Django authorization views adapted to django-ninja
Project description
Django Ninja Auth: Use Django authentication infrastructure with Django Ninja
Django Ninja Auth is a small python package that leverages the funcionalities of django.contrib.auth to Django projects that use on the exceptional Django Ninja. It is only intended to provide cookie-based authentication for front-end web applications.
Install
pip install django-ninja-auth.- Add the router to your
NinjaAPI. Assuming you created a project according to Django Ninja's tutorial just follow this template inapi.py:
from ninja import NinjaAPI
from ninja_auth.api import router as auth_router
api = NinjaAPI()
api.add_router('/auth/', auth_router)
- Build the front-end infrastructure to interact with
your-api.com/api/auth/🚀.
Documentation
If you followed the steps above, everything should be documented in your OpenAPI/Swagger UI under your-api.com/api/docs. No unnecessary documentation here 😎.
CSRF
Unfortunately, Django Ninja will force you to use CSRF protection. It is your responsibility to build a front-end that takes care of this, adding it in the API's schema does not make sense.
If you ask me, I'd just use SESSION_COOKIE_SAMESITE = 'strict' and SESSION_COOKIE_HTTPONLY = True (default) and forget about CSRF attacks. "But there are old browsers that... 😭😭" - If your cookies get stolen because you use Internet Explorer it's not my fault.
Password Reset Email
When you call /api/auth/request_password_reset/ you only need to provide an email address. If the address corresponds to an actual user, Django will send an email to that address with a token to reset the password of the user (of course, you need to configure email sending in your settings.py). By default, the email is built using a horrendous template provided by the django.contrib.admin app. If you are not using such app, Django will complain because the template does not exist. My recommendation is to build your own beautiful template and place it in registration/password_reset_email.html under some of your templates directories. To build that template you can use the following variables:
protocol: usuallyhttporhttps.domain: whatever was before/api/auth/request_password_reset/when the request was made.uid: the user's id in base64.user: an object containing data of the user. You can retrieve the username via{{ user.get_username }}.site_name: your site's name.token: the reset token
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file django_ninja_auth-0.1.7.tar.gz.
File metadata
- Download URL: django_ninja_auth-0.1.7.tar.gz
- Upload date:
- Size: 3.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.3.2 CPython/3.11.4 Linux/6.2.0-27-generic
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 63476b586f1dd6dc4bb76c7570114fde70cee6b47012db476cf29579a3260967 |
|
| MD5 | abc2de1e5f556d9c7a2c9a44b9739671 |
|
| BLAKE2b-256 | 673938dd13c270818542f3f08f424ebea6c29c2fbdeab50434ad59cfbad89050 |
File details
Details for the file django_ninja_auth-0.1.7-py3-none-any.whl.
File metadata
- Download URL: django_ninja_auth-0.1.7-py3-none-any.whl
- Upload date:
- Size: 4.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.3.2 CPython/3.11.4 Linux/6.2.0-27-generic
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 98f920fec4105682084273bd63161f50b7e6ef85ab73d93dce79622e6d7e5379 |
|
| MD5 | 5758f356ce1dcebb88edaac210b5d5b5 |
|
| BLAKE2b-256 | 483c2948ba0d2ecb2a6a597f6d4358d7137b12f4c0c51badfc452cb9706af19e |
