# Django Labs Accounts
[](https://circleci.com/gh/pennlabs/django-labs-accounts)
[](https://codecov.io/gh/pennlabs/django-labs-accounts)
[](https://pypi.org/project/django-labs-accounts/)
## Requirements
* Python 3.6+
* Django 2.1+
## Installation
Install with pip `pip install django-labs-accounts`
Add `accounts` to `INSTALLED_APPS`
```python
INSTALLED_APPS = (
...
'accounts.apps.AccountsConfig',
'identity.apps.IdentityConfig', # If you want to enable B2B IPC
...
)
```
Add the new accounts backend to `AUTHENTICATION_BACKENDS`
```python
AUTHENTICATION_BACKENDS = (
...
'accounts.backends.LabsUserBackend',
'django.contrib.auth.backends.ModelBackend',
...
)
```
(Optional) Add the new Platform DRF authentication class to rest framework's `DEFAULT_AUTHENTICATION_CLASSES`. This authentication class should go at the end of the list of authentication classes in most cases.
```python
REST_FRAMEWORK = {
...
'DEFAULT_AUTHENTICATION_CLASSES': [
'rest_framework.authentication.SessionAuthentication',
'rest_framework.authentication.BasicAuthentication',
'accounts.authentication.PlatformAuthentication',
]
...
}
```
Add the following to `urls.py`
```python
urlpatterns = [
...
path('accounts/', include('accounts.urls', namespace='accounts')),
...
]
```
## Documentation
All settings are handled within a `PLATFORM_ACCOUNTS` dictionary.
Example:
```python
PLATFORM_ACCOUNTS = {
'CLIENT_ID': 'id',
'CLIENT_SECRET': 'secret',
'REDIRECT_URI': 'example',
'ADMIN_PERMISSION': 'example_admin'
'CUSTOM_ADMIN': True
}
```
The available settings are:
`CLIENT_ID` the client ID to connect to platform with. Defaults to `LABS_CLIENT_ID` environment variable.
`CLIENT_SECRET` the client secret to connect to platform with. Defaults to `LABS_CLIENT_SECRET` environment variable.
`REDIRECT_URI` the redirect uri to send to platform. Defaults to first the `LABS_REDIRECT_URI` environment variable and then generating the value from the request object.
`SCOPE` the scope for this applications tokens. Must include `introspection`. Defaults to `['read', 'introspection']`.
`PLATFORM_URL` URL of platform server to connect to. Should be `https://platform(-dev).pennlabs.org` (no trailing slash)
`ADMIN_PERMISSION` The name of the permission on platform to grant admin access. Defaults to `example_admin`
`CUSTOM_ADMIN` enable the custom admin login page to log in users through platform. Defaults to `True`
When developing locally with an http (not https) callback URL, it may be helpful to set the `OAUTHLIB_INSECURE_TRANSPORT` environment variable.
```python
os.environ['OAUTHLIB_INSECURE_TRANSPORT'] = "1"
```
## Custom post authentication
If you want to customize how DLA saves user information from platform into User objects, you can subclass `accounts.backends.LabsUserBackend` and redefine the post_authenticate method. This method will be run after the user is logged in. The parameters are:
* `user` the user object
* `created` a boolean delineating if the user was just created
* `dictionary` a dictionary of user information from platform.
Then just set the `AUTHENTICATION_BACKENDS` setting to be the subclassed backend.
Here is an example of a custom backend that sets every user's first name to `"Modified"`.
```python
from accounts.backends import LabsUserBackend
class CustomBackend(LabsUserBackend):
def post_authenticate(self, user, created, dictionary):
user.first_name = 'Modified'
user.save()
```
## B2B IPC
DLA also provides an interface for backend to backend IPC requests. With B2B IPC implemented, the backend of a product will—at startup time—request platform for a JWT to verify its identity. Each product will have an allow-list, and this will enable products to make requests to each other.
In order to limit a view to only be available to a B2B IPC request, you can use the included DRF permission:
```python
from identity.permissions import B2BPermission
class TestView(APIView):
permission_classes = [B2BPermission("urn:pennlabs:example")]
```
Make sure to define an URN to limit access. Valid URNs are either a specific product (ex. `urn:pennlabs:platform`) or a wildcard (ex. `urn:pennlabs:*`)
In order to make an IPC request, use the included helper function:
```python
from identity.identity import authenticated_b2b_request
result = authenticated_b2b_request('GET', 'http://url/path')
```
## Use in Production
DLA and Penn Labs' templates are set up so that no configuration is needed to run in development. However, in production a client ID and client secret need to be set. These values should be set in vault. Contact platform for both credentials and any questions you have.
