User profile management app
Project description
django-sso-app
User profile management app built upon django-allauth library and cookiecutter-django as scaffold. Optionally integrates with kong API gateway.
(This is alpha software and is under heavy development)
Tech
Design decisions
- After login both JWT and Session Token will be sent to the requesting browser
- Single e-mail address for each user
- Django staff users (is_staff and is_superuser) must login through django admin view
- User logout on password change
- New users username is set to email
- While profile completed_at is None user can update username
- When apigateway is enabled, users with completed_at set to None are on "incomplete" group
- User login on email confirmation
Available configurations (Shapes)
-
Backend only:
Users profile informations are saved into django project with django-sso-app installed.
DJANGO_SSO_APP_SHAPE = 'backend_only' DJANGO_SSO_APP_BACKEND_DOMAINS = ['1.accounts.domain', ...]
-
Backend + Api Gateway
As point 1 but with an api gateway (i.e. kong) proxying authenticated requests to backend. By logging in the client receives a JWT crafted by backend with the api gateway generated secret.
DJANGO_SSO_APP_SHAPE = 'backend_only_apigateway' DJANGO_SSO_APP_BACKEND_DOMAINS = ['1.accounts.domain', ...] DJANGO_SSO_APP_APIGATEWAY_HOST = 'kong'
-
Backend + App
User profile informations are saved into a django-sso-app instance, all protected django projects have django-sso-app installed and configured to authenticate users by django-sso-app generated JWT. By logging in the client receives a JWT crafted by backend.
# Backend config DJANGO_SSO_APP_SHAPE = 'backend_app' DJANGO_SSO_APP_BACKEND_DOMAINS = ['1.accounts.domain', ..] # App config DJANGO_SSO_APP_SHAPE = 'app' DJANGO_SSO_APP_BACKEND_DOMAINS = ['1.accounts.domain', ...]
-
Backend + App + Persistence
As point 3 but protected projects keep user profiles aligned with django-sso-app instance.
# Backend config DJANGO_SSO_APP_SHAPE = 'backend_app' DJANGO_SSO_APP_BACKEND_DOMAINS = ['1.accounts.domain', ...] # App config DJANGO_SSO_APP_SHAPE = 'app_persistence' DJANGO_SSO_APP_BACKEND_DOMAINS = ['1.accounts.domain', ...]
-
Backend + App + Api Gateway
As point 3 but with an api gateway proxying authenticated requests to django projects.
Protected projects authenticate users by the X-Consumer-Username header set by api gateway. By logging in the client receives a JWT crafted by backend with the api gateway generated secret. All requests to protected services are authenticated by the JWT included in cookie (or header).
# Backend config DJANGO_SSO_APP_SHAPE = 'backend_app_apigateway' DJANGO_SSO_APP_BACKEND_DOMAINS = ['1.accounts.domain', ...] DJANGO_SSO_APP_APIGATEWAY_HOST = 'http://kong:8001' # App config DJANGO_SSO_APP_SHAPE = 'app_apigateway' DJANGO_SSO_APP_BACKEND_DOMAINS = ['1.accounts.domain', ...]
-
Backend + App + Persistence + Api Gateway
As point 5 but protected projects keep user profiles aligned with django-sso-app instance.
# Backend config DJANGO_SSO_APP_SHAPE = 'backend_app_apigateway' DJANGO_SSO_APP_BACKEND_DOMAINS = ['1.accounts.domain', ...] DJANGO_SSO_APP_APIGATEWAY_HOST = 'http://kong:8001' # App config DJANGO_SSO_APP_SHAPE = 'app_persistence_apigateway' DJANGO_SSO_APP_BACKEND_DOMAINS = ['1.accounts.domain', ...]
Note
Seamless switch between aforementioned configurations is mandatory in order to simplify scaling.
Setup
Config vars
Required
-
APP_DOMAIN
i.e. accounts.example.com (default='localhost:8000')
-
DJANGO_SSO_APP_SHAPE
One of backend_only, backend_only_apigateway, backend_app, app, app_persistence, app_apigateway, app_persistence_apigateway (default='backend_only').
