Datasette plugin for authenticating access using passwords
Project description
datasette-auth-passwords
Datasette plugin for authenticating access using passwords
Installation
Install this plugin in the same environment as Datasette.
$ pip install datasette-auth-passwords
Demo
A demo of this plugin is running at https://datasette-auth-passwords-demo.datasette.io/
The demo is configured to show the public.db
database to everyone, but the private.db
database only to logged in users.
You can log in at https://datasette-auth-passwords-demo.datasette.io/-/login with username root
and password password!
.
Usage
This plugin works based on a list of username/password accounts that are hard-coded into the plugin configuration.
First, you'll need to create a password hash. You can do this using the tool located at /-/password-tool
when the plugin is installed, or you can try use the hosted version of that tool at https://datasette-auth-passwords-demo.datasette.io/-/password-tool
Now add the following to your metadata.json
:
{
"plugins": {
"datasette-auth-passwords": {
"someusername_password_hash": {
"$env": "PASSWORD_HASH_1"
}
}
}
}
The password hash can now be specified in an environment variable when you run Datasette. You can do that like so:
PASSWORD_HASH_1='pbkdf2_sha256$...' \
datasette -m metadata.json
Be sure to use single quotes here otherwise the $
symbols in the password hash may be incorrectly interpreted by your shell.
You will now be able to log in to your instance using the form at /-/login
with someusername
as the username and the password that you used to create your hash as the password.
You can include as many accounts as you like in the configuration, each with different usernames.
Specifying actors
By default, a logged in user will result in an actor block that just contains their username:
{
"id": "someusername"
}
You can customize the actor that will be used for a username by including an "actors"
configuration block, like this:
{
"plugins": {
"datasette-auth-passwords": {
"someusername_password_hash": {
"$env": "PASSWORD_HASH_1"
},
"actors": {
"someusername": {
"id": "someusername",
"name": "Some user"
}
}
}
}
}
Using with datasette publish
If you are publishing data using a datasette publish command you can use the --plugin-secret
option to securely configure your password hashes (see secret configuration values).
You would run the command something like this:
datasette publish cloudrun mydatabase.db \
--install datasette-auth-passwords \
--plugin-secret datasette-auth-passwords root_password_hash 'pbkdf2_sha256$...' \
--service datasette-auth-passwords-demo
This will allow you to log in as username root
using the password that you used to create the hash.
Development
To set up this plugin locally, first checkout the code. Then create a new virtual environment:
cd datasette-auth-passwords
python3 -mvenv venv
source venv/bin/activate
Or if you are using pipenv
:
pipenv shell
Now install the dependencies and tests:
pip install -e '.[test]'
To run the tests:
pytest
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for datasette-auth-passwords-0.3.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 453f7ab5831dc7b1c472b33f251b8892cc6400938f581f7e5679a63a0823a812 |
|
MD5 | 6be3d5dd92aff1060acbfaa8f427a2b2 |
|
BLAKE2b-256 | 2e8413b44e4929a4bf6b7dbe9afbc03909872e9a521d6b5f98729b1b6b1492c6 |
Hashes for datasette_auth_passwords-0.3-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | b3a4d4cee5a98d5a9b7709346a7398075fd4346823aec4910c9808676f8b1031 |
|
MD5 | 0b4465c8710f5539d1194e677c805fd3 |
|
BLAKE2b-256 | dc89eea8b738e8c905525efbd9b60860083c033124ca601e4861199f39f867a0 |