Requires to install "basicauth" package, which does basic-auth header encoding/decoding cleanly according to RFCs. Could be improved to return a "realm" in case of http401, like in https://djangosnippets.org/snippets/1720/, although I'm not sure it's really useful in django usecases.
This decorator is based on user_passes_test, but when a user is logged in and fails the test, it will render a 403 error instead of redirecting to login - only anonymous users will be asked to login. Version working with Django 1.11, based on version found on [https://djangosnippets.org/snippets/254/] , which is deprecated.
This is an example of Django auth with JWT tokens, you can find how to add [jwt auth to Django Rest Framework in this tutorial](https://www.techiediaries.com/django-rest-framework-jwt-tutorial/)
Fixed minimal version, works with Django 1.7+, tested on Django 1.9. Add the following to your settings: AUTHENTICATION_BACKENDS = [ 'project.backends.UserModelEmailBackend', # Login w/ email 'django.contrib.auth.backends.ModelBackend', # Login w/ username ]
Use : `@group_required(('toto', 'titi'))` `def my_view(request):` `...` `@group_required('toto')` `def my_view(request):` `...` Note that group_required() also takes an optional login_url parameter `@group_required('toto', login_url='/loginpage/')` `def my_view(request):` `...` As in the login_required() decorator, login_url defaults to settings.LOGIN_URL. If the raise_exception parameter is given, the decorator will raise PermissionDenied, prompting the 403 (HTTP Forbidden) view instead of redirecting to the login page. Such as https://docs.djangoproject.com/en/1.8/topics/auth/default/#the-permission-required-decorator **Inspired by** : https://github.com/django/django/blob/stable/1.8.x/django/contrib/auth/decorators.py
Yet another authentication by email address. This one is quick and dirty as we are saving email address in both Username and Email fields. For proper way how to deal with it see https://docs.djangoproject.com/en/1.6/topics/auth/customizing/#auth-custom-user
Decorator to preserve view from logged users.
This snippet allows to create user in django auth system without logging in. After this user logs in via Facebook account social user is created and bound to existing user.
1. Create an app and place this in `admin.py`. 2. Add `url(r'^login/$', 'social_auth.views.auth', {'backend': 'google'}, name='login')` to your `urls.py`. 3. Add the app to your `INSTALLED_APPS` after `django.contrib.admin`. 4. Set `USE_SOCIAL_AUTH_AS_ADMIN_LOGIN = True` in your `settings.py`. 5. ... 6. Profit.
Showing a list of logged users using the *user_logged_in* and *user_logged_out* signals. See [login and logout signals](https://docs.djangoproject.com/en/1.4/topics/auth/#login-and-logout-signals) in Django docs.
An "if-style" template tag that checks to see if a user belongs to a one or mores groups (by name). Usage: `{% ifusergroup Admins %} ... {% endifusergroup %} or {% ifusergroup Admins Clients Programmers Managers %} ... {% else %} ... {% endifusergroup %}`
In case you ever use [requests](http://python-requests.org/) (or [slumber](http://slumber.in/)) to do requests against a Tastypie API that requires API key authentication, this small custom auth class will help you. Use it like that (with requests): auth = TastypieApiKeyAuth('jezdez', '25fdd0d9d210acb78b5b845fe8284a3c93630252') response = requests.get('http://api.foo.bar/v1/spam/', auth=auth) or with slumber: auth = TastypieApiKeyAuth('jezdez', '25fdd0d9d210acb78b5b845fe8284a3c93630252') api = slumber.API("http://api.foo.bar/v1/", auth=auth) spam = api.spam().get()
Django-piston have two build-in authentication handlers, the HttpBasicAuthentication and OAuthAuthentication. This snippet give another choice which use the django auth. It can support ajax and normal request.
Sometimes I don't want to reveal a staff-only view so I created this decorator, using ``django.contrib.admin.views.decorators.staff_member_required`` as my boilerplate. Non staff members are kicked to the 404 curb. Suggestion: Create a file, ``decorators.py`` in your project (or single app) and import like so: ``from myproject.app_name.decorators import staff_or_404``.
Model backend that enables permissions for AnonymusUsers. I wanted it to be as simple as possible so anonymous users just forward their permission checks to some fixed user model. This instance can be edited via django admin, assigned to groups, etc. To control which user will represent anonymous user you use ANONYMOUS_USER_NAME setting in settings file. To provide some sensible level of security i enforce following for user that represents anonymous user: * This user must have password equal to UNUSABLE_PASSWORD * This user may not log in * You cant cange password for this user via admin. You need to enable this backend by setting AUTHENTICATION_BACKENDS. Please note that you should not place this backend alongside django ModelBackend. This backend inherits from it.
64 snippets posted so far.