feat: add cookie authentication

anexia · Nov 28, 2023 · fa547c2 · fa547c2
1 parent fc7796f
commit fa547c2
Show file tree

Hide file tree

Showing 4 changed files with 35 additions and 3 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,10 +6,16 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [1.1.0]
+
+### Added
+- Cookie authentication support
+
 ## [1.0.0]
 
 ### Added
 - Initial setup
 
 [Unreleased]: https://github.com/anexia/drf-anonymous-login/compare/1.0.0...HEAD
 [1.0.0]: https://github.com/anexia/drf-anonymous-login/releases/tag/1.0.0
+[1.1.0]: https://github.com/anexia/drf-anonymous-login/releases/tag/1.1.0
diff --git a/drf_anonymous_login/authentication.py b/drf_anonymous_login/authentication.py
@@ -7,13 +7,17 @@
 
 AUTH_KEYWORD = "Token"
 AUTH_HEADER = "HTTP_X_AUTHORIZATION_ANONYMOUS"
+AUTH_COOKIE = "anonymous_token"
 
 
 class AnonymousLoginAuthentication(authentication.BaseAuthentication):
     keyword = AUTH_KEYWORD
 
     def authenticate(self, request):
-        auth = request.META.get(AUTH_HEADER, "").split()
+        auth = (
+            request.META.get(AUTH_HEADER, "").split()
+            or request.COOKIES.get(AUTH_COOKIE, "").split()
+        )
 
         if not auth or auth[0].lower() != self.keyword.lower():
             return None

diff --git a/drf_anonymous_login/views.py b/drf_anonymous_login/views.py
@@ -43,7 +43,9 @@ def create(self, request, *args, **kwargs):
                 "headers": self.extract_request_headers(request),
             }
         )
-        return Response({"token": user.token}, status=status.HTTP_201_CREATED)
+        response = Response({"token": user.token}, status=status.HTTP_201_CREATED)
+        response.set_cookie("anonymous_token", f"Token {user.token}")
+        return response
 
 
 class AnonymousLoginAuthenticationModelViewSet(viewsets.ModelViewSet):

diff --git a/tests/testapp/tests/test_api.py b/tests/testapp/tests/test_api.py
@@ -1,9 +1,10 @@
 from datetime import timedelta
 
+from django.http import SimpleCookie
 from django.test import TestCase
 from django.urls import reverse
 from django.utils import timezone
-from rest_framework.status import HTTP_200_OK, HTTP_403_FORBIDDEN
+from rest_framework.status import HTTP_200_OK, HTTP_201_CREATED, HTTP_403_FORBIDDEN
 from testapp.models import PrivateModel, PublicModel
 
 from drf_anonymous_login.authentication import AUTH_HEADER, AUTH_KEYWORD
@@ -90,3 +91,22 @@ def test_anonymous_login_token_cleanup(self):
         # make sure the token gets deleted
         cleanup_tokens.handle_tick()
         self.assertEqual(AnonymousLogin.objects.count(), 0)
+
+    def test_anonymous_login_with_cookie_authentication(self):
+        """
+        Assert that cookie authentication works
+        :return:
+        """
+        # create anonymous login and check if cookie is set
+        url = reverse("auth_anonymous-list")
+        response = self.client.post(url)
+        self.assertEqual(HTTP_201_CREATED, response.status_code)
+        self.assertEqual(
+            response.cookies["anonymous_token"].value, f"Token {response.data['token']}"
+        )
+
+        # set cookies and make sure it works
+        url = reverse("privatemodel-list")
+        self.client.cookies.load({"anonymous_token": f"Token {response.data['token']}"})
+        response = self.client.get(url)
+        self.assertEqual(HTTP_200_OK, response.status_code)