Changes between Version 11 and Version 12 of MultipleAuthBackends


Ignore:
Timestamp:
03/15/2006 12:41:06 PM (9 years ago)
Author:
jkocherhans
Comment:

clarifications about differences, and added back credential plugins and AuthUtil

Legend:

Unmodified
Added
Removed
Modified
  • MultipleAuthBackends

    v11 v12  
    77The default authentication mechanism for Django will still check a username/password against django.contrib.auth.models.User
    88
    9 The path to the default authentication backend can be set in settings.py via the AUTHENTICATION_BACKEND variable. This variable is used by {{{django.contrib.auth.middleware.AuthenticationMiddleware}}} to set the request.user attribute.
    10 
    11 
    12 == Backends ==
    13 
    14 Authentication backends are pretty simple. They just need to implement 2
    15 methods, {{{authenticate}}} and {{{get_user}}}.
    16 
    17 === backend.authenticate(self, request) ===
    18 {{{backend.authenticate}}} takes a request object, and if it finds valid credentials in the request, it returns a user object. If not, it returns None.
    19 
    20 Note that when you write an authentication backend, you can grab a token, or whatever else you want out of the request, and check against ldap, another sql database, or pretty much anything accessible via python.
    21 
    22 The user object will generally be an instance of {{{django.contrib.auth.models.User}}}, but really, it could be anything. You will need to at least fake the interface for {{{django.contrib.auth.models.User}}} if you want to use the admin system however. Your backend can create and save an instance of {{{django.contrib.auth.models.User}}} when a user logs in for the first time. You could also add them to a default set of groups at that time.
    23 
    24 === backend.get_user(self, user_id) ===
    25 
    26 {{{backend.get_user}}} simply takes a user id and returns the user that matches that id.
     9The path to the default authentication backend can be set in settings.py via the AUTHENTICATION_BACKEND variable. This backend is used to set the request.user attribute automatically. There is also a backend that is just a front for using multiple backends, but we'll get to that later.
    2710
    2811
    2912== Authenticating ==
    3013
    31 Here's a very simple code sample that authenticates a user:
     14Here's a code sample that authenticates a user. This would be used to process login forms. Like before, you'd check {{{request.user.is_anonymous()}}} if you want to test if user is logged in.
    3215
    3316{{{
    3417#!python
    3518
    36 from django.conf import settings
    37 from django.contrib.auth.backends import load_backend
     19from django.contrib.auth import AuthUtil
    3820
    39 def myview(self, request):
    40     backend = load_backend(settings.AUTHENTICATION_BACKEND)
    41     user = backend.authenticate(request)
     21def login(self, request):
     22    authutil = AuthUtil()
     23    user = authutil.authenticate(request)
    4224    if user is None:
    4325        # do whatever for invalid logins
    4426    else:
    45         # the user is valid, persist their id in a session var or whatever.
    46         # do whatever else this view is suppose to do.
     27        # the user is valid, persist their id (username, email, token, etc.) in a session var or whatever.
     28        # do whatever else this view is supposed to do.
    4729}}}
    4830
     
    5133For extra points, there should be ways of tying this all in with WSGI ;)
    5234
     35
     36== Credentials ==
     37
     38Credentials are extracted from the request by plugins. These plugins are just functions that take the request as their only argument and return a dict or string containing the credentials. You can have multiple ordered credential plugins by changing {{{CREDENTIAL_PLUGINS}}} in your settings file.
     39
     40{{{
     41#!python
     42
     43CREDENTIAL_PLUGINS = (
     44    'django.contrib.auth.credentials.username_password_form',
     45    'django.contrib.auth.credentials.token',
     46)
     47
     48}}}
     49
     50AuthUtil will use the first plugin and hand the credentials to {{{AUTHENTICATION_BACKEND}}}. If {{{AUTHENTICATION_BACKEND}}} returns None for the first set of credentials, the next plugin will be tried, and so on.
     51
     52{{{CREDENTIAL_PLUGINS}}} defaults to {{{('django.contrib.auth.credentials.username_password_form',)}}}
     53
     54
    5355== Using Multiple Backends ==
    5456
    55 To use multiple authentication backends, you just use another backend called {{{django.contrib.auth.backends.MultiBackend}}} It is configured with a list of backends you'd like to use, and just calls each backend in order.
     57To use multiple authentication backends, set AUTHENTICATION_BACKEND to {{{django.contrib.auth.backends. MultiAuthBackend}}} in your settings file.You must also set AUTHENTICATION_BACKEND to a tuple of the backends you wish to use, in order.
     58
     59For example:
     60
     61{{{
     62#!python
     63
     64AUTHENTICATION_BACKEND = 'django.contrib.auth.backends.MultiAuthBackend'
     65
     66MULTIAUTH_BACKENDS = (
     67    'django.contrib.auth.backends.LDAPBackend',
     68    'django.contrib.auth.backends.ModelBackend',
     69)
     70}}}
     71
     72When you call {{{authenticate}}} or {{{get_user}}} on {{{MultiAuthBackend}}}, it will in turn call the same method on each backend in {{{MULTIAUTH_BACKENDS}}} in order.
     73
     74
     75== Writing Backends ==
     76
     77Authentication backends are pretty simple. They just need to implement 2
     78methods, {{{authenticate}}} and {{{get_user}}}.
     79
     80=== backend.authenticate(self, credentials) ===
     81If the credentials match a user in this backend it returns a user object. If not, it returns None. Keep in mind that credentials could be a dict, a string, pretty much anything. You'll have to make sure that {{{authenticate}}} does the appropriate checking and returns None for credentials that it can't handle.
     82
     83The user object will generally be an instance of {{{django.contrib.auth.models.User}}}, but really, it could be anything. You will need to at least fake the interface for {{{django.contrib.auth.models.User}}} if you want to use the admin system however. Your backend can create and save an instance of {{{django.contrib.auth.models.User}}} when a user logs in for the first time. You could also add them to a default set of groups at that time.
     84
     85=== backend.get_user(self, user_id) ===
     86
     87{{{backend.get_user}}} simply takes a user id and returns the user that matches that id. The user id is not neccessarily numeric, and in most cases it won't be. It could be a username, an email address, whatever. The important part is that it uniquely identifies a user.
     88
     89
     90
Back to Top