Login

Tag "authentication"

50 snippets

Snippet List

Use email addresses for user name

Django's built in authentication system requires the username to be alpha-numeric only. Therefore, email addresses are invalid. However, in many cases, you would like to use an email address as the username. This snippet allows you to do so. It has the added benefit that if you want to continue using the regular username format, you can do that too. It's the best of both worlds! To make sure propoer credit is given, this code is modified from a django group posting from Vasily Sulatskov. To use this file, save it in your project as something like: email-auth.py Then, add the following lines to your settings.py file: AUTHENTICATION_BACKENDS = ( 'yourproject.email-auth.EmailBackend', ) You can see a full implementation [here] (http://www.satchmoproject.com/trac/browser/satchmo/trunk/satchmo)

  • authentication
Read More

"Magic Link" Management Command

Django Management Command to print a "Magic Link" for one-click log-in. This is nice for people who project switch or don't want to remember passwords.

  • authentication
  • magic
  • management
  • command
Read More

Basic Auth Middleware

A very basic Basic Auth middleware that uses a username/password defined in your settings.py as `BASICAUTH_USERNAME` and `BASICAUTH_PASSWORD`. Does not use Django auth. Handy for quickly securing an entire site during development, for example. In settings.py: BASICAUTH_USERNAME = 'user' BASICAUTH_PASSWORD = 'pass' MIDDLEWARE_CLASSES = ( 'app.module.BasicAuthMiddleware', #all other middleware )

  • middleware
  • basic
  • authentication
  • http-authorization
Read More

Django Auth with JWT

This is an example of Django auth with JWT tokens, you can find how to add [jwt auth to Django Rest Framework in this tutorial](https://www.techiediaries.com/django-rest-framework-jwt-tutorial/)

  • authentication
  • auth
  • jwt
Read More

LoginRequiredMiddleware

### settings.py MIDDLEWARE = [ 'django.middleware.security.SecurityMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', 'utils.LoginRequiredMiddleware', ] LOGIN_REQUIRED_URLS = [ r'^panel/(.*)$' ] this will help any url under `panel/` require login.

  • middleware
  • authentication
  • login_required
Read More

Authentication Against Active Directory (LDAP) over SSL

I had some trouble getting other peoples code to work for AD support, so I wrote my own which authenticates against LDAP and will also use SSL and cert if required. It will also verify that an autheticated user has specific group membership before authorizing. This will also debug to a file, which is really helpful when trying to figure out problems. One thing that really got me when getting python-ldap to work was that you must have "ldap.set_option(ldap.OPT_REFERRALS,0)" set or any ldap search will not work. Also, this will add group permissions to a user.

  • authentication
  • ssl
  • ldap
  • active-directory
Read More

Facebook Authentication Backend

Authentication through Facebook's Graph API. See [http://developers.facebook.com/docs/authentication/](http://developers.facebook.com/docs/authentication/) [http://developers.facebook.com/docs/authentication/permissions](http://developers.facebook.com/docs/authentication/permissions) [http://developers.facebook.com/docs/api](http://developers.facebook.com/docs/api) [http://github.com/facebook/python-sdk/blob/master/examples/oauth/facebookoauth.py](http://github.com/facebook/python-sdk/blob/master/examples/oauth/facebookoauth.py) Define the facebook tokens in settings.py and replace <app_name> with the name of your app. You will probably want to modify the scope on the authorize link in the template, see the authentication permissions link. This updates the user model every time the user logs in but I think that it is okay so the data is always correct. I have tested this but not rigorously. If there is a hole and everyone gets admin rights to your site don't say I didn't warn you :). Comments are appreciated. 16 June 2010 Added missing imports. Cleaned up the template. Shouts out to @obeattie and @whalesalad

  • graph
  • authentication
  • login
  • auth
  • facebook
  • oauth
Read More

Email authentication backend

Fixed minimal version, works with Django 1.7+, tested on Django 1.9. Add the following to your settings: AUTHENTICATION_BACKENDS = [ 'project.backends.UserModelEmailBackend', # Login w/ email 'django.contrib.auth.backends.ModelBackend', # Login w/ username ]

  • authentication
  • email
  • auth
  • username
  • backend
Read More

create and authenticate an anonymous user

If you want anonymous visitors to your site, or parts of your site to be authenticated as real users so that you can treat them as such in your views and models, use this snippet. Add the above AuthenticationBackendAnonymous middleware into AUTHENTICATION_BACKENDS in your settings.py and use the snippet anonymous_or_real(request) in your views, which returns a user. Comment out the bit where it creates a profile if you are not using profiles.

