Skip to content

UserInfo Endpoint not Accessible without Cookie #12925

New issue
New issue
Open
Open
UserInfo Endpoint not Accessible without Cookie#12925
Labels
4.4.xbug
@ridoo

Description

@ridoo
ridoo
opened on Feb 19, 2025

Expected Behavior

Accessing /api/o/v4/userinfo via Bearer token does work.

Actual Behavior

Currently, a 401 is returned when no Cookie is sent along the request.

Steps to Reproduce the Problem

  1. Obtain an access token
  2. Make a curl request with Bearer token
  3. See 401 returned

Specifications

  • GeoNode version: 4.4.x (but 5.x might be affected as well)
  • Installation type (vanilla, geonode-project):
  • Installation method (manual, docker):
  • Platform:
  • Additional details: See here, the user is directly read from request:

geonode/geonode/api/views.py

Lines 56 to 58 in 5726c6d

@csrf_exempt
def user_info(request):
user = request.user

Metadata

Metadata

Assignees

No one assigned

    Labels

    4.4.xbug

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions