Return the user model instance associated with the given request session. If no user is retrieved, return an instance of `AnonymousUser`.
(request)
| 283 | |
| 284 | |
| 285 | def get_user(request): |
| 286 | """ |
| 287 | Return the user model instance associated with the given request session. |
| 288 | If no user is retrieved, return an instance of `AnonymousUser`. |
| 289 | """ |
| 290 | from .models import AnonymousUser |
| 291 | |
| 292 | user = None |
| 293 | try: |
| 294 | user_id = _get_user_session_key(request) |
| 295 | backend_path = request.session[BACKEND_SESSION_KEY] |
| 296 | except KeyError: |
| 297 | pass |
| 298 | else: |
| 299 | if backend_path in settings.AUTHENTICATION_BACKENDS: |
| 300 | backend = load_backend(backend_path) |
| 301 | user = backend.get_user(user_id) |
| 302 | # Verify the session |
| 303 | if hasattr(user, "get_session_auth_hash"): |
| 304 | session_hash = request.session.get(HASH_SESSION_KEY) |
| 305 | if not session_hash: |
| 306 | session_hash_verified = False |
| 307 | else: |
| 308 | session_auth_hash = user.get_session_auth_hash() |
| 309 | session_hash_verified = constant_time_compare( |
| 310 | session_hash, session_auth_hash |
| 311 | ) |
| 312 | if not session_hash_verified: |
| 313 | # If the current secret does not verify the session, try |
| 314 | # with the fallback secrets and stop when a matching one is |
| 315 | # found. |
| 316 | if session_hash and any( |
| 317 | constant_time_compare(session_hash, fallback_auth_hash) |
| 318 | for fallback_auth_hash in user.get_session_auth_fallback_hash() |
| 319 | ): |
| 320 | request.session.cycle_key() |
| 321 | request.session[HASH_SESSION_KEY] = session_auth_hash |
| 322 | else: |
| 323 | request.session.flush() |
| 324 | user = None |
| 325 | |
| 326 | return user or AnonymousUser() |
| 327 | |
| 328 | |
| 329 | async def aget_user(request): |