djangorestframework-digestauth

Release 1.1.0

Digest HTTP auth support for Django REST framework

Homepage Repository PyPI Python

Keywords
digest-authentication, django, django-rest-framework
License
BSD-3-Clause
Install
pip install djangorestframework-digestauth==1.1.0

Documentation

Django Rest Framework DigestAuth

Build Status Pypi Package Downloads

Overview

This package provides Digest Access Authentication support for Django REST framework.

HTTP Digest requires the server to be able to calculate a hash over the user's username, password, and your realm. Since django.contrib.auth only stores a hash of the user's password, this cannot be used to authenticate HTTP Digest sessions. This package authenticates the session against the token provided by TokenAuthentication.

Installation

Install using pip, including any optional packages you want...

$ pip install djangorestframework-digestauth

...or clone the project from github.

$ git clone git@juanriaza/django-rest-framework-digestauth.git
$ cd django-rest-framework-digestauth
$ pip install -r requirements.txt

How to use it?

Check that TokenAuthentication is correctly installed.

This package provides the following authentication scheme:

  • rest_framework_digestauth.authentication.DigestAuthentication.

Follow the docs to set the authentication scheme and you're all done.

Customization

By default server-side state (specifically, the client's counter value) is stored in the database via the DigestAuthCounter model, and the "password" value is stored via Django Rest Framework's TokenAuthentication backend. Both of these things can be changed with a custom backend class. You might want to do this if you don't like the performance characteristics of storing this kind thing in your default database.

In order to do this, you should subclass AbstractDigestBackend, which has 3 methods and 1 property.

user - This property contains the user instance for the user attempting to authenticate. Please note that this user is not currently authenticated at this point.

get_password() - This should return a plain text password, or something that can be used in it's place, such as a token. Exactly what is used and how it's generated must be pre-negotiated with all clients.

get_counter(server_nonce, client_nonce) - This should return an integer, which should be equal to the last call to set_counter or None if there was not previously a counter set.

set_counter(server_nonce, client_nonce, counter) - This method should store the counter, to be returned at a later date when get_counter is called.

Once you've implimented a new backend, you can use it with the DIGESTAUTH_BACKEND setting.

DIGESTAUTH_BACKEND = 'myapp.backends.MyDigestBackend'

Running the tests

To run the tests against the current environment:

$ ./manage.py test rest_framework_digestauth

Changelog

1.1.0

31th Jan 2014

  • Added Python 3 support (thanks to @defrex).

1.0.0

1st Feb 2012

  • First release.

Stats

Dependencies
0
Dependent packages
0
Dependent repositories
0
Total releases
2
Latest release
First release
Stars
32
Forks
18
Watchers
2
Contributors
4
Repository size
311 KB
SourceRank
11

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

1.1.0
0.5.0

Contributors

Juan Riaza Aron Jones inscrutablemike Loic Raucy


See all contributors

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2021-12-15 14:55:10 UTC

Login to resync this project