Disable auto-login with token requests

2023-12-23 09:10:05 -08:00 · 2023-12-23 09:10:05 -08:00 · c5606024b3
commit c5606024b3
parent 151d337f6c
1 changed files with 5 additions and 1 deletions
--- a/src/paperless/auth.py
+++ b/src/paperless/auth.py
@ -2,12 +2,16 @@ from django.conf import settings
 from django.contrib import auth
 from django.contrib.auth.middleware import PersistentRemoteUserMiddleware
 from django.contrib.auth.models import User
+from django.http import HttpRequest
 from django.utils.deprecation import MiddlewareMixin
 from rest_framework import authentication


 class AutoLoginMiddleware(MiddlewareMixin):
-    def process_request(self, request):
+    def process_request(self, request: HttpRequest):
+        # Dont use auto-login with token request
+        if request.path.startswith("/api/token/") and request.method == "POST":
+            return None
        try:
            request.user = User.objects.get(username=settings.AUTO_LOGIN_USERNAME)
            auth.login(