kopia lustrzana https://github.com/OpenDroneMap/WebODM
Added JWT token passing via querystring
rodzic
c403ea7023
commit
3c74bf8bba
|
@ -0,0 +1,6 @@
|
|||
from rest_framework_jwt.authentication import BaseJSONWebTokenAuthentication
|
||||
|
||||
|
||||
class JSONWebTokenAuthenticationQS(BaseJSONWebTokenAuthentication):
|
||||
def get_jwt_value(self, request):
|
||||
return request.query_params.get('jwt')
|
|
@ -413,8 +413,13 @@ class TestApi(BootTestCase):
|
|||
token = res.data['token']
|
||||
self.assertTrue(len(token) > 0)
|
||||
|
||||
# Can access resources by passing token
|
||||
# Can access resources by passing token via querystring
|
||||
res = client.get('/api/processingnodes/?jwt={}'.format(token))
|
||||
self.assertEqual(res.status_code, status.HTTP_200_OK)
|
||||
|
||||
# Can access resources by passing token via header
|
||||
client = APIClient(HTTP_AUTHORIZATION="{0} {1}".format(api_settings.JWT_AUTH_HEADER_PREFIX, token))
|
||||
res = client.get('/api/processingnodes/')
|
||||
self.assertEqual(res.status_code, status.HTTP_200_OK)
|
||||
|
||||
|
||||
|
|
|
@ -18,6 +18,15 @@ curl -H "Authorization: JWT <your_token>" http://localhost:8000/api/projects/
|
|||
{"count":13, ...}
|
||||
```
|
||||
|
||||
> Use authentication token via querystring (less secure):
|
||||
|
||||
```bash
|
||||
curl http://localhost:8000/api/projects/?jwt=<your_token>
|
||||
|
||||
{"count":13, ...}
|
||||
```
|
||||
|
||||
|
||||
`POST /api/token-auth/`
|
||||
|
||||
Field | Type | Description
|
||||
|
@ -34,3 +43,5 @@ Header |
|
|||
Authorization: JWT `your_token` |
|
||||
|
||||
The token expires after a set amount of time. The expiration time is dependent on WebODM's settings. You will need to request another token when a token expires.
|
||||
|
||||
Since applications sometimes do not allow headers to be modified, you can also authenticate by appending the `jwt` querystring parameter to a protected URL. This is less secure, so pass the token via header if possible.
|
||||
|
|
|
@ -184,6 +184,8 @@ If a [Task](#task) has been canceled or has failed processing, or has completed
|
|||
|
||||
After a task has been successfully processed, a TMS layer is made available for inclusion in programs such as [Leaflet](http://leafletjs.com/) or [Cesium](http://cesiumjs.org).
|
||||
|
||||
<aside class="notice">If you use <a href="http://leafletjs.com/" target="_blank">Leaflet</a>, you'll need to pass the authentication token via querystring: /api/projects/{project_id}/tasks/{task_id}/tiles/{Z}/{X}/{Y}.png?jwt=your_token</aside>
|
||||
|
||||
### Pending Actions
|
||||
|
||||
In some circumstances, a [Task](#task) can have a pending action that requires some amount of time to be performed.
|
||||
|
|
|
@ -230,6 +230,7 @@ REST_FRAMEWORK = {
|
|||
'rest_framework.authentication.SessionAuthentication',
|
||||
'rest_framework.authentication.BasicAuthentication',
|
||||
'rest_framework_jwt.authentication.JSONWebTokenAuthentication',
|
||||
'app.api.authentication.JSONWebTokenAuthenticationQS',
|
||||
),
|
||||
'PAGE_SIZE': 10,
|
||||
}
|
||||
|
|
Ładowanie…
Reference in New Issue