Skip to content

Latest commit

 

History

History
103 lines (74 loc) · 3.24 KB

README.md

File metadata and controls

103 lines (74 loc) · 3.24 KB
Raw

DRF Anonymous Login

PyPI version Run linter and tests Codecov

Django rest framework module to allow login via token (without User instance). Any request with valid token in the AUTH_HEADER (name configurable via setting.py, "HTTP_X_AUTHORIZATION_ANONYMOUS" by default) will be accepted.

Installation

  1. Install using pip:
pip install drf-anonymous-login
  1. Integrate drf_anonymous_login into your settings.py
INSTALLED_APPS = [
    # ...
    'drf_anonymous_login',
    # ...
]

Usage

There are multiple ways to include the AnonymousLogin functionality to your endpoints. We recommend to use one of the following approaches:

  1. Inherit from the AnonymousLoginAuthenticationModelViewSet for any model that is supposed to be accessible via valid token header. You'll find a simple exemplary usage scenario provided the testapp.

OR

  1. Directly add the AnonymousLoginAuthentication and IsAuthenticated to your ViewSet's authentication_classes and permission_classes as implemented in the AnonymousLoginAuthenticationModelViewSet.

  2. Optionally add the AnonymousLoginUserMixin to your app's User model in order to access its is_anonymous_login and anonymous_login properties:

    # myapp.models.py

class User(AnonymousLoginUserMixin, AbstractUser):
    pass

    # settings.py

AUTH_USER_MODEL = "myapp.User"

Configure token expiration

The tokens will not expire by default (expiration_datetime remains None). You can configure the ANONYMOUS_LOGIN_EXPIRATION in your application's settings.py to define a default expiration in minutes, e.g. to have any token only valid for 15 minutes, use:

# settings.py

...
ANONYMOUS_LOGIN_EXPIRATION=15

Unit Tests

See folder tests/. The provided tests cover these criteria:

  • success:
    • access public endpoint without token
    • access private endpoint with valid token
    • cleanup task does not remove tokens before their expiration_datetime
    • cleanup task removes tokens after their expiration_datetime
  • failure:
    • access private endpoint without token
    • access private endpoint with invalid token
    • access private endpoint with expired token

Follow below instructions to run the tests. You may exchange the installed Django and DRF versions according to your requirements. :warning: Depending on your local environment settings you might need to explicitly call python3 instead of python.

# install dependencies
python -m pip install --upgrade pip
pip install -r requirements.txt

# setup environment
pip install -e .

# run tests
cd tests && python manage.py test

Contributing

Contributions are welcomed! Read the Contributing Guide for more information.

Licensing

See LICENSE for more information.