Tag "authentication"

"Magic Link" Management Command

Django Management Command to print a "Magic Link" for one-click log-in. This is nice for people who project switch or don't want to remember passwords.

• authentication
• magic
• management
• command

Mon 17 Jan 2022 Read More

Dry basic-auth middleware using Django's AUTHENTICATION_BACKENDS and "basicauth" lib

Requires to install "basicauth" package, which does basic-auth header encoding/decoding cleanly according to RFCs. Could be improved to return a "realm" in case of http401, like in https://djangosnippets.org/snippets/1720/, although I'm not sure it's really useful in django usecases.

• middleware
• basic
• authentication
• auth
• http-authorization

Thu 13 Jun 2019 Read More

LoginRequiredMiddleware

### settings.py MIDDLEWARE = [ 'django.middleware.security.SecurityMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', 'utils.LoginRequiredMiddleware', ] LOGIN_REQUIRED_URLS = [ r'^panel/(.*)$' ] this will help any url under `panel/` require login.

• middleware
• authentication
• login_required

Sat 06 Apr 2019 Read More

Django Auth with JWT

This is an example of Django auth with JWT tokens, you can find how to add [jwt auth to Django Rest Framework in this tutorial](https://www.techiediaries.com/django-rest-framework-jwt-tutorial/)

• authentication
• auth
• jwt

Tue 20 Oct 2020 Read More

Django Rest Framework LoginExemptPermission: Apply `IsAuthenticated` to all ViewSet actions except those specified as exempt of authentication

Say you want to keep your API secure and thus it has authentication, but there's this one View action in a ViewSet which unlike the rest of the ViewSet's actions needs to allow free access without authentication. This solution applies the good old `IsAuthenticated` permission to all ViewSet actions except those defined in a `login_exempt_actions` list. That's a list of the ViewSet action's names. This is a simple solution for this particular problem, which I imagine could be quite common. Any case where the requirements are more complex should implement one of the DRF permissions extensions which allow for the use of logical operators. **NOTE**: Remember that `request.user` will be an `AnonymousUser` instance, so be careful with any code which assumes it'll be a `User` instance. This could be the case with, say, a custom `get_queryset` implementation.

• authentication
• api
• django-rest-framework

Tue 18 Oct 2016 Read More

JSON Web Token authentication middleware

This hasn't been thoroughly tested yet but so far it works great. We had no use for sessions or the built in authentication middleware for django as this was built to be a microservice for authentication. Unfortunately if you just use the django rest framework-jwt package the authentication occurs at the view level meaning request.user.is_authenticated() will always return False. We have a few internal non-api views that needed @login_required. We have a stripped down version of django that is very performant that we are using for microservices with built-in authorization using JSON Web Tokens. This service is authentication which has access to a `users` table. Any questions or curious how well lightweight django is working for microservices, or we he are doing the the authorization on the other services, or just improvements please drop a line - thanks.

• middleware
• authentication
• json web token
• django-rest-framework
• JWT

Wed 13 Apr 2016 Read More

Email authentication backend

Fixed minimal version, works with Django 1.7+, tested on Django 1.9. Add the following to your settings: AUTHENTICATION_BACKENDS = [ 'project.backends.UserModelEmailBackend', # Login w/ email 'django.contrib.auth.backends.ModelBackend', # Login w/ username ]

• authentication
• email
• auth
• username
• backend

Thu 08 Jun 2017 Read More

Custom Auth Backend to use E-Mail in Django

Instead of the default Django User the Auth Model is 'customer' from the usercp App. User's can use username as a display to the public, without disclosing their login information. This way they can use a forum with their username, which is seen by everyone. The login credentials, however are more privat, since it is the e-mail address. Allowing the user to not disclose any information.

• django
• authentication
• email

Mon 30 Mar 2015 Read More

Show logged users - keeping track of users login and logout

Showing a list of logged users using the *user_logged_in* and *user_logged_out* signals. See [login and logout signals](https://docs.djangoproject.com/en/1.4/topics/auth/#login-and-logout-signals) in Django docs.

• authentication
• login
• auth
• signals

Tue 11 Sep 2012 Read More

Basic Auth Middleware

A very basic Basic Auth middleware that uses a username/password defined in your settings.py as `BASICAUTH_USERNAME` and `BASICAUTH_PASSWORD`. Does not use Django auth. Handy for quickly securing an entire site during development, for example. In settings.py: BASICAUTH_USERNAME = 'user' BASICAUTH_PASSWORD = 'pass' MIDDLEWARE_CLASSES = ( 'app.module.BasicAuthMiddleware', #all other middleware )

• middleware
• basic
• authentication
• http-authorization

Mon 20 Sep 2021 Read More

ad-hoc request authentication

This is auth_data_required decorator analogous to login_required where authentication data must come in POST of request. It's useful for API. I took the idea from [Tumblr API](http://www.tumblr.com/docs/en/api).

• authentication

Wed 04 May 2011 Read More

Django authentication for django-piston

This authenticate together django.contrib.auth.models.User like django normal login does.

• authentication
• piston

Thu 26 Jul 2012 Read More

Google Account authentication

Use django_openid_auth from https://launchpad.net/django-openid-auth to authenticate your users with their Google Account. This snippet will allow your users having a Google Account address as username to log in using it.

• authentication
• openid
• google-account

Tue 10 Jun 2014 Read More

Use both NTLM and Anonymous authentication with IIS

Point '^accounts/login/$' or whatever your custom login path is to the 'negotiate_ntlm' view. This allows you to keep anonymous authentication enabled on IIS and easily lock down just the parts of the site you need to (e.g. [admin](http://djangosnippets.org/snippets/2127/)).

• admin
• authentication
• anonymous
• iis
• ntlm

Wed 23 Mar 2011 Read More

Use custom authentication backend with admin

Forces admin site to use your custom login. Very useful when using RemoteUserBackend. See [here](http://djangosnippets.org/snippets/2128/) for a use case.

• admin
• authentication
• login_required
• RemoteUserBackend

Fri 28 Sep 2012 Read More