Project description

Django Ninja Auth: Use Django authentication infrastructure with Django Ninja

Django Ninja Auth is a small python package that leverages the funcionalities of django.contrib.auth to Django projects that use on the exceptional Django Ninja. It is only intended to provide cookie-based authentication for front-end web applications.

Install

pip install django-ninja-auth.
Add the router to your NinjaAPI. Assuming you created a project according to Django Ninja's tutorial just follow this template in api.py:

from ninja import NinjaAPI
from ninja_auth.api import router as auth_router

api = NinjaAPI()
api.add_router('/auth/', auth_router)

Build the front-end infrastructure to interact with your-api.com/api/auth/ 🚀.

Documentation

If you followed the steps above, everything should be documented in your OpenAPI/Swagger UI under your-api.com/api/docs. No unnecessary documentation here 😎.

CSRF

Unfortunately, Django Ninja will force you to use CSRF protection. It is your responsibility to build a front-end that takes care of this, adding it in the API's schema does not make sense.

If you ask me, I'd just use SESSION_COOKIE_SAMESITE = 'strict' and SESSION_COOKIE_HTTPONLY = True (default) and forget about CSRF attacks. "But there are old browsers that... 😭😭" - If your cookies get stolen because you use Internet Explorer it's not my fault.

Password Reset Email

When you call /api/auth/request_password_reset/ you only need to provide an email address. If the address corresponds to an actual user, Django will send an email to that address with a token to reset the password of the user (of course, you need to configure email sending in your settings.py). By default, the email is built using a horrendous template provided by the django.contrib.admin app. If you are not using such app, Django will complain because the template does not exist. My recommendation is to build your own beautiful template and place it in registration/password_reset_email.html under some of your templates directories. To build that template you can use the following variables:

protocol: usually http or https.
domain: whatever was before /api/auth/request_password_reset/ when the request was made.
uid: the user's id in base64.
user: an object containing data of the user. You can retrieve the username via {{ user.get_username }}.
site_name: your site's name.
token: the reset token

Project details

These details have not been verified by PyPI

Project links

GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Release history Release notifications | RSS feed

This version

0.1.7

Aug 17, 2023

0.1.6

Aug 17, 2023

0.1.5

Oct 12, 2021

0.1.4

Sep 6, 2021

0.1.3

Sep 3, 2021

0.1.2

Jul 30, 2021

0.1.1

Jul 22, 2021

0.1.0

Jul 22, 2021

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

django_ninja_auth-0.1.7.tar.gz (3.9 kB view hashes)

Uploaded Aug 17, 2023 Source

Built Distribution

django_ninja_auth-0.1.7-py3-none-any.whl (4.4 kB view hashes)

Uploaded Aug 17, 2023 Python 3

Hashes for django_ninja_auth-0.1.7.tar.gz

Hashes for django_ninja_auth-0.1.7.tar.gz
Algorithm	Hash digest
SHA256	`63476b586f1dd6dc4bb76c7570114fde70cee6b47012db476cf29579a3260967`
MD5	`abc2de1e5f556d9c7a2c9a44b9739671`
BLAKE2b-256	`673938dd13c270818542f3f08f424ebea6c29c2fbdeab50434ad59cfbad89050`

Hashes for django_ninja_auth-0.1.7-py3-none-any.whl

Hashes for django_ninja_auth-0.1.7-py3-none-any.whl
Algorithm	Hash digest
SHA256	`98f920fec4105682084273bd63161f50b7e6ef85ab73d93dce79622e6d7e5379`
MD5	`5758f356ce1dcebb88edaac210b5d5b5`
BLAKE2b-256	`483c2948ba0d2ecb2a6a597f6d4358d7137b12f4c0c51badfc452cb9706af19e`