From ba434f4fb594a73b64974eea9c46516bfd5778d3 Mon Sep 17 00:00:00 2001 From: inexcode Date: Tue, 23 Aug 2022 00:06:12 +0400 Subject: [PATCH] Allow using query params to fetch GraphQL --- selfprivacy_api/graphql/__init__.py | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/selfprivacy_api/graphql/__init__.py b/selfprivacy_api/graphql/__init__.py index 89dc6e2c..73721971 100644 --- a/selfprivacy_api/graphql/__init__.py +++ b/selfprivacy_api/graphql/__init__.py @@ -13,8 +13,9 @@ class IsAuthenticated(BasePermission): message = "You must be authenticated to access this resource." def has_permission(self, source: typing.Any, info: Info, **kwargs) -> bool: - return is_token_valid( - info.context["request"] - .headers.get("Authorization", "") - .replace("Bearer ", "") - ) + token = info.context["request"].headers.get("Authorization") + if token is None: + token = info.context["request"].query_params.get("token") + if token is None: + return False + return is_token_valid(token.replace("Bearer ", ""))