-
Notifications
You must be signed in to change notification settings - Fork 9
License
dimagi/django-digest
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
Visit http://bitbucket.org/akoha/django-digest/ for further information. This library facilitates the implementation of HTTP Digest Authentication for Django projects. It supplies a middleware (HttpDigestMiddleware) that may installed to protect access to all URLs, a decorator (@httpdigest) that may be applied to selected view functions, and a simple class (HttpDigestAuthenticator) that can be used to implement custom authentication scenarios. The following settings may be defined in your Django settings file. Sensible defaults are provided as well. DIGEST_ENFORCE_NONCE_COUNT (True): Whether the nonce-count supplied by the client is required to increase with each request. DIGEST_REALM (DJANGO): The realm value to use. DIGEST_NONCE_TIMEOUT_IN_SECONDS (5*60): The maximum time between the generation of a nonce and the initiation of a session with that nonce. DIGEST_REQUIRE_AUTHENTICATION (False): If True, the middleware will require all requests to be authenticated. Otherwise, the middleware only performs authentication after intercepting a 401/403 response from the view. DIGEST_ACCOUNT_BACKEND ('django_digest.backend.db.AccountStorage'): A class responsible for managing access to users and their credentials. Must implement: * get_partial_digest(self, username): Returns H(username:realm:password) or None * get_user(self, username): Returns an object representing the specified user, or None. This object will be stored in request.user upon successful authentication. DIGEST_NONCE_BACKEND ('django_digest.backend.db.NonceStorage') A class responsible for managing session information. Must implement: * update_existing_nonce(self, user, nonce, nonce_count): Called upon successful authentication of the specified user (as returned from the account backend's get_user method) with the specified nonce and nonce_count. If the nonce-count is not being enforced, nonce_count will be None. This method should return True if the nonce is already associated with the specifed user (only) and the nonce_count is greater than all previous nonce-counts for the same nonce (or is None) or False otherwise. * store_nonce(self, user, nonce, nonce_count): Called upon successful authentication of the specified user (as returned from the account backend's get_user method) if update_existing_nonce returns False. If the nonce-count is not being enforced, nonce_count will be None. This method should return True if the nonce is not already associated with any user.
About
No description, website, or topics provided.
Resources
License
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published