token prefix via `TOKEN_PREFIX` setting.
- Added error handling when the `AUTH_USER_MODEL` is already registered in the admin.
diff --git a/README.md b/README.md
@@ -60,7 +60,9 @@ This package should only be used in projects starting from scratch, since it ove
         # Flag if the user info has been included in the token (default is True)
         'USER_INFO_IN_TOKEN': True,
         # Flag to show the traceback of debug logs (default is False)
-        'TRACE_DEBUG_LOGS': False
+        'TRACE_DEBUG_LOGS': False,
+        # The token prefix that is expected in Authorization header (default is 'Bearer')
+        'TOKEN_PREFIX': 'Bearer'
     }
     ```
 
diff --git a/pyproject.toml b/pyproject.toml
@@ -4,7 +4,7 @@ build-backend = "poetry.core.masonry.api"
 
 [tool.poetry]
 name = "django_uw_keycloak"
-version = "2.0.1"
+version = "2.0.2"
 description = "Middleware to allow authorization using Keycloak and Django"
 authors = [
   "Ubiwhere <urbanplatform@ubiwhere.com>",
diff --git a/src/django_keycloak/admin.py b/src/django_keycloak/admin.py
@@ -1,6 +1,7 @@
 """
 Module to register models into Django admin dashboard.
 """
+import logging
 from django.contrib import admin
 from django.contrib.auth import get_user_model
 from django.utils.html import format_html
@@ -10,6 +11,8 @@
 
 User = get_user_model()
 
+logger = logging.getLogger(__name__)
+
 
 class UserAdmin(admin.ModelAdmin):
     list_display = (
@@ -60,4 +63,7 @@ def has_change_permission(self, request, obj=None):
         return False
 
 
-admin.site.register(User, UserAdmin)
+try:
+    admin.site.register(User, UserAdmin)
+except admin.sites.AlreadyRegistered:
+    logger.warning(f"Could not register Keycloak UserAdmin")
diff --git a/src/django_keycloak/authentication.py b/src/django_keycloak/authentication.py
@@ -6,23 +6,22 @@
 from rest_framework.authentication import TokenAuthentication
 from rest_framework.exceptions import AuthenticationFailed
 from django_keycloak import Token
+from django_keycloak.config import settings
 
 
 class KeycloakAuthentication(TokenAuthentication):
     """
     A custom token authentication class for Keycloak.
     """
 
-    # `keyword` refeers to expected prefix in HTTP
-    # Authentication header. We use `Bearer` because it
-    # is commonly used in authorization protocols, such
-    # as OAuth2
-    keyword = "Bearer"
+    # `keyword` refers to expected prefix in HTTP
+    # Authentication header. Use the user-defined prefix
+    keyword = settings.TOKEN_PREFIX
 
     def authenticate_credentials(self, access_token: str):
         """
         Overrides `authenticate_credentials` to provide custom
-        Keycloak authentication for a given Bearer token in a request.
+        Keycloak authentication for a given token in a request.
         """
         # Try to build a Token instance from the provided access token in request
         token: Union[Token, None] = Token.from_access_token(access_token)
diff --git a/src/django_keycloak/config.py b/src/django_keycloak/config.py
@@ -39,7 +39,8 @@ class Settings:
     USER_INFO_IN_TOKEN: Optional[bool] = True
     # Flag to show the traceback of debug logs
     TRACE_DEBUG_LOGS: Optional[bool] = False
-
+    # The token prefix
+    TOKEN_PREFIX: Optional[str] = "Bearer"
     # Derived setting of the SERVER/INTERNAL_URL and BASE_PATH
     KEYCLOAK_URL: str = field(init=False)
 
diff --git a/src/django_keycloak/middleware.py b/src/django_keycloak/middleware.py
@@ -12,6 +12,7 @@
 from django_keycloak import Token
 from django_keycloak.config import settings
 from django_keycloak.models import KeycloakUser, KeycloakUserAutoId
+from django_keycloak.config import settings
 
 AUTH_HEADER = "HTTP_AUTHORIZATION"
 
@@ -41,14 +42,18 @@ def get_token_from_request(self, request) -> Optional[Token]:
             # Try to build a Token instance from decoded credentials
             token = Token.from_credentials(decoded_username, decoded_password)
             if token:
-                # Convert the request "Basic" auth to "Bearer" with access token
-                request.META[AUTH_HEADER] = f"Bearer {token.access_token}"
+                # Convert the request "Basic" auth to token-based with access token
+                request.META[
+                    AUTH_HEADER
+                ] = f"{settings.TOKEN_PREFIX} {token.access_token}"
             else:
-                # Setup an invalid dummy bearer token
-                request.META[AUTH_HEADER] = "Bearer not-valid-token"
+                # Setup an invalid dummy token
+                request.META[AUTH_HEADER] = f"{settings.TOKEN_PREFIX} not-valid-token"
 
-        elif auth_type == "Bearer":
+        elif auth_type == settings.TOKEN_PREFIX:
             token = Token.from_access_token(value)
+        else:
+            token = None
 
         return token
 
