mirror of
https://github.com/encode/django-rest-framework.git
synced 2024-11-30 05:24:00 +03:00
74 lines
3.3 KiB
Python
74 lines
3.3 KiB
Python
"""The :mod:`authenticators` modules provides for pluggable authentication behaviour.
|
|
|
|
Authentication behaviour is provided by adding the mixin class :class:`AuthenticatorMixin` to a :class:`.Resource` or Django :class:`View` class.
|
|
|
|
The set of authenticators which are use is then specified by setting the :attr:`authenticators` attribute on the class, and listing a set of authenticator classes.
|
|
"""
|
|
from django.contrib.auth import authenticate
|
|
from django.middleware.csrf import CsrfViewMiddleware
|
|
from djangorestframework.utils import as_tuple
|
|
import base64
|
|
|
|
|
|
class BaseAuthenticator(object):
|
|
"""All authenticators should extend BaseAuthenticator."""
|
|
|
|
def __init__(self, mixin):
|
|
"""Initialise the authenticator with the mixin instance as state,
|
|
in case the authenticator needs to access any metadata on the mixin object."""
|
|
self.mixin = mixin
|
|
|
|
def authenticate(self, request):
|
|
"""Authenticate the request and return the authentication context or None.
|
|
|
|
An authentication context might be something as simple as a User object, or it might
|
|
be some more complicated token, for example authentication tokens which are signed
|
|
against a particular set of permissions for a given user, over a given timeframe.
|
|
|
|
The default permission checking on Resource will use the allowed_methods attribute
|
|
for permissions if the authentication context is not None, and use anon_allowed_methods otherwise.
|
|
|
|
The authentication context is passed to the method calls eg Resource.get(request, auth) in order to
|
|
allow them to apply any more fine grained permission checking at the point the response is being generated.
|
|
|
|
This function must be overridden to be implemented."""
|
|
return None
|
|
|
|
|
|
class BasicAuthenticator(BaseAuthenticator):
|
|
"""Use HTTP Basic authentication"""
|
|
def authenticate(self, request):
|
|
from django.utils.encoding import smart_unicode, DjangoUnicodeDecodeError
|
|
|
|
if 'HTTP_AUTHORIZATION' in request.META:
|
|
auth = request.META['HTTP_AUTHORIZATION'].split()
|
|
if len(auth) == 2 and auth[0].lower() == "basic":
|
|
try:
|
|
auth_parts = base64.b64decode(auth[1]).partition(':')
|
|
except TypeError:
|
|
return None
|
|
|
|
try:
|
|
uname, passwd = smart_unicode(auth_parts[0]), smart_unicode(auth_parts[2])
|
|
except DjangoUnicodeDecodeError:
|
|
return None
|
|
|
|
user = authenticate(username=uname, password=passwd)
|
|
if user is not None and user.is_active:
|
|
return user
|
|
return None
|
|
|
|
|
|
class UserLoggedInAuthenticator(BaseAuthenticator):
|
|
"""Use Djagno's built-in request session for authentication."""
|
|
def authenticate(self, request):
|
|
if getattr(request, 'user', None) and request.user.is_active:
|
|
# Temporarily request.POST with .RAW_CONTENT, so that we use our more generic request parsing
|
|
request._post = self.mixin.RAW_CONTENT
|
|
resp = CsrfViewMiddleware().process_view(request, None, (), {})
|
|
del(request._post)
|
|
if resp is None: # csrf passed
|
|
return request.user
|
|
return None
|
|
|