[BUG] Django Ninja JWT Token Validation Issue #117
Comments
|
For more context, I have also tried to use the original ninja-jwt's implementation without any customization, same issue. following is how I add the router to ninja api: from ninja import Router
from ninja_jwt.routers.obtain import obtain_pair_router
router = Router(tags=["auth"])
# This ninja_jwt router contains two endpoints:
# - /pair: Obtain a pair of access and refresh tokens
# - /refresh: Refresh an access token
router.add_router("/token", obtain_pair_router, auth=None, tags=["token"])
|
|
I also found out that setting class TokenObtainPairInputSchema(TokenObtainInputSchemaBase):
"""Custom schema for token obtain pair.
NOTE: this schema is used to customize the output schema of the token obtain pair.
This is set in the project's settings.py file.
"""
model_config = pyd.ConfigDict(extra="forbid")
@classmethod
def get_response_schema(cls) -> type[SchemaOut]:
return TokenObtainPairOutputSchema
@classmethod
def get_token(cls, user: AbstractUser) -> dict[str, t.Any]:
values = {}
refresh = RefreshToken.for_user(user)
values["refresh"] = str(refresh)
values["access"] = str(refresh.access_token)
values.update(
user=UserSchema.from_orm(user)
) # this will be needed when creating output schema
return valuesresults in - |
subham1099
changed the title
|
@subham1099 So sorry for the late response. Reason #123 I know, if you set, extra to |
|
@eadwinCode No problem. I will make sure to include a
|
|
@subham1099 Alright I will look into thanks for the summary |
eadwinCode
added a commit
that referenced
this issue
Apr 5, 2025
eadwinCode
added a commit
that referenced
this issue
Apr 5, 2025
|
@subham1099 Sorry this took so long to fix, I have been very busy with work. If you are still using this on your project please let me know if the new release fixes the issue. Thanks |
|
Okay, I looked at the changes and it correctly handles the extra=forbid part. My original issue still persists, |
|
I am beginning to understand the issue here. First, authentication should happen after schema validation, not before. That way, Pydantic, and Ninja DjangoGetter will have resolved everything about the schema, and then we can proceed to authentication and other things. Is this the expected behavior for you too? |
|
I will test the changes out today and get back to you by EOD with a reproducible example if the issue still persists. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
When using Django Ninja JWT with a custom token obtain pair schema, the validation is being bypassed due to input type mismatch, leading to authentication errors.
Environment
Issue
The
TokenObtainInputSchemaBase.validate_inputsmethod expects the input to be a dictionary, but in the current version of Django Ninja, the input is wrapped in aDjangoGetterobject. This causes the validation to be bypassed, leading to aNoneTypeerror when trying to authenticate.Code
Request
Error Log
[debug ] Input validation - values type: <class 'ninja.schema.DjangoGetter'>
[debug ] Input validation - input_values type: <class 'ninja.schema.DjangoGetter'>
[debug ] Input validation - input_values: <DjangoGetter: {'password': 'string', 'username': 'string'}>
[error ] 'NoneType' object has no attribute 'id'
Expected Behavior
The validation should handle both dictionary and DjangoGetter inputs, ensuring proper validation before authentication attempts.
Current Workaround
We've implemented a workaround by explicitly handling the DjangoGetter case:
Questions
The text was updated successfully, but these errors were encountered: