How to allow superuser only to access admin panel? #623
Unanswered
BhuwanPandey
asked this question in
Q&A
Replies: 1 comment
-
|
I'm not sure how your authentication mechanism works, but in my project I've based on fastapitutorial And my super user validation looks like that: class AdminAuth(AuthenticationBackend):
async def login(
self,
request: Request,
) -> bool:
form = await request.form()
username, password = form["username"], form["password"]
print("username is", username)
print("password is", password)
user = await authenticate_user(
username, password, session=async_session_maker()
)
if not user:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Incorrect username or password",
)
if not user.superuser:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="You are not permitted!!!",
)
admin_token_expires = timedelta(minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES)
admin_token = create_access_token(
data={"sub": user.email}, expires_delta=admin_token_expires
)
print("access token is ", admin_token)
request.session.update({"admin_token": admin_token})
return True
async def logout(self, request: Request) -> bool:
request.session.clear()
return True
async def authenticate(self, request: Request) -> bool:
token = request.session.get("admin_token")
print("token is ", token)
if not token:
return False
# TODO: implement token validation
return True
|
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hy there, How should i check given user is superuser or not inside login method?
I have used fastapi_users package for authentication handling but here you can
provide any solution
class MyAdminBackend(AuthenticationBackend):
Beta Was this translation helpful? Give feedback.
All reactions