## B2B IPC
DLA also provides an interface for backend to backend IPC requests. In order to limit a view to only be available to a B2B IPC request, you can use the included DRF permission:
```python
from identity.permissions import B2BPermission
class TestView(APIView):
permission_classes = [B2BPermission("urn:pennlabs:example")]
```
Make sure to define an URN to limit access. Valid URNs are either a specific product (ex. `urn:pennlabs:platform`) or a wildcard (ex. `urn:pennlabs:*`)
In order to make an IPC request, use the included helper function:
```python
from identity.identity import authenticated_b2b_request
result = authenticated_b2b_request('GET', 'http://url/path')
```
## Development Setup
### Install poetry:
`pipx install poetry`
### Install Dependencies:
`poetry install`
### Testing:
`export DJANGO_SETTINGS_MODULE=tests.settings && poetry run pytest`
### Linting:
`poetry run black . && poetry run isort . && poetry run flake8`
## Changelog
See [CHANGELOG.md](https://github.com/pennlabs/django-labs-accounts/blob/master/CHANGELOG.md)
## License
See [LICENSE](https://github.com/pennlabs/django-labs-accounts/blob/master/LICENSE)
Raw data
{
"_id": null,
"home_page": "https://github.com/pennlabs/django-labs-accounts",
"name": "django-labs-accounts",
"maintainer": "",
"docs_url": null,
"requires_python": ">=3.11,<4.0",
"maintainer_email": "",
"keywords": "",
"author": "Penn Labs",
"author_email": "contact@pennlabs.org",
"download_url": "https://files.pythonhosted.org/packages/32/79/fa926826906ef063c49bff7c291d02c96d16d942f917dcc3f1b859d310c4/django_labs_accounts-0.9.5.tar.gz",
"platform": null,
"description": "# Django Labs Accounts\n\n[](https://circleci.com/gh/pennlabs/django-labs-accounts)\n[](https://codecov.io/gh/pennlabs/django-labs-accounts)\n[](https://pypi.org/project/django-labs-accounts/)\n\n## Requirements\n\n* Python 3.6+\n* Django 2.1+\n\n## Installation\n\nInstall with pip `pip install django-labs-accounts`\n\nAdd `accounts` to `INSTALLED_APPS`\n\n```python\nINSTALLED_APPS = (\n ...\n 'accounts.apps.AccountsConfig',\n 'identity.apps.IdentityConfig', # If you want to enable B2B IPC\n ...\n)\n```\n\nAdd the new accounts backend to `AUTHENTICATION_BACKENDS`\n\n```python\nAUTHENTICATION_BACKENDS = (\n ...\n 'accounts.backends.LabsUserBackend',\n 'django.contrib.auth.backends.ModelBackend',\n ...\n)\n```\n\n(Optional) Add the new Platform DRF authentication class to rest framework's `DEFAULT_AUTHENTICATION_CLASSES`. This authentication class should go at the end of the list of authentication classes in most cases.\n\n```python\nREST_FRAMEWORK = {\n ...\n 'DEFAULT_AUTHENTICATION_CLASSES': [\n 'rest_framework.authentication.SessionAuthentication',\n 'rest_framework.authentication.BasicAuthentication',\n 'accounts.authentication.PlatformAuthentication',\n ]\n ...\n}\n```\n\nAdd the following to `urls.py`\n\n```python\nurlpatterns = [\n ...\n path('accounts/', include('accounts.urls', namespace='accounts')),\n ...\n]\n```\n\n## Documentation\n\nAll settings are handled within a `PLATFORM_ACCOUNTS` dictionary.\n\nExample:\n\n```python\nPLATFORM_ACCOUNTS = {\n 'CLIENT_ID': 'id',\n 'CLIENT_SECRET': 'secret',\n 'REDIRECT_URI': 'example',\n 'ADMIN_PERMISSION': 'example_admin'\n 'CUSTOM_ADMIN': True\n}\n```\n\nThe available settings are:\n\n`CLIENT_ID` the client ID to connect to platform with. Defaults to `LABS_CLIENT_ID` environment variable.\n\n`CLIENT_SECRET` the client secret to connect to platform with. Defaults to `LABS_CLIENT_SECRET` environment variable.\n\n`REDIRECT_URI` the redirect uri to send to platform. Defaults to first the `LABS_REDIRECT_URI` environment variable and then generating the value from the request object.\n\n`SCOPE` the scope for this applications tokens. Must include `introspection`. Defaults to `['read', 'introspection']`.\n\n`PLATFORM_URL` URL of platform server to connect to. Should be `https://platform(-dev).pennlabs.org` (no trailing slash)\n\n`ADMIN_PERMISSION` The name of the permission on platform to grant admin access. Defaults to `example_admin`\n\n`CUSTOM_ADMIN` enable the custom admin login page to log in users through platform. Defaults to `True`\n\nWhen developing locally with an http (not https) callback URL, it may be helpful to set the `OAUTHLIB_INSECURE_TRANSPORT` environment variable.\n\n```python\nos.environ['OAUTHLIB_INSECURE_TRANSPORT'] = \"1\"\n```\n\n## Custom post authentication\n\nIf you want to customize how DLA saves user information from platform into User objects, you can subclass `accounts.backends.LabsUserBackend` and redefine the post_authenticate method. This method will be run after the user is logged in. The parameters are:\n\n* `user` the user object\n* `created` a boolean delineating if the user was just created\n* `dictionary` a dictionary of user information from platform.