Skip to content
master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Session Authentication View for Django Rest Framework

Build Status Coverage Status Code Health PyPI version

This package extends Django Rest Framework to add a Session Authentication view , in a similar manner to the obtain_auth_token view. It allows session login and logout in a REST-like manner, ideal if you want to completely decouple a single-page application from your backend.

Whilst the package is quite simple, providing one view and reusing the serializer from the included auth_token app, it is well tested, making it useful for production systems using Django Rest Framework 3.0. The build matrix for testing covers all currently supported versions of Django and their compatible Python versions.

Installation

Grab the package using PIP.

pip install djangorestframework-sav

Add rest_framework_sav to INSTALLED_APPS in settings.py.

INSTALLED_APPS = [
    ...
    'rest_framework_sav',
    ...
]

Make sure Session Authentication is setup correctly.

In your URLconf, add the view to the endpoint you want it at.

from rest_framework_sav.views import session_auth_view

urlpatterns += [
    url(r'^auth-session/$', session_auth_view)
]

In production, make sure to serve this view only over HTTPS.

Usage

To login, send a POST request with username and password fields to the endpoint. Successful attempts will return with HTTP status 200, and a JSON message in the response body.

{'detail': 'Session login successful.'}

The view will call Django's login method if it passes the authenticate method, setting the session cookie on the client, and providing a CSRF token. Unsuccessful attempts will return with HTTP status 400, and a JSON message with more detail in the response body.

To logout, simply send a DELETE request to the endpoint. The view will call Django's logout method, invalidating the current session. Whilst sending a DELETE request without authenticating will not cause an error, session authentication must be used in order to have an effect, and this will require a CSRF token to be sent.

Future enhancements

  • More informative error status codes other than 400.
  • Implement throttle setting.

About

Extends Django Rest Framework to add a Session Authentication Viewpoint.

Resources

License

Packages

No packages published

Languages