Custom (Shape related)
-
COOKIE_DOMAIN
JWT cookie domain (default=APP_DOMAIN)
-
I18N_PATH_ENABLED
Enables i18n paths (default=True)
-
DJANGO_SSO_APP_APIGATEWAY_HOST
Api gateway instance url (default='http://kong:8001')
-
DJANGO_SSO_APP_BACKEND_CUSTOM_FRONTEND_APP
Custom frontend package (default=None)
-
DJANGO_SSO_APP_BACKEND_DOMAINS
List of backend domains (default=[APP_DOMAIN])
Behaviours
-
DJANGO_SSO_APP_LOGOUT_DELETES_ALL_PROFILE_DEVICES
Either delete or not other profile devices on logout (default=True)
Django
backend.users.models
from django.contrib.auth.models import AbstractUser
from django_sso_app.core.apps.users.models import DjangoSsoAppUserModelMixin
class User(AbstractUser, DjangoSsoAppUserModelMixin):
pass
backend.users.forms
from django_sso_app.backend.users.forms import (UserCreationForm as DjangoSsoAppUserCreationForm,
UserChangeForm as DjangoSsoAppUserChangeForm)
class UserChangeForm(DjangoSsoAppUserChangeForm):
pass
class UserCreationForm(DjangoSsoAppUserCreationForm):
pass
backend.users.admin
from django.contrib import admin
from django.contrib.auth import get_user_model
from django_sso_app.core.apps.users.admin import UserAdmin
User = get_user_model()
admin.site.register(User, UserAdmin)
settings.py
from django_sso_app.settings import *
DJANGO_SSO_APP_SHAPE = env('DJANGO_SSO_APP_SHAPE', default='backend_only')
DJANGO_SSO_APP_APIGATEWAY_HOST = env('DJANGO_SSO_APP_APIGATEWAY_HOST', default='kong')
BACKEND_CUSTOM_FRONTEND_APP = env('BACKEND_CUSTOM_FRONTEND_APP', default=None)
LOCAL_APPS = ["backend.users.apps.UsersConfig"] # ...
LOCAL_APPS += DJANGO_SSO_APP_DJANGO_APPS
MIDDLEWARE = [
...
'django_sso_app.core.authentication.backends.DjangoSsoAppLoginAuthenticationBackend',
'django_sso_app.core.authentication.middleware.DjangoSsoAppAuthenticationMiddleware',
...
]
AUTHENTICATION_BACKENDS = [
'django.contrib.auth.backends.ModelBackend',
] + DJANGO_SSO_APP_DJANGO_AUTHENTICATION_BACKENDS
AUTH_USER_MODEL = 'users.User'
LOGIN_URL = '/login/'
DRF_DEFAULT_AUTHENTICATION_CLASSES = [
'rest_framework.authentication.TokenAuthentication'
'django_sso_app.core.api.authentication.DjangoSsoApiAuthentication'
]
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': DRF_DEFAULT_AUTHENTICATION_CLASSES,
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAuthenticated',
),
}
urls.py
urlpatterns = []
api_urlpatterns = []
_I18N_URLPATTERNS = []
from django_sso_app.urls import (urlpatterns as django_sso_app__urlpatterns,
api_urlpatterns as django_sso_app__api_urlpatterns,
i18n_urlpatterns as django_sso_app_i18n_urlpatterns)
from django_sso_app.core.mixins import WebpackBuiltTemplateViewMixin
urlpatterns += django_sso_app__urlpatterns
api_urlpatterns += django_sso_app__api_urlpatterns
_I18N_URLPATTERNS += django_sso_app_i18n_urlpatterns
urlpatterns += [
url(r'^i18n/', include('django.conf.urls.i18n')),
url(r'^jsi18n/$', ...
]
_I18N_URLPATTERNS += [
path('', WebpackBuiltTemplateViewMixin.as_view(template_name='pages/home.html'), name='home'),
path('about/', WebpackBuiltTemplateViewMixin.as_view(template_name='pages/about.html'), name='about'),
# Django Admin, use {% url 'admin:index' %}
path(settings.ADMIN_URL, admin.site.urls),
]
if settings.I18N_PATH_ENABLED:
urlpatterns += i18n_patterns(
*_I18N_URLPATTERNS
)
else:
urlpatterns += _I18N_URLPATTERNS
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file django-sso-app-0.8.11.tar.gz
.
File metadata
- Download URL: django-sso-app-0.8.11.tar.gz
- Upload date:
- Size: 223.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.2.0 pkginfo/1.6.1 requests/2.25.0 setuptools/51.0.0 requests-toolbelt/0.9.1 tqdm/4.54.1 CPython/3.8.5
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 028774fced300c1e23ffebc5b9d85f2ec24ef359d7711998bffedf33f05af17a |
|
MD5 | 139e62f574a67e1b6292400d1bcd9b17 |
|
BLAKE2b-256 | 8bf7a6b42907d58a2f3de211c5681e216ed2fd644ed9ce347c18ccf99ab6709d |
File details
Details for the file django_sso_app-0.8.11-py2.py3-none-any.whl
.
File metadata
- Download URL: django_sso_app-0.8.11-py2.py3-none-any.whl
- Upload date:
- Size: 291.5 kB
- Tags: Python 2, Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.2.0 pkginfo/1.6.1 requests/2.25.0 setuptools/51.0.0 requests-toolbelt/0.9.1 tqdm/4.54.1 CPython/3.8.5
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 29efecb9271d96b7b748dc23d360bf05f42d0badfad1f1d393ad28470d383ec7 |
|
MD5 | 4145d80d893ebad82e36df4dba69a865 |
|
BLAKE2b-256 | 52b74a856145a2ed6573deb10806ae02e55fedb8e77a74095276e48f8d4013f9 |