Swingers’ toolset for authentication, auditing and record-keeping.
A ModelAdmin class for the swingers.sauth.models.Audit.
Handles a variety of authentication functions within DEC. It enables authentication of users against Active Directory, and the ability for users to log in using their email addresses (instead of usernames). It also allows the checking of object-level permissions on any object using django-guardian. Add this class to your AUTHENTICATION_BACKENDS when you require this functionality.
Implements Mozilla’s BrowserID, except using email addresses as the unique identifier instead of username. Include this class in your AUTHENTICATION_BACKENDS if you require BrowserID.
Decorator that wraps the view and returns HTTP headers to allow cross-site requests from a domain. Usage:
from swingers.sauth.decorators import crossdomain
@crossdomain
def my_view(request):
# Anything I return from this view function can be requested via
# XMLHttpRequest from a browser.
return HttpResponse()
Note
For the decorator to work, it requires that the HTTP_ORIGIN header is set in the request, otherwise crossdomain() will return the response without setting any access-control headers.
ApplicationLink objects have the following fields:
The project/host of the client application.
The project/host of the server application.
The url that requests should be made to.
The IP or hostname, optional for added security.
Warning
This attribute is unused.
The shared secret of this link.
The timeout of tokens created from this link. Default: 600 seconds.
The authentication method for this link. It should be one of: basic, md5, sha1, sha224, sha256, sha364, or sha512. Default: sha256.
A token represents temporary permission to act and make requests as a particular user, without needing any other authentication or authorization. Token objects have the following fields:
The application link of this token.
The user this token authenticates as.
The url that this token is restricted to. Default: /.
The token’s secret. This needs to be included on requests using the token.
The last time this token was accessed or modified. Usually represents the last time a request was made with this token.
The timeout of this token. Default: 600 seconds.
BaseAuditForm hides any base fields that are present on any model that inherits from Audit.
The crispy_forms form helper class. Adds buttons to the form.
Custom Admin site that automatically registers AuditAdmin as admin class for any model class that inherits from Audit.
Adds SERVICE_NAME/request_token/, SERVICE_NAME/list_tokens/, SERVICE_NAME/delete_token/, SERVICE_NAME/validate_token/, validate_token/ and session/ url endpoints.
This function is a simple view that lets the AuthenticationMiddleware take care of refreshing the token if needed, or expire it if it is outside of the expiry period. The view returns true or false based on whether or not the user is authenticated.
Lists tokens for the a particular user. To successfully list tokens, you must make a GET or POST request with the correct parameters.
To use within another view (with the requests library):
from swingers.sauth.models import ApplicationLink
from swingers.utils.auth import make_nonce
import requests
def get_tokens(request):
url = '/url/to/list'
link = ApplicationLink.objects.get(pk=1)
user_id = 'admin'
nonce = make_nonce()
data = {
'user_id': 'admin',
'nonce': nonce,
'client_id': 'restless',
'client_secret': link.get_client_secret(user_id, nonce)
}
tokens = requests.get(url, data)
# rest of the view here.
Like list_access_token(), request_access_token() requires a request containing the correct parameters. It will return the secret of a newly created token on success.
To delete a token, make a request to this view with the token’s secret set in request.REQUEST['access_token'] and the view will take care of deleting the token for you.