Override the IsAuthenticated permission class with one that checks firebase

Question

I am using firebase(pyrebase library) for my authentication with a django backend and a react frontend.For this to work I had to override the DRF auth class TokenAuthentication with my FirebaseAuthentication. But I still get 401 unauthorised when I try to access a view since I also need to override the drf permission class isAuthenticated.But I have been searching for a way to do this with python without success.Any help would be appreciated. Below is a snippet of the permission class and where its applied on my views

DRF permissions.py

class IsAuthenticated(BasePermission):
    """
    Allows access only to authenticated users.
    """

    def has_permission(self, request, view):
        return bool(request.user and request.user.is_authenticated)

views.py

class FinanceTransactionList(GenericAPIView):
    authentication_classes = [FirebaseAuthentication]
    permission_classes = [IsAuthenticated]

    @classmethod
    @encryption_check
    def post(self, request, *args, **kwargs):
    ...

score 0 · Answer 1 · answered Sep 07 '22 at 15:06

To implement custom permission, override BasePermission and implement either, or both, of the following methods:

.has_permission(self, request, view)

.has_object_permission(self, request, view, obj)

The methods should return True if the request should be granted access, and False otherwise.

If you need to test if a request is a read operation or a write operation, you should check the request method against the constant SAFE_METHODS, which is a tuple containing 'GET', 'OPTIONS', and 'HEAD'. For example:

if request.method in permissions.SAFE_METHODS:
    # Check permissions for the read-only request
else:
    # Check permissions for writing request

Custom permissions will raise a PermissionDenied exception if the test fails. To change the error message associated with the exception, implement a message attribute directly on your custom permission. Otherwise, the default_detail attribute from PermissionDenied will be used. Similarly, to change the code identifier associated with the exception, implement a code attribute directly on your custom permission - otherwise, the default_code attribute from PermissionDenied will be used.

from rest_framework import permissions

class CustomerAccessPermission(permissions.BasePermission):
    message = 'Firebase Auth Required.'

    def has_permission(self, request, view):
        ...

Override the IsAuthenticated permission class with one that checks firebase

1 Answers1