See get_user().
(request)
| 327 | |
| 328 | |
| 329 | async def aget_user(request): |
| 330 | """See get_user().""" |
| 331 | from .models import AnonymousUser |
| 332 | |
| 333 | user = None |
| 334 | try: |
| 335 | user_id = await _aget_user_session_key(request) |
| 336 | backend_path = await request.session.aget(BACKEND_SESSION_KEY) |
| 337 | except KeyError: |
| 338 | pass |
| 339 | else: |
| 340 | if backend_path in settings.AUTHENTICATION_BACKENDS: |
| 341 | backend = load_backend(backend_path) |
| 342 | user = await backend.aget_user(user_id) |
| 343 | # Verify the session |
| 344 | if hasattr(user, "get_session_auth_hash"): |
| 345 | session_hash = await request.session.aget(HASH_SESSION_KEY) |
| 346 | if not session_hash: |
| 347 | session_hash_verified = False |
| 348 | else: |
| 349 | session_auth_hash = user.get_session_auth_hash() |
| 350 | session_hash_verified = constant_time_compare( |
| 351 | session_hash, session_auth_hash |
| 352 | ) |
| 353 | if not session_hash_verified: |
| 354 | # If the current secret does not verify the session, try |
| 355 | # with the fallback secrets and stop when a matching one is |
| 356 | # found. |
| 357 | if session_hash and any( |
| 358 | constant_time_compare(session_hash, fallback_auth_hash) |
| 359 | for fallback_auth_hash in user.get_session_auth_fallback_hash() |
| 360 | ): |
| 361 | await request.session.acycle_key() |
| 362 | await request.session.aset(HASH_SESSION_KEY, session_auth_hash) |
| 363 | else: |
| 364 | await request.session.aflush() |
| 365 | user = None |
| 366 | |
| 367 | return user or AnonymousUser() |
| 368 | |
| 369 | |
| 370 | def get_permission_codename(action, opts): |