onconova.core.auth.token

Module providing a custom authentication class for session-based authentication using the X-SESSION-TOKEN HTTP header in Django.

XSessionTokenAuth

Bases: XSessionTokenAuth

Custom authentication class for session-based authentication using the X-SESSION-TOKEN HTTP header.

This class extends XSessionTokenAuthBase to provide compatibility with django-allauth in headless mode. It also adds OpenAPI metadata for schema generation, specifying the authentication type, location, and header name.

Attributes:

Name	Type	Description
openapi_type	str	The OpenAPI security scheme type ('apiKey').
openapi_in	str	The location of the API key ('header').
openapi_name	str	The name of the header containing the session token ('X-SESSION-TOKEN').

Methods:

Name	Description
__call__	HttpRequest) -> Optional[User]: Authenticates the user using the X-SESSION-TOKEN header. If authentication is successful, sets request.user to the authenticated user. Returns the authenticated user if the token is valid, otherwise None.

openapi_in class-attribute instance-attribute

openapi_name class-attribute instance-attribute

openapi_type class-attribute instance-attribute

__call__(request)

Authenticate the user using the X-SESSION-TOKEN header.

Parameters:

Name	Type	Description	Default
request	HttpRequest	Incoming HTTP request.	required

Returns:

Type	Description
User | None	The authenticated user if the token is valid, otherwise None.

Source code in onconova/core/auth/token.py

def __call__(self, request: HttpRequest):
    """
    Authenticate the user using the `X-SESSION-TOKEN` header.

    Args:
        request (HttpRequest): Incoming HTTP request.

    Returns:
        (User | None): The authenticated user if the token is valid, otherwise None.
    """
    user = super().__call__(request)
    if user:
        request.user = user
    return user

2025-10-172025-10-17runner