Lack of user-authentication methods?

[jamesrusso]

Is the lack of user authentication intentional for this library? Seems like the preferred method is now to use signin() method which would cause a POST to the user-auth endpoint (compared with just joining a private channel).

[ronlut]

@benjamin-tang-pusher @samuelyallop-pusher @benw-pusher Same question here. Not sure what's the state with the new authentication flow in the client and our python server should be. Thanks

[benw-pusher]

I'll raise this internally, this may have been an oversight.

[hhhroot]

@benw-pusher Can I know when user authentication will be supported? Was there an internal roadmap or meeting?

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. If you'd like this issue to stay open please leave a comment indicating how this issue is affecting you. Thank you.

[andersonrocha0]

I created a PR with some "user" functions:

https://github.com/pusher/pusher-http-python/pull/207

[andersonrocha0]

@benw-pusher do I need to do anything else regarding the opened PR?

Thx

[andersonrocha0]

@benjamin-tang-pusher @samuelyallop-pusher @benw-pusher any news about the opened PR?

Thanks so far.

[benjamin-tang-pusher]

Hey, I will test your PR and see if its good enough to be merged.

[shakeeb1998]

was this merged?

[andersonrocha0]

was this merged?

Not yet. I'm waiting too.

[urkh]

:cricket: :cricket:

edit:

Since this library seems a bit outdated, and Pusher documentation is not enough clear, I did this based on the work of @andersonrocha0 in https://github.com/pusher/pusher-http-python/pull/207

I did this to use it with DRF. You need to call generate_pusher_response method and pass socket_id param with ::user:: for authentication or :chanel_name to authorize the channel. Then, return that result as JSON

hope it helps someone

import json

from django.conf import settings
from pusher import sign
from rest_framework import status
from rest_framework.response import Response



def generate_pusher_response(socket_id, prefix, user_data_encoded=None):
    response = {
        'auth': generate_auth_string(socket_id, prefix, user_data_encoded),
    }
    if user_data_encoded:
        response['user_data'] = user_data_encoded
    return response

def generate_auth_string(socket_id, prefix, user_data_encoded=None):
    string_to_sign = f'{socket_id}{prefix}{user_data_encoded or ""}'
    signature = sign(settings.PUSHER_APP_SECRET, string_to_sign)
    return f"{settings.PUSHER_APP_KEY}:{signature}"


class PusherAuthentication(APIView):
    def post(self, request, *args, **kwargs):
        socket_id = request.data.get('socket_id')

        response_data = {}
        response_status = status.HTTP_403_FORBIDDEN
        try:
            user_data = {'id': str(request.user.id)}
            user_data_encoded = json.dumps(user_data)
            response_data = generate_pusher_response(socket_id, '::user::', user_data_encoded)
            response_status = status.HTTP_200_OK
        except Exception as e:  # noqa
            pass

        return Response(response_data, status=response_status)


class PusherChannelAuthorization(APIView):
    def post(self, request, *args, **kwargs):
        socket_id = request.data.get('socket_id')
        channel = request.data.get('channel_name')
        room_id = channel.removeprefix('private-channel-')

        response_data = {}
        response_status = status.HTTP_403_FORBIDDEN

        if request.user.rooms.filter(id=room_id).exists():
            try:
                response_data = generate_pusher_response(socket_id, f':{channel}')
                response_status = status.HTTP_200_OK
            except Exception as e:  # noqa
                pass

        return Response(response_data, status=response_status)

[ctwillie]

Bump

[evgeniibreikin]

https://github.com/pusher/pusher-http-python/pull/207