Login

HTTP (basic) auth enabled (new-style) syndication framework feed class

Author:
hupf
Posted:
December 16, 2010
Language:
Python
Version:
1.2
Score:
2 (after 2 ratings)

This snipped provides a subclass of the syndication Feed class that supports HTTP authentication (basic auth). Feeds that should support authentication can inherit from this class instead from the Feed class. It is basically the implementation of Snippet #243 ported to the new-style syndication framework feeds (for which decorators don't work).

Usage:

class ArticleFeed(HTTPAuthFeed):
    def items(self, obj):
        return Article.objects.all().order_by('-created')[:10]

    def item_title(self, item):
        return item.title

    def item_description(self, item):
        return item.description
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
from django.contrib.auth import authenticate, login
from django.contrib.syndication.views import Feed
from django.http import HttpResponse
import base64

class HTTPAuthFeed(Feed):
    basic_auth_realm = 'My Page'
    
    def __call__(self, request, *args, **kwargs):
        # HTTP auth check inspired by http://djangosnippets.org/snippets/243/
        if request.user.is_authenticated():
            # already logged in
            return super(HTTPAuthFeed, self).__call__(request, *args, **kwargs)
    
        # check HTTP auth credentials
        if 'HTTP_AUTHORIZATION' in request.META:
            auth = request.META['HTTP_AUTHORIZATION'].split()
            if len(auth) == 2:
                # only basic auth is supported
                if auth[0].lower() == "basic":
                    uname, passwd = base64.b64decode(auth[1]).split(':')
                    user = authenticate(username=uname, password=passwd)
                    if user is not None:
                        if user.is_active:
                            login(request, user)
                            request.user = user
                            return super(HTTPAuthFeed, self).__call__(request, *args, **kwargs)
        
        # missing auth header or failed authentication results in 401
        response = HttpResponse()
        response.status_code = 401
        response['WWW-Authenticate'] = 'Basic realm="%s"' % self.basic_auth_realm
        return response

More like this

  1. Template tag - list punctuation for a list of items by shapiromatron 11 months, 2 weeks ago
  2. JSONRequestMiddleware adds a .json() method to your HttpRequests by cdcarter 11 months, 3 weeks ago
  3. Serializer factory with Django Rest Framework by julio 1 year, 6 months ago
  4. Image compression before saving the new model / work with JPG, PNG by Schleidens 1 year, 7 months ago
  5. Help text hyperlinks by sa2812 1 year, 7 months ago

Comments

Please login first before commenting.