\n\nThen just set the `AUTHENTICATION_BACKENDS` setting to be the subclassed backend.\n\nHere is an example of a custom backend that sets every user's first name to `\"Modified\"`.\n\n```python\nfrom accounts.backends import LabsUserBackend\n\nclass CustomBackend(LabsUserBackend):\n def post_authenticate(self, user, created, dictionary):\n user.first_name = 'Modified'\n user.save()\n```\n\n## B2B IPC\n\nDLA also provides an interface for backend to backend IPC requests. With B2B IPC implemented, the backend of a product will\u2014at startup time\u2014request platform for a JWT to verify its identity. Each product will have an allow-list, and this will enable products to make requests to each other.\n\nIn order to limit a view to only be available to a B2B IPC request, you can use the included DRF permission:\n\n```python\nfrom identity.permissions import B2BPermission\nclass TestView(APIView):\n permission_classes = [B2BPermission(\"urn:pennlabs:example\")]\n```\n\nMake sure to define an URN to limit access. Valid URNs are either a specific product (ex. `urn:pennlabs:platform`) or a wildcard (ex. `urn:pennlabs:*`)\n\nIn order to make an IPC request, use the included helper function:\n\n```python\nfrom identity.identity import authenticated_b2b_request\nresult = authenticated_b2b_request('GET', 'http://url/path')\n```\n\n## Use in Production\n\nDLA and Penn Labs' templates are set up so that no configuration is needed to run in development. However, in production a client ID and client secret need to be set. These values should be set in vault. Contact platform for both credentials and any questions you have.\n\n## B2B IPC\n\nDLA also provides an interface for backend to backend IPC requests. In order to limit a view to only be available to a B2B IPC request, you can use the included DRF permission:\n\n```python\nfrom identity.permissions import B2BPermission\n\nclass TestView(APIView):\n permission_classes = [B2BPermission(\"urn:pennlabs:example\")]\n```\n\nMake sure to define an URN to limit access. Valid URNs are either a specific product (ex. `urn:pennlabs:platform`) or a wildcard (ex. `urn:pennlabs:*`)\n\nIn order to make an IPC request, use the included helper function:\n\n```python\nfrom identity.identity import authenticated_b2b_request\n\nresult = authenticated_b2b_request('GET', 'http://url/path')\n```\n\n## Development Setup\n\n### Install poetry:\n\n`pipx install poetry`\n\n### Install Dependencies:\n\n`poetry install`\n\n### Testing:\n\n`export DJANGO_SETTINGS_MODULE=tests.settings && poetry run pytest`\n\n### Linting:\n\n`poetry run black . && poetry run isort . && poetry run flake8`\n\n## Changelog\n\nSee [CHANGELOG.md](https://github.com/pennlabs/django-labs-accounts/blob/master/CHANGELOG.md)\n\n## License\n\nSee [LICENSE](https://github.com/pennlabs/django-labs-accounts/blob/master/LICENSE)\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "Reusable Django app for Penn Labs accounts",
"version": "0.9.5",
"project_urls": {
"Homepage": "https://github.com/pennlabs/django-labs-accounts",
"Repository": "https://github.com/pennlabs/django-labs-accounts"
},
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "141d4761f74734a4564f7ff8e26fa1d4790770edf09a5e6b3112b8c316bf4649",
"md5": "cf55a814c23a6bf7ada10ae1ed0598e1",
"sha256": "1e9bce4b12af68f532adc912bf81aaa782ddf93eb888234c49d62843d04f02bb"
},
"downloads": -1,
"filename": "django_labs_accounts-0.9.5-py3-none-any.whl",
"has_sig": false,
"md5_digest": "cf55a814c23a6bf7ada10ae1ed0598e1",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.11,<4.0",
"size": 18514,
"upload_time": "2024-03-03T03:03:38",
"upload_time_iso_8601": "2024-03-03T03:03:38.754130Z",
"url": "https://files.pythonhosted.org/packages/14/1d/4761f74734a4564f7ff8e26fa1d4790770edf09a5e6b3112b8c316bf4649/django_labs_accounts-0.9.5-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "3279fa926826906ef063c49bff7c291d02c96d16d942f917dcc3f1b859d310c4",
"md5": "2ed19f57c523bb11f2039d2918dcf196",
"sha256": "3736835e2bcc9425bea139f94f590e56c8a3af052b11587aa43a32bb06b462d7"
},
"downloads": -1,
"filename": "django_labs_accounts-0.9.5.tar.gz",
"has_sig": false,
"md5_digest": "2ed19f57c523bb11f2039d2918dcf196",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.11,<4.0",
"size": 14652,
"upload_time": "2024-03-03T03:03:40",
"upload_time_iso_8601": "2024-03-03T03:03:40.566138Z",
"url": "https://files.pythonhosted.org/packages/32/79/fa926826906ef063c49bff7c291d02c96d16d942f917dcc3f1b859d310c4/django_labs_accounts-0.9.5.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-03-03 03:03:40",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "pennlabs",
"github_project": "django-labs-accounts",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"tox": true,
"lcname": "django-labs-accounts"
}
JSON
