Comments (18)
BUMP
from django-oscar-api.
This problem you are having, is it while using oscarapi.middleware.HeaderSessionMiddleware or without?
from django-oscar-api.
By the way your remark about 'clients not using cookies' is spot on.
This api was designed more towards backend systems as consumers instead of web clients as consumers.
What you are seeing now is that you can use the api mixed with the website for AUTHENTICATED users, but for anonymous users you can not mix regular oscar views with api views. That is because oscar keeps the basket id in a cookie, since there might not be any cookies, that mechanism can not be used by the api.
from django-oscar-api.
Is there any easy fix for this ? On the top of my head, it would be to actually create a user for anonymouse users, maybe with a special role and then log them in automatically ? Maybe i'm overthinking this
from django-oscar-api.
@jakobholmelund 👍 Nice idea.
from django-oscar-api.
I think you could write a middleware that copies the basket id from the cookie to the session?
from django-oscar-api.
Hmm after fidling a bit it seems that my oscar_open_basket cookie is in the format "15:_1bd6Cc9NYDQkEfFP4KdAOR7fSw" . When trying to copy this to the session with (taken from the login handler)
anonymous_basket = operations.get_anonymous_basket(request)
It seems to expect an integer. I haven't used the login handler since i'm using the api for a mixed web/api approach, so i don't know if i'm supposed to split the id myself ?
from django-oscar-api.
you need to unsign the cookie id, look here: https://github.com/django-oscar/django-oscar/blob/1.0.2/oscar/apps/basket/middleware.py#L174
Most likely you should extend that middleware
from django-oscar-api.
Just so i don't misunderstand. What i wan't to do, is open up that /oscarapi/basket/ to anonymouse users on the current domain. I would think that the HeaderSessionMiddleware would take care of this ? my middleware config is
MIDDLEWARE_CLASSES = (
# 'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'oscarapi.middleware.HeaderSessionMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'sonofatailor.middleware.BasketMiddleware',
'django.contrib.flatpages.middleware.FlatpageFallbackMiddleware',
'django.middleware.locale.LocaleMiddleware',
'django.middleware.gzip.GZipMiddleware',
'pipeline.middleware.MinifyHTMLMiddleware',
)
from django-oscar-api.
I'm an idiot.. i had
REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES': ('rest_framework.permissions.IsAdminUser',),
'CHARSET': 'utf-8'
}
in my config.. No wonder it didn't work :/
With that line removed, and the modified middleware, everything seems to work..
from django-oscar-api.
Which middleware? The one you made or mine (HeaderSessionMiddleware)?
If it is yours, maybe you can contribute it?
from django-oscar-api.
@jakobholmelund did you create a middleware that implements this, or did HeaderSessionMiddleware work for you?
from django-oscar-api.
Hi again. Sorry i didn't get back before.
Right now i'm using the HeaderSessionMiddleware as well as 2 other custom middlewares. At this point i'm not really sure if both of my own Middlewares are needed, but i haven't had time to consolidate what it is that makes it work. In on of my custom middlewares i am overriding the Core BasketMiddleware with
class BasketMiddleware(CoreBasketMiddleware):
def get_cookie_basket(self, cookie_key, request, manager):
"""
Looks for a basket which is referenced by a cookie.
If a cookie key is found with no matching basket, then we add
it to the list to be deleted.
"""
basket = None
if cookie_key in request.COOKIES:
basket_hash = request.COOKIES[cookie_key]
try:
basket_id = Signer().unsign(basket_hash)
basket = Basket.objects.get(pk=basket_id,
owner=None,
status=Basket.OPEN)
# Store basket in session
operations.store_basket_in_session(basket, request.session)
except (BadSignature, Basket.DoesNotExist):
request.cookies_to_delete.append(cookie_key)
return basket
and my other Middleware helps with Anonymous users.
class AnonymouseBasketMiddleware(object):
def process_request(self, request):
if not request.user.is_authenticated():
request.basket = get_basket(request)
I'll be happy to contribute after i find out exactly what makes it work. But right now i have to focus 100% to get my company's new site launched.
from django-oscar-api.
This is what we are using that works. In our website we use ember app just for the basket, which uses oscar-api.
Checkout and other pages are rendered from the server along with basket's content.
Also, we don't use the Session-Id protocol and HeaderSessionMiddleware.
HeaderSessionMiddleware works and we were using it when the app was completely a SPA using ember. Django Session Authentication works well except when the API domain is different than the website domain.
from django.conf import settings
from oscar.apps.basket.middleware import BasketMiddleware as CoreBasketMiddleware
from oscar.core.loading import get_model
from oscarapi.basket import operations
Basket = get_model('basket', 'basket')
class BasketMiddleware(CoreBasketMiddleware):
"""
Here we manage the basket in session so that it will work for both api and browser
Following steps will be taken
1. Check for OPEN basket in session, if found use the same.
2. If user is authenticated, merge session basket and remove the basket from session
"""
def get_basket(self, request):
"""
Return the open basket for this request
"""
if request._basket_cache is not None:
return request._basket_cache
# get anonymous basket before actual basket
# else operations.prepare will overwrite the session basket with user basket
anonymous_basket = operations.get_anonymous_basket(request)
basket = operations.get_basket(request, True)
# since the operations.get_basket doesnt merge the
# anonymous basket with user basket, we need to check and merge here
if request.user and request.user.is_authenticated():
if anonymous_basket and anonymous_basket.id != basket.id:
self.merge_baskets(basket, anonymous_basket)
return basket
def process_response(self, request, response):
return response
from django-oscar-api.
I think I've solved the issue in this pull request: #34
If anyone can confirm this solves the problem, I will merge that feature.
from django-oscar-api.
I'll close this issue after documentation on this is done
from django-oscar-api.
@shahaamir @jakobholmelund Can you confirm that this issue is solved with #34 ?
from django-oscar-api.
https://django-oscar-api.readthedocs.org/en/latest/usage/middleware.html#basket-middleware
from django-oscar-api.
Related Issues (20)
- Unable to create an account HOT 1
- How to Login with react js HOT 16
- How to Overwrite Oscar API URL ? HOT 1
- getting HOT 2
- Weird results in attributes with patching Childs HOT 3
- AttributeError: 'NoneType' object has no attribute 'strategy' HOT 3
- Is there any good way to make price range filter with oscar api? HOT 1
- Why doesn't ProductList filter out non-public products?
- AdminProductSerializer validation
- `cookies_to_delete` is always an empty list HOT 12
- AdminProductSerializer error when trying to add products HOT 1
- Voucher discount is applied to every single product in the basket
- Add to basket api returns 403 forbidden when user is logged in HOT 5
- ImproperlyConfigured at /api/admin/products/ when a Product has an optiongroup HOT 13
- master ahead of main? HOT 1
- _ in both ApiBasketMiddleWare and translations? HOT 1
- Potential problem with basket for unauthenticated users
- Inconsistency between product class and product category HOT 1
- PUT on productclasses HOT 6
- Empty attribute values cause an exception
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from django-oscar-api.