I'm implementing custom JWT authentication in Django and I'm using middleware to decode the JWT token and assign request.user to the authenticated user. However, when I try to access request.user inside my view or decorator, it's not being populated, even though the middleware is correctly decoding the token and assigning it.
class JWTAuthenticationMiddleware:
def __init__(self, get_response):
self.get_response = get_response
def __call__(self, request):
# Check for the presence of the JWT in the Authorization header
# Debugging the Authorization header
print(f"Authorization Header: {request.headers.get('Authorization')}")
auth_header = request.headers.get("Authorization")
if auth_header and auth_header.startswith("Bearer "):
token = auth_header.split(" ")[1]
try:
user = decode_jwt_token(token)
print(f"JWT Decoded Payload: {user}") # Print decoded token
request.user = user # Assign the user here
request._force_auth_user = user
print(f"JWT Middleware: User assigned: {request.user.email} - {request.user.role}")
except jwt.ExpiredSignatureError:
print("JWT Middleware: Token expired")
except jwt.DecodeError:
print("JWT Middleware: Invalid token")
response = self.get_response(request)
print(
f"JWT Middleware (After Response): {request.user if hasattr(request, 'user') else 'No User'}"
) # Debug after response
return response
class InviteUserView(APIView):
"""Invite a user via email with role assignment"""
@bypass_csrf
@authorize
@role_required([UserRoleEnum.SUPER_ADMIN.value])
def post(self, request):
print(f"DEBUG: User in request inside view - {getattr(request, 'user', 'No User')}")
serializer = UserInvitationSerializer(data=request.data)
try:
if serializer.is_valid():
invitation_link = send_invitation(request, serializer, request.user)
response = create_response(201, ResponseCodes.SUCCESS, True, invitation_link, None, None)
except Exception as e:
response = create_response(500, ResponseCodes.ERROR, False, {}, str(e), str(e))
return response
def authorize(view_func):
"""Decorator to ensure that the user is authenticated via JWT."""
@functools.wraps(view_func)
def wrapper(request, *args, **kwargs):
print(f"DEBUG: User in request BEFORE middleware - {getattr(request, 'user', 'No User')}") # Debugging line
if not hasattr(request, "user") or isinstance(request.user, AnonymousUser):
return create_response(
401,
ResponseCodes.UNAUTHORIZED.name,
False,
None,
"Authentication required.",
ResponseCodes.UNAUTHORIZED.value,
)
print(f"DEBUG: User in request AFTER middleware - {request.user}")
return view_func(request, *args, **kwargs)
return wrapper
@method_decorator()which is a built in django decorator like this @method_decorator(bypass_csrf).