Code

Changes between Version 14 and Version 15 of MultipleAuthBackends


Ignore:
Timestamp:
05/16/06 12:28:07 (8 years ago)
Author:
jkocherhans
Comment:

removed old proposal stuff and added pointers to the new branch and docs

Legend:

Unmodified
Added
Removed
Modified
  • MultipleAuthBackends

    v14 v15  
    11= Multiple Authentication Backends = 
    22 
    3 See http://code.djangoproject.com/ticket/1428 for the current patch that implements this. 
     3Multiple authentication backends are now possible on the multi-auth branch. 
    44 
    5 == Authentication == 
     5To get a copy, execute the following: 
    66 
    7 The default authentication mechanism for Django will still check a username/password against django.contrib.auth.models.User 
     7{{{svn co http://code.djangoproject.com/svn/django/branches/multi-auth}}} 
    88 
    9 The path to the default authentication backend can be set in settings.py via the AUTHENTICATION_BACKEND variable. This backend is used to set the request.user attribute automatically. There is also a backend that is just a front for using multiple backends, but we'll get to that later. 
     9The documentation has been updated and can be found here: 
     10http://code.djangoproject.com/browser/django/branches/multi-auth/docs/authentication.txt 
    1011 
     12If you have problems, or the docs are unclear, please post your questions to the django-users or django-developers list. 
    1113 
    12 == Authenticating == 
    13  
    14 Here's a code sample that authenticates a user. This would be used to process login forms. Like before, you'd check {{{request.user.is_anonymous()}}} if you want to test if user is logged in. 
    15  
    16 {{{ 
    17 #!python 
    18  
    19 from django.contrib.auth import AuthUtil 
    20  
    21 def login(self, request): 
    22     authutil = AuthUtil() 
    23     user = authutil.authenticate(request) 
    24     if user is None: 
    25         # do whatever for invalid logins 
    26     else: 
    27         # the user is valid, persist their id (username, email, token, etc.) in a session var or whatever. 
    28         # do whatever else this view is supposed to do. 
    29 }}} 
    30  
    31 Note that the view is in charge of "logging in" a user, that is, the view must persist the id of the user somehow. A session variable is the easiest place, but a signed cookie would be desireable for those who don't want to use the session middleware. It would be nice if this were more convenient. It shouldn't be hard to do. Also, in practice, all of this would probably happen in a decorator. Adding that much boilerplate code to every view would be a little ridiculous. 
    32  
    33 For extra points, there should be ways of tying this all in with WSGI ;) 
    34  
    35  
    36 == Credentials == 
    37  
    38 Credentials are extracted from the request by plugins. These plugins are just functions that take the request as their only argument and return a dict or string containing the credentials. You can have multiple ordered credential plugins by changing {{{CREDENTIAL_PLUGINS}}} in your settings file. 
    39  
    40 {{{ 
    41 #!python 
    42  
    43 CREDENTIAL_PLUGINS = ( 
    44     'django.contrib.auth.credentials.username_password_form', 
    45     'django.contrib.auth.credentials.token', 
    46 ) 
    47  
    48 }}} 
    49  
    50 AuthUtil will use the first plugin and hand the credentials to {{{AUTHENTICATION_BACKEND}}}. If {{{AUTHENTICATION_BACKEND}}} returns None for the first set of credentials, the next plugin will be tried, and so on. 
    51  
    52 {{{CREDENTIAL_PLUGINS}}} defaults to {{{('django.contrib.auth.credentials.username_password_form',)}}} 
    53  
    54  
    55 == Using Multiple Backends == 
    56  
    57 To use multiple authentication backends, set AUTHENTICATION_BACKEND to {{{django.contrib.auth.backends. MultiAuthBackend}}} in your settings file.You must also set AUTHENTICATION_BACKEND to a tuple of the backends you wish to use, in order. 
    58  
    59 For example: 
    60  
    61 {{{ 
    62 #!python 
    63  
    64 AUTHENTICATION_BACKEND = 'django.contrib.auth.backends.MultiAuthBackend' 
    65  
    66 MULTIAUTH_BACKENDS = ( 
    67     'django.contrib.auth.backends.LDAPBackend', 
    68     'django.contrib.auth.backends.ModelBackend', 
    69 ) 
    70 }}} 
    71  
    72 When you call {{{authenticate}}} or {{{get_user}}} on {{{MultiAuthBackend}}}, it will in turn call the same method on each backend in {{{MULTIAUTH_BACKENDS}}} in order. 
    73  
     14''Note: For those paying attention to this proposal, credential plugins have been completely removed. While useful for some applications, the added complexity just wasn't worth it.'' 
    7415 
    7516---- 
     
    9435 
    9536---- 
    96  
    97  
    98 == Writing Backends == 
    99  
    100 Authentication backends are pretty simple. They just need to implement 2  
    101 methods, {{{authenticate}}} and {{{get_user}}}. 
    102  
    103 === backend.authenticate(self, credentials) === 
    104 If the credentials match a user in this backend it returns a user object. If not, it returns None. Keep in mind that credentials could be a dict, a string, pretty much anything. You'll have to make sure that {{{authenticate}}} does the appropriate checking and returns None for credentials that it can't handle. 
    105  
    106 The user object will generally be an instance of {{{django.contrib.auth.models.User}}}, but really, it could be anything. You will need to at least fake the interface for {{{django.contrib.auth.models.User}}} if you want to use the admin system however. Your backend can create and save an instance of {{{django.contrib.auth.models.User}}} when a user logs in for the first time. You could also add them to a default set of groups at that time. 
    107  
    108 === backend.get_user(self, user_id) === 
    109  
    110 {{{backend.get_user}}} simply takes a user id and returns the user that matches that id. The user id is not neccessarily numeric, and in most cases it won't be. It could be a username, an email address, whatever. The important part is that it uniquely identifies a user. 
    11137 
    11238=== sample LDAPBackend class ===