  • authentication
  • anonymous
Read More

Django Rest Framework LoginExemptPermission: Apply `IsAuthenticated` to all ViewSet actions except those specified as exempt of authentication

Say you want to keep your API secure and thus it has authentication, but there's this one View action in a ViewSet which unlike the rest of the ViewSet's actions needs to allow free access without authentication. This solution applies the good old `IsAuthenticated` permission to all ViewSet actions except those defined in a `login_exempt_actions` list. That's a list of the ViewSet action's names. This is a simple solution for this particular problem, which I imagine could be quite common. Any case where the requirements are more complex should implement one of the DRF permissions extensions which allow for the use of logical operators. **NOTE**: Remember that `request.user` will be an `AnonymousUser` instance, so be careful with any code which assumes it'll be a `User` instance. This could be the case with, say, a custom `get_queryset` implementation.

  • authentication
  • api
  • django-rest-framework
Read More

JSON Web Token authentication middleware

This hasn't been thoroughly tested yet but so far it works great. We had no use for sessions or the built in authentication middleware for django as this was built to be a microservice for authentication. Unfortunately if you just use the django rest framework-jwt package the authentication occurs at the view level meaning request.user.is_authenticated() will always return False. We have a few internal non-api views that needed @login_required. We have a stripped down version of django that is very performant that we are using for microservices with built-in authorization using JSON Web Tokens. This service is authentication which has access to a `users` table. Any questions or curious how well lightweight django is working for microservices, or we he are doing the the authorization on the other services, or just improvements please drop a line - thanks.

  • middleware
  • authentication
  • json web token
  • django-rest-framework
  • JWT
Read More

view by view basic authentication decorator

A simple decorator that requires a user to be logged in. If they are not logged in the request is examined for a 'authorization' header. If the header is present it is tested for basic authentication and the user is logged in with the provided credentials. If the header is not present a http 401 is sent back to the requestor to provide credentials. The purpose of this is that in several django projects I have needed several specific views that need to support basic authentication, yet the web site as a whole used django's provided authentication. The uses for this are for urls that are access programmatically such as by rss feed readers, yet the view requires a user to be logged in. Many rss readers support supplying the authentication credentials via http basic auth (and they do NOT support a redirect to a form where they post a username/password.) Use is simple: ` @logged_in_or_basicauth def your_view: ... ` You can provide the name of the realm to ask for authentication within.

  • basic
  • authentication
  • decorator
Read More

Email or username authentication with masquerading

This backend will allow you to have users login using either their username or the email address as it is in the User model. In addition, it will allow anyone with the staff priveleges to login as another user. The method is to user the user you wish to masquerade as (either email/username) as the username and then a string of the format *username*/*password* as the password, where *username* is the username of the staff member, and *password* is their password.

  • authentication
  • email
  • login
  • auth
  • backend
Read More

Enforce site wide login

This is based on a snippet contributed by zbyte64 ( RequireLoginMiddleware) but turned on its head. RequireLoginMiddleware enforces authentication for a subset of urls defined in settings.py. This middleware requires authentication for all urls except those defined in settings.py. The aim is to globally enforce site wide authentication without having to decorate individual views. To use, add the class to MIDDLEWARE_CLASSES and then define the urls you don't need authentication for. These go in a tuple called PUBLIC_URLS in settings.py. For example:- PUBLIC_URLS = ( r'project/application/login/', r'project/application/signup/', ) By default, authentication is not required for any urls served statically by Django. If you want to subject these to the same validation, add an entry to settings.py called SERVE_STATIC_TO_PUBLIC with a value of True.

  • middleware
  • authentication
  • login
Read More