Navigation

Auth

Swingers’ toolset for authentication, auditing and record-keeping.

Admin

class swingers.sauth.admin.AuditAdmin

A ModelAdmin class for the swingers.sauth.models.Audit.

Backends

class swingers.sauth.backends.EmailBackend

Handles a variety of authentication functions within DEC. It enables authentication of users against Active Directory, and the ability for users to log in using their email addresses (instead of usernames). It also allows the checking of object-level permissions on any object using django-guardian. Add this class to your AUTHENTICATION_BACKENDS when you require this functionality.

class swingers.sauth.backends.PersonaBackend

Implements Mozilla’s BrowserID, except using email addresses as the unique identifier instead of username. Include this class in your AUTHENTICATION_BACKENDS if you require BrowserID.

Decorators

@swingers.sauth.decorators.crossdomain

Decorator that wraps the view and returns HTTP headers to allow cross-site requests from a domain. Usage:

from swingers.sauth.decorators import crossdomain

@crossdomain
def my_view(request):
    # Anything I return from this view function can be requested via
    # XMLHttpRequest from a browser.
    return HttpResponse()

Note

For the decorator to work, it requires that the HTTP_ORIGIN header is set in the request, otherwise crossdomain() will return the response without setting any access-control headers.

Models

ApplicationLink objects have the following fields:

client_name

The project/host of the client application.

server_name

The project/host of the server application.

server_url

The url that requests should be made to.

identifier

The IP or hostname, optional for added security.

Warning

This attribute is unused.

secret

The shared secret of this link.

timeout

The timeout of tokens created from this link. Default: 600 seconds.

auth_method

The authentication method for this link. It should be one of: basic, md5, sha1, sha224, sha256, sha364, or sha512. Default: sha256.

class swingers.sauth.decorators.Token

A token represents temporary permission to act and make requests as a particular user, without needing any other authentication or authorization. Token objects have the following fields:

The application link of this token.

user

The user this token authenticates as.

url

The url that this token is restricted to. Default: /.

secret

The token’s secret. This needs to be included on requests using the token.

modified

The last time this token was accessed or modified. Usually represents the last time a request was made with this token.

timeout

The timeout of this token. Default: 600 seconds.

class swingers.sauth.decorators.Job

Job represents a job that is either queued, running or completed. Job objects have the following fields:

name

Name of the job.

args

Arguments of the job.

output

Output of the job.

state

One of queued, running or completed.

Forms

class swingers.sauth.forms.BaseAuditForm

BaseAuditForm hides any base fields that are present on any model that inherits from Audit.

helper

The crispy_forms form helper class. Adds buttons to the form.

Sites

class swingers.sauth.sites.AuditSite

Custom Admin site that automatically registers AuditAdmin as admin class for any model class that inherits from Audit.

Urls

swingers.sauth.urls

Adds SERVICE_NAME/request_token/, SERVICE_NAME/list_tokens/, SERVICE_NAME/delete_token/, SERVICE_NAME/validate_token/, validate_token/ and session/ url endpoints.

Views

swingers.sauth.views.validate_token(request)

This function is a simple view that lets the AuthenticationMiddleware take care of refreshing the token if needed, or expire it if it is outside of the expiry period. The view returns true or false based on whether or not the user is authenticated.

swingers.sauth.views.list_access_token(request)

Lists tokens for the a particular user. To successfully list tokens, you must make a GET or POST request with the correct parameters.

user_id
The user id to list tokens for.
client_id
The client id for the request.
client_secret
The client secret for the ApplicationLink object.
expires
Expire time for the token refresh.
nonce
For requests that aren’t basic auth, the nonce of the request.

To use within another view (with the requests library):

from swingers.sauth.models import ApplicationLink
from swingers.utils.auth import make_nonce

import requests

def get_tokens(request):
    url = '/url/to/list'
    link = ApplicationLink.objects.get(pk=1)
    user_id = 'admin'
    nonce = make_nonce()
    data = {
        'user_id': 'admin',
        'nonce': nonce,
        'client_id': 'restless',
        'client_secret': link.get_client_secret(user_id, nonce)
    }
    tokens = requests.get(url, data)
    # rest of the view here.
swingers.sauth.views.request_access_token(request)

Like list_access_token(), request_access_token() requires a request containing the correct parameters. It will return the secret of a newly created token on success.

swingers.sauth.views.delete_access_token(request)

To delete a token, make a request to this view with the token’s secret set in request.REQUEST['access_token'] and the view will take care of deleting the token for you.

swingers.sauth.views.session(request)

session() allows the client to set arbitrary key-values on the session. This allows storage of client-side configuration for uses such as storing user’s maps in the SSS. session() will return the current list of key-values stored on the session after updating.

Django-swingers is a library of common utilities, templates and other django customizations used throughout Department of Parks and Wildlife.

Table Of Contents

Related Topics

© Copyright 2013, Department of Parks and Wildlife, Last updated Nov 15, 2013.