Django Simple Api Auth is a Django app to help developers with the Session auth of a rest or graphql api in Django.
Project description
Django Simple Api Auth is a Django app to help developers with the Session auth of a rest or graphql api in Django.
Django Rest Framework
Graphene
Ariadne
Features
Create user
Login
Logout
Social login
Get user data (Me)
Recover user password
Overwrite emails
Overwrite Me fields (Not implemented for ariadne)
Reset password vía API
Overview
You should read about the CSRF protection in django
You have to send X-CSRFToken token in headers
Rest framework disable csrf in views using csrf_exempt, and adding the validation to the SessionAuthentication
Graphene don’t do anything with the csrf validation, so you have to exempt them when it makes sense. You can use the view of this example or create your own. Don’t disable it for all the endpoints.
Quick start
Add django_simple_api_auth and dependencies to your INSTALLED_APPS setting like this:
INSTALLED_APPS = [
...
'rest_framework',
'graphene_django',
'social_django',
'ariadne.contrib.django',
'django_simple_api_auth',
]
Rest framework
You can add the main ViewSet that has all the permissions and features implemented to your router:
router.register(r'users', UserApiViewSet, 'users')
Or you can use mixins to create your own viewset:
class UserCompleteViewSet(UserCreateMixin, UserLoginMixin, UserMeMixin, UserPasswordRecoveryMixin, UserLogoutMixin, UserSocialLoginMixin):
pass
Graphene
You can add the user queries and mutations to your schema:
from django_simple_api_auth.api.graphql.mutations import UsersMutation
from django_simple_api_auth.api.graphql.queries import UserQuery
class Query(UserQuery, graphene.ObjectType):
pass
class Mutation(UsersMutation, graphene.ObjectType):
pass
schema = graphene.Schema(
query=Query,
mutation=Mutation
)
or you can create your own query and mutation:
class UsersMutation(graphene.ObjectType):
user_create = UserCreateMutation.Field()
user_login = UserLoginMutation.Field()
user_social_login = UserSocialLoginMutation.Field()
user_logout = UserLogoutMutation.Field()
user_password_recovery = UserPasswordRecoveryMutation.Field()
user_reset_password = UserResetPasswordMutation.Field()
class UserQuery(ObjectType):
get_me = Field(AuthUserType)
@login_required
def resolve_get_me(self, info, **kwargs):
return info.context.user
Ariadne
You have to add the user queries and mutations to your schema manually:
type Mutation {
userCreate(input: UserCreateMutationInput!): UserCreateMutationPayload
userLogin(input: UserLoginMutationInput!): UserLoginMutationPayload
userLogout(input: UserLogoutMutationInput!): UserLogoutMutationPayload
userPasswordRecovery(input: UserPasswordRecoveryMutationInput!): UserPasswordRecoveryMutationPayload
userResetPassword(input: UserResetPasswordMutationInput!): UserResetPasswordMutationPayload
userSocialLogin(input: UserSocialLoginMutationInput!): UserSocialLoginMutationPayload
}
type Query {
getMe: AuthUserType
}
and then you have to add types and ObjectTypes to your executable schema, for example:
import os
from ariadne import make_executable_schema, gql, load_schema_from_path
import django_simple_api_auth.api.graphql.ariadne
from django_simple_api_auth.api.graphql.ariadne.mutations import mutation as auth_mutations
from django_simple_api_auth.api.graphql.ariadne.queries import query as auth_query
from example.graphqls.ariadne.queries import query
auth_types_graphql_dirname = os.path.dirname(django_simple_api_auth.api.graphql.ariadne.__file__)
auth_mutations_type_defs = gql(load_schema_from_path(f"{auth_types_graphql_dirname}/mutations.graphql"))
auth_queries_type_defs = gql(load_schema_from_path(f"{auth_types_graphql_dirname}/queries.graphql"))
type_defs = gql(load_schema_from_path('./graphqls/ariadne/scheme.graphql'))
type_defs_list = [
auth_mutations_type_defs,
auth_queries_type_defs,
type_defs,
]
schema = make_executable_schema([*type_defs_list], [auth_mutations, auth_query, query])
Create user
User creation is based on BaseUserManager and it manages if you override the USERNAME_FIELD of the user model to use the email field for authentication and login.
Recover user password
By default, email sent to recover user password has a link to ‘s/accounts/reset’. The easiest way of handle this is to use the django admin views but you can overwrite the REMEMBER_PASSWORD_URL to send to another location. If you want to use the default link you have to add admin views to your project:
add to your settings:
REMEMBER_PASSWORD_URL = 'front-endpoint'
add to your views:
path('accounts/', include('django.contrib.auth.urls')),
If you handle de remember password in your frontend, you can use the reset-password endpoint.
Overwrite emails
You can overwrite emails templates adding new templates to your project:
- project_name/
- project_name/
- templates/
emails/
password_recovery/
email.html
subject.txt
manage.py
Overwrite Me fields
You can overwrite default fields that the rest and graphql endpoint returns for an authenticated user updating the ME_FIELDS settings:
ME_FIELDS = ("id", "email",)
this feature can’t be implemented for ariadne because of the schema first approach.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Hashes for django_simple_api_auth-0.0.2.tar.gz
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 926333fa464e4d5ec93eb3ed2c811aad588ca759b2496b7f2a43c35d1116ca8b |
|
| MD5 | e87e9a43773c47863855049ffb8e93db |
|
| BLAKE2b-256 | 146a41828c790cbf05af68301d19708f210580e5700d81e913eee47bbcd22b7d |
Social login
We have the endpoints available to use the social-app-django so read their doc to use it.