DRF Anonymous Login

Django rest framework module to allow login via token (without User instance). Any request with valid token in the AUTH_HEADER (name configurable via setting.py, "HTTP_X_AUTHORIZATION_ANONYMOUS" by default) will be accepted.

Installation

1. Install using pip:

pip install drf-anonymous-login

2. Integrate drf_anonymous_login into your settings.py

INSTALLED_APPS = [
    # ...
    'drf_anonymous_login',
    # ...
]

Usage

There are multiple ways to include the AnonymousLogin functionality to your endpoints. We recommend to use one of the following approaches:

1. Inherit from the AnonymousLoginAuthenticationModelViewSet for any model that is supposed to be accessible via valid token header. You'll find a simple exemplary usage scenario provided the testapp.

OR

2. Directly add the AnonymousLoginAuthentication and IsAuthenticated to your ViewSet's authentication_classes and permission_classes as implemented in the AnonymousLoginAuthenticationModelViewSet.

3. Optionally add the AnonymousLoginUserMixin to your app's User model in order to access its is_anonymous_login and anonymous_login properties:

   # myapp.models.py
   
   class User(AnonymousLoginUserMixin, AbstractUser):
       pass
   

   # settings.py
   
   AUTH_USER_MODEL = "myapp.User"
   

Configure token expiration

The tokens will not expire by default (expiration_datetime remains None). You can configure the ANONYMOUS_LOGIN_EXPIRATION in your application's settings.py to define a default expiration in minutes, e.g. to have any token only valid for 15 minutes, use:

# settings.py

...
ANONYMOUS_LOGIN_EXPIRATION=15

Unit Tests

See folder tests/. The provided tests cover these criteria:

• success:
  • access public endpoint without token
  • access private endpoint with valid token
  • cleanup task does not remove tokens before their expiration_datetime
  • cleanup task removes tokens after their expiration_datetime
• failure:
  • access private endpoint without token
  • access private endpoint with invalid token
  • access private endpoint with expired token

Follow below instructions to run the tests. You may exchange the installed Django and DRF versions according to your requirements. :warning: Depending on your local environment settings you might need to explicitly call python3 instead of python.

# install dependencies
python -m pip install --upgrade pip
pip install -r requirements.txt

# setup environment
pip install -e .

# run tests
cd tests && python manage.py test

Contributing

Contributions are welcomed! Read the Contributing Guide for more information.

Licensing

See LICENSE for more information.