use env variable for cache duration + limit API to logged in user only

2024-05-17 19:24:28 +02:00
parent 4c39fed29b
commit ba6f877b4b
9 changed files with 31 additions and 13 deletions
--- a/authentication/backends.py
+++ b/authentication/backends.py
@@ -5,6 +5,7 @@ from django.http import JsonResponse
 from django.contrib.auth import authenticate
 from django.contrib.auth.models import User
 from django.contrib.auth.backends import ModelBackend
+from django.conf import settings

 from rest_framework.exceptions import AuthenticationFailed

@@ -23,7 +24,7 @@ class CustomOIDCBackend(OIDCAuthenticationBackend):
        """Hack to use the same auth as DRF"""
        back = OIDCAuthentication()
        try:
-            u, tok = back.authenticate(request)
+            u, tok = back.authenticate(request) or (None, None)
        except AuthenticationFailed:
            u = None
        return u
@@ -34,7 +35,7 @@ class CustomOIDCBackend(OIDCAuthenticationBackend):
            print("no cache found for userinfo-{access_token} yet.")
            userinfo = super().get_userinfo(access_token, id_token, payload)
            if userinfo:
-                cache.set(f'userinfo-{access_token}', userinfo, timeout=60*60*24)
+                cache.set(f'userinfo-{access_token}', userinfo, timeout=settings.OIDC_CACHE_USERINFO)
        return userinfo

    def update_user(self, user, claims):  # TODO: update groups?
--- a/authentication/migrations/init.py
+++ b/authentication/migrations/init.py