Skip to main content

A simple way to use Custom authentication in django application. for dsm

Project description

Djagno DSM Authentication

Requirements

  • python >= 3.6
  • django >= 2.0
  • social-auth-app-django
  • djangorestframework-simplejwt

Installation

pip install dsm-django-socialauth

Usage

Prerequisite

  • must be PROTOCOL://HOST/oauth/complete/dsmauth/

note: Callback URL must be same with decarelation in urls.py

in this example use http://127.0.0.1/oauth/complete/dsmauth/

in setting.py

INSTALLED_APPS = [
    'dsmauth', # must be top of installed app
    ...
    'social_django',
    'rest_framework', # optional for use /authen/api/account/me/
    ...
]

add authentication backend in setting.py

AUTHENTICATION_BACKENDS = [
    ...
    'django.contrib.auth.backends.ModelBackend',
    'dsmauth.backend.dsmOAuth2',
    ...
]

set client id and client secret in setting.py

SOCIAL_AUTH_DSMAUTH_KEY = '<client_id>'
SOCIAL_AUTH_DSMAUTH_SECRET = '<client_secret>'

Sample SOCIAL_AUTH_PIPELINE

SOCIAL_AUTH_PIPELINE = [ 
    'social_core.pipeline.social_auth.social_details',
    'social_core.pipeline.social_auth.social_uid',
    'social_core.pipeline.social_auth.social_user',
    'social_core.pipeline.user.get_username',
    'social_core.pipeline.user.create_user',
    'social_core.pipeline.social_auth.associate_user',
    'social_core.pipeline.social_auth.load_extra_data',
    'social_core.pipeline.user.user_details',
    'social_core.pipeline.social_auth.associate_by_email',
]

Add login redirect

LOGIN_REDIRECT_URL='<path to redirect>'

Setauth server name and url

OAUTH_DSM_SERVER_BASEURL = 'oauth.data.storemesh.com'
BASE_BACKEND_URL = '<backend domain> eg http://localhost:8000'

(optional) If use in internal ip address for DSM VMs

OAUTH_DSM_SCHEME = "<http or https>"
OAUTH_INTERNAL_IP = "<internal oauth provider ip address>"

add setting authen via simple jwt

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': [
        'rest_framework_simplejwt.authentication.JWTAuthentication',
        'rest_framework.authentication.SessionAuthentication',
        'rest_framework.authentication.BasicAuthentication',
    ],
}

from datetime import timedelta
SIMPLE_JWT = {
    'ACCESS_TOKEN_LIFETIME': timedelta(hours=1),
    'REFRESH_TOKEN_LIFETIME': timedelta(days=1),
    'ROTATE_REFRESH_TOKENS': False,
    'BLACKLIST_AFTER_ROTATION': True,

    'ALGORITHM': 'HS256',
    'SIGNING_KEY': SECRET_KEY,
    'VERIFYING_KEY': None,
    'AUDIENCE': None,
    'ISSUER': None,

    'AUTH_HEADER_TYPES': ('Bearer',),
    'USER_ID_FIELD': 'id',
    'USER_ID_CLAIM': 'user_id',

    'UPDATE_LAST_LOGIN':True
}

See more detail about social-app-django in (https://github.com/python-social-auth/social-app-django)

in urls.py

from django.urls import path, include
from dsmauth.complete import complete

urlpatterns = [
    ...
    path('oauth/complete/<str:backend>/', complete, name='complete'),
    path('oauth/', include('social_django.urls', namespace='social')),
    path('authen/', include('dsmauth.urls'))

    ...
]

in template

  • template
    ...
        <a href="{% url 'social:begin' 'dsmauth' %}">Login with DSM</a>
        <a href="{% url 'logout' %}"> LOGOUT</a>
    ...
  • signin with next
    ...
    <a 
        href="{% url 'social:begin' 'dsmauth' %}?next={{ request.scheme }}://{{ request.get_host }}{% url 'admin:index' %}"
    >
        Login with dsm
    </a> 
    ...

If use backend-frontend (Client Site Render)

can use authentication with JWT

in settings.py

BASE_FRONTEND_URL='http://localhost:3000/'

Authentication step

  1. frontend href to <BACKEND_URL>/oauth/login/dsmauth
    • optional <BACKEND_URL>/oauth/login/dsmauth/?callback=<FRONTEND_URI>
      • FRONTEND_URI : domain frontend or localhost:xxxx
      • default: use in backend settings BASE_FRONTEND_URL and BASE_BACKEND_URL
  2. backend authentication with oauth server
  3. if authen complete backend callback to frontend <BASE_FRONTEND_URL>/callback?token=<REFRESH_TOKEN>
  • note BASE_FRONTEND_URL in backend/settings.py previous step
  1. frontend request access token with refresh token via

    • request
    [POST] : <BACKEND_URL>/authen/token/refresh/
    body : {
        "refresh" : "<REFRESH_TOKEN IN STEP 3>"
    }
    
    • reponse
    {
        "access": "eyJ0eXAiOiJKV1Qi...ifZOpwg"
    }
    
  2. frontend collect access(access token) for request api

How to use

  • request to backend
URL : <BACKEND>/api/xxx
HEADER : {
    'Authorization': "Bearer <ACCESS_TOKEN>"
}

logout / sign out

  • logout href to <BACKEND_URL>/authen/logout/
    • optional <BACKEND_URL>/authen/logout/?callback=<FRONTEND_URI>
      • FRONTEND_URI : domain frontend or localhost:xxxx
      • default: use in backend settings BASE_FRONTEND_URL and BASE_BACKEND_URL

Optional setup log

add settings in settings.py

MIDDLEWARE = [
    ...
    'dsmauth.middleware.LogHeaderMiddleware',
    ...
]

it's can get log in response header

  • X-Username : (string) username ex mike
  • X-Error : (string) short traceback python exception ex
    File /backend/searchapp/views.py, line 6, in error
    i = 10/0
    ZeroDivisionError: division by zero
    

Optional use JWT middleware

MIDDLEWARE = [
    ...
    'dsmauth.middleware.JWTauthenticationMiddleware',
    ...
]

if pass jwt token in header can use request.user

SignIn Admin via Oauth

  • edit urls.py
...
admin.site.login_template = 'admin/custom-login.html'
admin.site.index_template = 'admin/custom-index.html'
admin.site.site_title = "<PROJECT NAME>"
admin.site.site_header = "<PROJECT NAME>"
...

Get user info

[GET]: <BASE_URI>/authen/api/account/me/

{
    "id": 1,
    "user": "system_admin",
    "is_staff": true,
    "is_superuser": true,
    "first_name": "system",
    "last_name": "admin",
    "email": "system_admin@email.com",
    "image": null,
    "role": [
        {
            "name": "DataUser"
        },
        {
            "name": "SystemAdmin"
        }
    ],
    "permission": [
        3,
        7
    ]
}

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

dsm-django-socialauth-1.0.33.tar.gz (13.2 kB view hashes)

Uploaded Source

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page