This is a somewhat simpler alternative to http://www.djangosnippets.org/snippets/243/ that does not return a 401 response. It's meant to be used along with the login_required decorator as an alternative way to authenticate to REST-enabled views.
Usage:
@http_basic_auth
@login_required
def my_view(request):
...
If an HTTP basic auth header is provided, the request will be authenticated before the login_required check happens. Otherwise, the normal redirect to login page occurs.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 | from functools import wraps
def http_basic_auth(func):
@wraps(func)
def _decorator(request, *args, **kwargs):
from django.contrib.auth import authenticate, login
if request.META.has_key('HTTP_AUTHORIZATION'):
authmeth, auth = request.META['HTTP_AUTHORIZATION'].split(' ', 1)
if authmeth.lower() == 'basic':
auth = auth.strip().decode('base64')
username, password = auth.split(':', 1)
user = authenticate(username=username, password=password)
if user:
login(request, user)
return func(request, *args, **kwargs)
return _decorator
|
More like this
- Template tag - list punctuation for a list of items by shapiromatron 9 months, 1 week ago
- JSONRequestMiddleware adds a .json() method to your HttpRequests by cdcarter 9 months, 2 weeks ago
- Serializer factory with Django Rest Framework by julio 1 year, 4 months ago
- Image compression before saving the new model / work with JPG, PNG by Schleidens 1 year, 4 months ago
- Help text hyperlinks by sa2812 1 year, 5 months ago
Comments
?? So if you fail the basic auth popup, it redirects to the web based login? How are REST apps going to like that?
What's wrong with snippet 243?
#
Snippet 243 should definitely be used for REST-only views, there's nothing wrong with it.
The views I am applying this to will be mainly serving HTML to users, and XML/JSON to REST apps if they request it. I don't want normal users getting a 401 (and browser requesting credentials) if they navigate to a page while not logged in. REST apps probably won't like the redirect either, but I'm just more concerned about the experience for humans in this case.
#
If there is no such entry: request.META['HTTP_AUTHORIZATION'] and you use Django on Apache, READ THIS: http://stackoverflow.com/questions/13387516/authorization-header-missing-in-django-rest-framework-is-apache-to-blame Apache in default deletes HTTP_AUTHORIZATION header for CGI.
#
Please login first before commenting.