Hello. I’m looking for advice on the correct way to write a remote user backend that works both in the webpage and with REST API.
I have written a class based on RemoteUserBackend. In my authorize method, I include this section because without it, POST requests try to run auth.login() which fails because of “CSRF Failed: Referer checking failed - no Referer”.
if request.META['PATH_INFO'].startswith('/api'):
return None
So now I have everything working, but each API request causes a user_login_failed signal which writes a message in the log that I would like to avoid.
I understand what’s happening… When RemoteUserMiddleware receives the request, request.user is an AnonymousUser with is_authenticated=False. So it tries to login using my authenticate method, which returns None, so then the signal is sent here.
Is there a better way to address this?