https://supertokens.com/ logo
Join Discord
Powered by
Hi! I'm facing a problem - when running redoc, an ...
# general
k
Hi! I'm facing a problem - when running redoc, an error is thrown 
AttributeError: 'Request' object has no attribute 'supertokens'
I am just using 
request.supertokens
in my Django views as shown in the docs. Has anyone experienced this?
r
Hey @kuzyaross
Are you using the verify_session function?
k
Hey @rp . Yes.
r
Can you share your code please?
k
Copy code
def create(self, request, *args, **kwargs):
        session: SessionContainer = request.supertokens
        ....
and 
verify_session
is used as
Copy code
@method_decorator(verify_session(), name='dispatch')
class SomeViewSet(CreateModelMixin, ReadOnlyModelViewSet):
r
Hmm. This should work. Can you open an issue about this on our GitHub?
k
Sure.
r
Thanks
k
r
Thank you! We will have a look
@sattvikc can help with this.
s
yes, I am taking a look at it
e
hey @sattvikc , were you able to reproduce the error?
s
not yet, I'll get back in a little while
e
s
thank you, I have done a basic setup.. will try your case now
can you tell me which verify_session are you using?
e
from supertokens_python.recipe.session.framework.django.syncio import verify_session
s
cool thanks
@execreate
Copy code
from django.http import JsonResponse
from django.shortcuts import render
from django.utils.decorators import method_decorator
from rest_framework.mixins import CreateModelMixin, ListModelMixin
from rest_framework.viewsets import ReadOnlyModelViewSet
from rest_framework import serializers
from rest_framework import permissions
from supertokens_python.recipe.session.framework.django.syncio import verify_session

from .models import *


class MyModelListPermission(permissions.BasePermission):
    def has_permission(self, request, view):
        session = request.supertokens        # the error is happening here
        print(session)
        # current_access_token_payload = session.get_access_token_payload()


class MyModelSerializer(serializers.ModelSerializer):
    class Meta:
        model = MyModel
        fields = '__all__'


@method_decorator(verify_session(), name='dispatch')
class SomeViewSet(CreateModelMixin, ReadOnlyModelViewSet, ListModelMixin):

    queryset = MyModel.objects.all()
    serializer_class = MyModelSerializer

    def list(self, request, *args, **kwargs):
        print(request.supertokens)
        return JsonResponse({})

    def get_permissions(self):
        self.permission_classes = [MyModelListPermission]
        return super().get_permissions()
is this close enough to your case?
e
yes
s
can u share your INSTALLED_APPS and MIDDLEWARE from settings ?
e
sure
Copy code
INSTALLED_APPS = [
    'corsheaders',
    'supertokens_python',
    'grappelli',
    'admin_auto_filters',
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',

    'rest_framework',
    'drf_spectacular',
    'django_filters',
...
]


MIDDLEWARE = [
    'corsheaders.middleware.CorsMiddleware',
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
    'django.middleware.locale.LocaleMiddleware',
    'supertokens_python.framework.django.django_middleware.middleware'
]
after following the complete stack trace I have a suspicion that it's the 
drf_spectacular
which is causing the error 🤔
s
oh okay, let me check
that seems likely, it's working for me with that package
e
@sattvikc if you everything is working fine for your setup, then the error must be in 
drf_spectacular
. It has a mechanism to hide the endpoints that are not permitted for the current user, so it tries to call the permission classes. The issue must be that a direct permissions call uses just an empty request which does not go through the verify_session wrapper
since only superusers have access to API doc which is provided by 
drf_spectacular
, I just added superuser check to permission classes:
Copy code
python
    def has_permission(self, request, view):
        if hasattr(request, 'user') and request.user is not None and request.user.is_superuser:
            return True
and it works just fine
s
oh okay
e
I'll add these details and close the issue 🙂
s
cool thanks!
e
thanks for your time!
r
Thank you @sattvikc and @execreate
s
pleasure 🙂
e
looks like I cannot close the issue 😅 but I added the details
s
no worries, we'll take care of that
e
@kuzyaross we are good to go 🙂
3 Views
PreviousNext
Powered by