django-auth-http-basic

Release 20191020.0

Django authentication based based on HTTP basic authentication

Homepage PyPI Python

Keywords
authentication, django, http, basic, auth
License
MulanPSL-2.0
Install
pip install django-auth-http-basic==20191020.0

Documentation

Django HTTP Basic Authentication Backend

Description

This module provides the client side for a HTTP Basic Authentication provider to allow authentication for a Django application. It must be installed as a Django authentication backend.

This allows to authenticate your Django application with the help of a web server that already provides HTTP Basic Authentication, as it is described in RFC2617. Web servers, such as Apache or Nginx, can easily be configured to adapt complex authentication scenarios, e.g. authentication via a combination of LDAP and manual filters. Your Django project is now able to utilize such a configuration.

Installation

Add this module to your setup.py and/or to requirements.txt file:

# ...
django-auth-http-basic
# ...

You need at least Django >= 1.10.

Configuration

In your settings.py file, you must add/set the variable AUTHENTICATION_BACKENDS so that it includes the authentication backend, e.g.:

AUTHENTICATION_BACKENDS = ['django_auth_http_basic.HttpBasicAuthBackend']

In addition, you must specify an URL that provides HTTP Basic Authentication by providing a value for the variable HTTP_BASIC_AUTH_URL in your settings.py file, e.g.:

HTTP_BASIC_AUTH_URL = 'https://example.com/auth'

As long as the web services conforms to HTTP Basic Authentication, it could be used as an authentication backend. Since HTTP Basic Authentication transports user name and password in clear text, you should access it via HTTPS. If the web server is on your local host, you might use unencrypted HTTP.

The web server is expected to return a 401 response, if no user name and/or no password is provided. It must return a 2xx response if the user is authenticated, and a 403 response if the user is not authenticated. Currently, every response code except 2xx will be interpreted as a failed authentication. Most web servers conform to this rule. However, you are free to implement your own authenticating web server.

For testing purposes, HTTP_BASIC_AUTH_URL can be set to None. In this case no web server will be contacted, every user will be authenticated. Please be sure to change HTTP_BASIC_AUTH_URL to a valid URL for production code.

If you don't set the variable HTTP_BASIC_AUTH_URL to any value, no user will be authenticated. In this case, an error message will be sent to the logger named django-auth-http-basic.

Another (optional) variable you can use in your settings.py is HTTP_BASIC_AUTH_CASE. This value specifies, whether the user name will be handled case-sensitive or case-insensitive in the backend. Its value itself is treated case-insensive. Only its first letter is analysed. If it is a '0', 'f' or 'n', then the user name will be folded to lower-case. If you omit this variable, a value 'yes' is assumed.

Stats

Dependencies
0
Dependent packages
0
Dependent repositories
0
Total releases
14
Latest release
First release
Stars
6
Forks
1
Watchers
1
Contributors
2
Repository size
14.6 KB
SourceRank
7

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

20191020.0
20181221.0
20180508.0
20180405.0
20180404.1
20180404-0
0.0.8
0.0.7
0.0.6
0.0.5
See all 14 releases

Contributors

Detlef Stern dependabot[bot]


See all contributors

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2021-02-14 04:33:48 UTC

Login to resync this project