Skip to content

dimagi/django-digest

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

91 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Visit http://bitbucket.org/akoha/django-digest/ for further information.

This library facilitates the implementation of HTTP Digest Authentication for Django projects.

It supplies a middleware (HttpDigestMiddleware) that may installed to protect access to all
URLs, a decorator (@httpdigest) that may be applied to selected view functions, and a simple
class (HttpDigestAuthenticator) that can be used to implement custom authentication scenarios.

The following settings may be defined in your Django settings file. Sensible defaults are
provided as well.

DIGEST_ENFORCE_NONCE_COUNT (True):
    Whether the nonce-count supplied by the client is required to increase with each request.
DIGEST_REALM (DJANGO):
    The realm value to use.
DIGEST_NONCE_TIMEOUT_IN_SECONDS (5*60):
    The maximum time between the generation of a nonce and the initiation of a session with
    that nonce.
DIGEST_REQUIRE_AUTHENTICATION (False):
    If True, the middleware will require all requests to be authenticated. Otherwise, the
    middleware only performs authentication after intercepting a 401/403 response from the view.
DIGEST_ACCOUNT_BACKEND ('django_digest.backend.db.AccountStorage'):
    A class responsible for managing access to users and their credentials. Must implement:
      * get_partial_digest(self, username):
            Returns H(username:realm:password) or None
      * get_user(self, username):
            Returns an object representing the specified user, or None. This object will be
	    stored in request.user upon successful authentication.
DIGEST_NONCE_BACKEND ('django_digest.backend.db.NonceStorage')
    A class responsible for managing session information. Must implement:
      * update_existing_nonce(self, user, nonce, nonce_count):
          Called upon successful authentication of the specified user (as returned from the
	  account backend's get_user method) with the specified nonce and nonce_count.
	  If the nonce-count is not being enforced, nonce_count will be None. This method should
	  return True if the nonce is already associated with the specifed user (only) and the
	  nonce_count is greater than all previous nonce-counts for the same nonce (or is None)
	  or False otherwise.
      * store_nonce(self, user, nonce, nonce_count):
          Called upon successful authentication of the specified user (as returned from the
	  account backend's get_user method) if update_existing_nonce returns False. If the
	  nonce-count is not being enforced, nonce_count will be None. This method should return
	  True if the nonce is not already associated with any user.

About

No description, website, or topics provided.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages