Elevate provides an extra layer of security beyond initial user authentication. Views can be decorated with @elevate_required
, and then users must re-authenticate to access that resource. This might be useful for deleting objects, canceling subscriptions, and other sensitive operations. After re-authentication, the user has elevated permissions for the duration of ELEVATE_COOKIE_AGE
. This duration is independent of the normal session duration, allowing for short elevated permission durations while still retaining long user sessions.
$ pip install django-elevate
- Django 2.2, 3.2, and 4.0
- Python 3.7 - 3.10
- pypy3