| 9 | | The path to the default authentication backend can be set in settings.py via the AUTHENTICATION_BACKEND variable. This variable is used by {{{django.contrib.auth.middleware.AuthenticationMiddleware}}} to set the request.user attribute. |
| 10 | | |
| 11 | | |
| 12 | | == Backends == |
| 13 | | |
| 14 | | Authentication backends are pretty simple. They just need to implement 2 |
| 15 | | methods, {{{authenticate}}} and {{{get_user}}}. |
| 16 | | |
| 17 | | === backend.authenticate(self, request) === |
| 18 | | {{{backend.authenticate}}} takes a request object, and if it finds valid credentials in the request, it returns a user object. If not, it returns None. |
| 19 | | |
| 20 | | Note that when you write an authentication backend, you can grab a token, or whatever else you want out of the request, and check against ldap, another sql database, or pretty much anything accessible via python. |
| 21 | | |
| 22 | | The user object will generally be an instance of {{{django.contrib.auth.models.User}}}, but really, it could be anything. You will need to at least fake the interface for {{{django.contrib.auth.models.User}}} if you want to use the admin system however. Your backend can create and save an instance of {{{django.contrib.auth.models.User}}} when a user logs in for the first time. You could also add them to a default set of groups at that time. |
| 23 | | |
| 24 | | === backend.get_user(self, user_id) === |
| 25 | | |
| 26 | | {{{backend.get_user}}} simply takes a user id and returns the user that matches that id. |
| | 9 | The path to the default authentication backend can be set in settings.py via the AUTHENTICATION_BACKEND variable. This backend is used to set the request.user attribute automatically. There is also a backend that is just a front for using multiple backends, but we'll get to that later. |
| | 35 | |
| | 36 | == Credentials == |
| | 37 | |
| | 38 | Credentials are extracted from the request by plugins. These plugins are just functions that take the request as their only argument and return a dict or string containing the credentials. You can have multiple ordered credential plugins by changing {{{CREDENTIAL_PLUGINS}}} in your settings file. |
| | 39 | |
| | 40 | {{{ |
| | 41 | #!python |
| | 42 | |
| | 43 | CREDENTIAL_PLUGINS = ( |
| | 44 | 'django.contrib.auth.credentials.username_password_form', |
| | 45 | 'django.contrib.auth.credentials.token', |
| | 46 | ) |
| | 47 | |
| | 48 | }}} |
| | 49 | |
| | 50 | AuthUtil will use the first plugin and hand the credentials to {{{AUTHENTICATION_BACKEND}}}. If {{{AUTHENTICATION_BACKEND}}} returns None for the first set of credentials, the next plugin will be tried, and so on. |
| | 51 | |
| | 52 | {{{CREDENTIAL_PLUGINS}}} defaults to {{{('django.contrib.auth.credentials.username_password_form',)}}} |
| | 53 | |
| | 54 | |
| 55 | | To use multiple authentication backends, you just use another backend called {{{django.contrib.auth.backends.MultiBackend}}} It is configured with a list of backends you'd like to use, and just calls each backend in order. |
| | 57 | To use multiple authentication backends, set AUTHENTICATION_BACKEND to {{{django.contrib.auth.backends. MultiAuthBackend}}} in your settings file.You must also set AUTHENTICATION_BACKEND to a tuple of the backends you wish to use, in order. |
| | 58 | |
| | 59 | For example: |
| | 60 | |
| | 61 | {{{ |
| | 62 | #!python |
| | 63 | |
| | 64 | AUTHENTICATION_BACKEND = 'django.contrib.auth.backends.MultiAuthBackend' |
| | 65 | |
| | 66 | MULTIAUTH_BACKENDS = ( |
| | 67 | 'django.contrib.auth.backends.LDAPBackend', |
| | 68 | 'django.contrib.auth.backends.ModelBackend', |
| | 69 | ) |
| | 70 | }}} |
| | 71 | |
| | 72 | When you call {{{authenticate}}} or {{{get_user}}} on {{{MultiAuthBackend}}}, it will in turn call the same method on each backend in {{{MULTIAUTH_BACKENDS}}} in order. |
| | 73 | |
| | 74 | |
| | 75 | == Writing Backends == |
| | 76 | |
| | 77 | Authentication backends are pretty simple. They just need to implement 2 |
| | 78 | methods, {{{authenticate}}} and {{{get_user}}}. |
| | 79 | |
| | 80 | === backend.authenticate(self, credentials) === |
| | 81 | If the credentials match a user in this backend it returns a user object. If not, it returns None. Keep in mind that credentials could be a dict, a string, pretty much anything. You'll have to make sure that {{{authenticate}}} does the appropriate checking and returns None for credentials that it can't handle. |
| | 82 | |
| | 83 | The user object will generally be an instance of {{{django.contrib.auth.models.User}}}, but really, it could be anything. You will need to at least fake the interface for {{{django.contrib.auth.models.User}}} if you want to use the admin system however. Your backend can create and save an instance of {{{django.contrib.auth.models.User}}} when a user logs in for the first time. You could also add them to a default set of groups at that time. |
| | 84 | |
| | 85 | === backend.get_user(self, user_id) === |
| | 86 | |
| | 87 | {{{backend.get_user}}} simply takes a user id and returns the user that matches that id. The user id is not neccessarily numeric, and in most cases it won't be. It could be a username, an email address, whatever. The important part is that it uniquely identifies a user. |
| | 88 | |
| | 89 | |
| | 90 | |