Add DRFSessionAuthentication401Middleware

joshuatz · joshuatz · commit d9ad639e0a57 · 2024-12-20T15:10:52.000-08:00
diff --git a/django_utils_lib/middleware.py b/django_utils_lib/middleware.py
@@ -88,3 +88,21 @@ def __call__(self, request: HttpRequest) -> HttpResponse:
                 response["Location"] = redirect_url.geturl()
 
         return response
+
+
+try:
+    from rest_framework.authentication import SessionAuthentication
+    from rest_framework.request import Request as DRFRequest
+
+    class DRFSessionAuthentication401Middleware(SessionAuthentication):
+        """
+        Small shim around DRF's SessionAuthentication, so it returns 401s for
+        unauthorized, instead of 403.
+
+        https://github.com/encode/django-rest-framework/issues/5968
+        """
+
+        def authenticate_header(self, request: DRFRequest):
+            return "Session"
+except ImportError:
+    pass
diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml
@@ -25,6 +25,8 @@ pytest-playwright = "^0.5.2"
 filelock = "^3.16.0"
 debugpy = "^1.8.5"
 django = "*"
+djangorestframework = "^3.15.2"
+djangorestframework-stubs = {extras = ["compatible-mypy"], version = "^3.15.2"}
 
 [tool.ruff]
 line-length = 120
