Create chat modal UI & session login for WS auth

Backend: initialize a Django session on token obtain (login) so AuthMiddlewareStack can authenticate WebSocket connections; validate the token serializer and map TokenError -> InvalidToken; call django_logout on logout to destroy the session. Frontend: add a CreateChatModal component (DM/group creation) with user search, selection, validation, API mutation and cache invalidation; wire modal into ChatSidebar and add Czech translations for the new UI strings.
2026-05-28 08:40:55 +02:00
parent d52af2c495
commit f19375254f
4 changed files with 375 additions and 12 deletions
--- a/backend/account/views.py
+++ b/backend/account/views.py
@@ -1,4 +1,4 @@
-from django.contrib.auth import get_user_model, authenticate
+from django.contrib.auth import get_user_model, authenticate, login as django_login, logout as django_logout
 from django.utils.http import urlsafe_base64_encode, urlsafe_base64_decode
 from django.utils.encoding import force_bytes, force_str

@@ -21,7 +21,7 @@ from rest_framework.viewsets import ModelViewSet
 from rest_framework.permissions import IsAuthenticated, AllowAny

 from rest_framework_simplejwt.tokens import RefreshToken
-from rest_framework_simplejwt.exceptions import TokenError, AuthenticationFailed
+from rest_framework_simplejwt.exceptions import TokenError, AuthenticationFailed, InvalidToken
 from django_filters.rest_framework import DjangoFilterBackend

 from drf_spectacular.utils import extend_schema, OpenApiResponse, OpenApiExample, OpenApiParameter
@@ -52,14 +52,19 @@ class CookieTokenObtainPairView(TokenObtainPairView):


    def post(self, request, *args, **kwargs):
-        response = super().post(request, *args, **kwargs)
+        serializer = self.get_serializer(data=request.data)
+        try:
+            serializer.is_valid(raise_exception=True)
+        except TokenError as e:
+            raise InvalidToken(e.args[0])

-        # Získáme tokeny z odpovědi
-        access = response.data.get("access")
-        refresh = response.data.get("refresh")
+        access = serializer.validated_data.get("access")
+        refresh = serializer.validated_data.get("refresh")

-        if not access or not refresh:
-            return response  # Např. při chybě přihlášení
+        # Create a Django session so AuthMiddlewareStack authenticates WebSocket connections
+        django_login(request, serializer.user, backend='django.contrib.auth.backends.ModelBackend')
+
+        response = Response(serializer.validated_data, status=status.HTTP_200_OK)

        jwt_settings = settings.SIMPLE_JWT

@@ -155,12 +160,10 @@ class LogoutView(APIView):
    permission_classes = [AllowAny]

    def post(self, request):
+        django_logout(request)  # destroy Django session (used for WebSocket auth)
        response = Response({"detail": "Logout successful"}, status=status.HTTP_200_OK)
-
-        # Smazání cookies
        response.delete_cookie("access_token", path="/")
        response.delete_cookie("refresh_token", path="/")
-
        return response

 #--------------------------------------------------------------------------------------------------------------