A Django app for REST Authentication using Django Ninja
Project description
Django Ninja Auth
A one stop shop for all your Django-Ninja Authentication needs. Supports REST authentication with Sessions, Auth Tokens and JWTs.
Fully Customisable to suit your needs.
Getting Started
Installation
pip install dj-ninja-auth
Setup
NinjaAPI
-
Create a
api.pyfile in your app directory next to thesettings.pyandurls.pyfiles. -
Add the following lines of code to your
api.pyfrom ninja_extra import NinjaExtraAPI from dj_ninja_auth.controller import NinjaAuthDefaultController api = NinjaExtraAPI() api.register_controllers(NinjaAuthDefaultController)
-
Add the following lines to your
urls.pyfilefrom .api import api urlpatterns = [ path("admin/", admin.site.urls), path("", api.urls) ]
This will give you 5 basic endpoints that are not secured and can be called by anyone. The endpoints are
/auth/login/auth/logout/auth/password/reset/request/auth/password/reset/confirm/auth/password/change
Password Reset Template
Django's default email template requires a password_reset_confirm reverse url that is incompatible with Django Ninja's namespace convention and will throw this error if not handled properly.
As a workaround, it is required that you provide your own email reset template.
You can place it anywhere in your project as long as you link it in your settings.py's TEMPLATES variable.
In my example below, I have put it in the {$project_root}/templates/ directory.
TEMPLATES = [
{
"BACKEND": "django.template.backends.django.DjangoTemplates",
"DIRS": [BASE_DIR / "templates"],
"APP_DIRS": True,
"OPTIONS": { ... },
},
]
In your templates directory, create the following file at templates/registration/password_reset_email.html and minimally add the following.
{% load i18n %}
{% autoescape off %}
{% translate "Please go to the following page and choose a new password:" %}
{% block reset_link %}
http://{YOUR_DOMAIN_HERE}/{YOUR_FRONTEND_PASSWORD_RESET_ENDPOINT}?uid={{ uid }}&token={{ token }}
{% endblock %}
{% endautoescape %}
NOTE: Replace YOUR_DOMAIN_HERE and YOUR_FRONTEND_PASSWORD_RESET_ENDPOINT with values that correspond to your setup.
The uid and token variables have to be passed to the backend for verification before the password can be changed.
Authentication
There are 3 controllers that you can register in your api.py file for your application depending on your authentication needs.
Session
The easiest way to use authentication is to use the Session Authentication.
Note that the csrf=True kwarg has to be passed in to allow Django Ninja to pass CSRF cookies for validation.
You will have to provide your own endpoint to get a CSRF cookie from Ninja.
from ninja.security import django_auth
from dj_ninja_auth.controller import NinjaAuthDefaultController
api = NinjaExtraAPI(auth=[django_auth], csrf=True)
api.register_controllers(NinjaAuthDefaultController)
Token
Since the tokens will be stored in the database, you are required to add the dj_ninja_auth.authtoken app to your INSTALLED_APPS and migrate the database.
from ninja_extra import NinjaExtraAPI
from dj_ninja_auth.authtoken.authentication import AccessTokenAuth
from dj_ninja_auth.authtoken.controller import NinjaAuthTokenController
api = NinjaExtraAPI(auth=[AccessTokenAuth()])
api.register_controllers(NinjaAuthTokenController)
JWT
from ninja_extra import NinjaExtraAPI
from dj_ninja_auth.jwt.authentication import JWTAuth
from dj_ninja_auth.jwt.controller import NinjaAuthJWTController
api = NinjaExtraAPI(auth=[JWTAuth()])
api.register_controllers(NinjaAuthJWTController)
The JWT controller provides 2 additional endpoints for tokens.
/auth/refresh/auth/verify
Customisation
Every aspect of the the Schemas and Controllers can be modified to suit your needs.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
