# Django Ninja Auth: Use Django authentication infrastructure with Django Ninja
Django Ninja Auth is a small python package that leverages the funcionalities of `django.contrib.auth` to [Django](https://www.djangoproject.com/) projects that use on the exceptional [Django Ninja](https://django-ninja.rest-framework.com/). It is only intended to provide cookie-based authentication for front-end web applications.
## Install
1. `pip install django-ninja-auth`.
2. Add the router to your `NinjaAPI`. Assuming you created a project according to [Django Ninja's tutorial](https://django-ninja.rest-framework.com/tutorial/) just follow this template in `api.py`:
```python
from ninja import NinjaAPI
from ninja_auth.api import router as auth_router
api = NinjaAPI()
api.add_router('/auth/', auth_router)
```
3. Build the front-end infrastructure to interact with `your-api.com/api/auth/` 🚀.
## Documentation
If you followed the steps above, everything should be documented in your OpenAPI/Swagger UI under `your-api.com/api/docs`. No unnecessary documentation here 😎.
## CSRF
Unfortunately, Django Ninja will [force you to use CSRF protection](https://django-ninja.rest-framework.com/reference/csrf/). It is your responsibility to build a front-end that takes care of this, adding it in the API's schema does not make sense.
If you ask me, I'd just use `SESSION_COOKIE_SAMESITE = 'strict'` and `SESSION_COOKIE_HTTPONLY = True` (default) and forget about CSRF attacks. "But there are old browsers that... 😭😭" - If your cookies get stolen because you use Internet Explorer it's not my fault.
## Password Reset Email
When you call `/api/auth/request_password_reset/` you only need to provide an email address. If the address corresponds to an actual user, Django will send an email to that address with a token to reset the password of the user (of course, you need to configure email sending in your `settings.py`). By default, the email is built using a [horrendous template](https://github.com/django/django/blob/main/django/contrib/admin/templates/registration/password_reset_email.html) provided by the `django.contrib.admin` app. If you are not using such app, Django will complain because the template does not exist. My recommendation is to build your own beautiful template and place it in `registration/password_reset_email.html` under some of your *templates directories*. To build that template you can use the following variables:
- `protocol`: usually `http` or `https`.
- `domain`: whatever was before `/api/auth/request_password_reset/` when the request was made.
- `uid`: the user's id in base64.
- `user`: an object containing data of the user. You can retrieve the username via `{{ user.get_username }}`.
- `site_name`: your site's name.
- `token`: the reset token
Raw data
{
"_id": null,
"home_page": "https://github.com/mugartec/django-ninja-auth",
"name": "django-ninja-auth",
"maintainer": "",
"docs_url": null,
"requires_python": ">=3.7,<4.0",
"maintainer_email": "",
"keywords": "django,django-ninja,auth",
"author": "Mart\u00edn Ugarte",
"author_email": "contact@martinugarte.com",
"download_url": "https://files.pythonhosted.org/packages/67/39/38dd13c270818542f3f08f424ebea6c29c2fbdeab50434ad59cfbad89050/django_ninja_auth-0.1.7.tar.gz",
"platform": null,
"description": "# Django Ninja Auth: Use Django authentication infrastructure with Django Ninja\n\nDjango Ninja Auth is a small python package that leverages the funcionalities of `django.contrib.auth` to [Django](https://www.djangoproject.com/) projects that use on the exceptional [Django Ninja](https://django-ninja.rest-framework.com/). It is only intended to provide cookie-based authentication for front-end web applications.\n\n## Install\n1. `pip install django-ninja-auth`.\n2. Add the router to your `NinjaAPI`. Assuming you created a project according to [Django Ninja's tutorial](https://django-ninja.rest-framework.com/tutorial/) just follow this template in `api.py`:\n```python\nfrom ninja import NinjaAPI\nfrom ninja_auth.api import router as auth_router\n\napi = NinjaAPI()\napi.add_router('/auth/', auth_router)\n```\n3. Build the front-end infrastructure to interact with `your-api.com/api/auth/` \ud83d\ude80.\n\n## Documentation\nIf you followed the steps above, everything should be documented in your OpenAPI/Swagger UI under `your-api.com/api/docs`. No unnecessary documentation here \ud83d\ude0e.\n\n## CSRF\nUnfortunately, Django Ninja will [force you to use CSRF protection](https://django-ninja.rest-framework.com/reference/csrf/). It is your responsibility to build a front-end that takes care of this, adding it in the API's schema does not make sense.\n\nIf you ask me, I'd just use `SESSION_COOKIE_SAMESITE = 'strict'` and `SESSION_COOKIE_HTTPONLY = True` (default) and forget about CSRF attacks. \"But there are old browsers that... \ud83d\ude2d\ud83d\ude2d\" - If your cookies get stolen because you use Internet Explorer it's not my fault.\n\n## Password Reset Email\nWhen you call `/api/auth/request_password_reset/` you only need to provide an email address. If the address corresponds to an actual user, Django will send an email to that address with a token to reset the password of the user (of course, you need to configure email sending in your `settings.py`). By default, the email is built using a [horrendous template](https://github.com/django/django/blob/main/django/contrib/admin/templates/registration/password_reset_email.html) provided by the `django.contrib.admin` app. If you are not using such app, Django will complain because the template does not exist. My recommendation is to build your own beautiful template and place it in `registration/password_reset_email.html` under some of your *templates directories*. To build that template you can use the following variables:\n- `protocol`: usually `http` or `https`.\n- `domain`: whatever was before `/api/auth/request_password_reset/` when the request was made.\n- `uid`: the user's id in base64.\n- `user`: an object containing data of the user. You can retrieve the username via `{{ user.get_username }}`.\n- `site_name`: your site's name.\n- `token`: the reset token\n",
"bugtrack_url": null,
"license": "WTFPL",
"summary": "Django authorization views adapted to django-ninja",
"version": "0.1.7",
"project_urls": {
"Homepage": "https://github.com/mugartec/django-ninja-auth",
"Repository": "https://github.com/mugartec/django-ninja-auth"
},
"split_keywords": [
"django",
"django-ninja",
"auth"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "483c2948ba0d2ecb2a6a597f6d4358d7137b12f4c0c51badfc452cb9706af19e",
"md5": "5758f356ce1dcebb88edaac210b5d5b5",
"sha256": "98f920fec4105682084273bd63161f50b7e6ef85ab73d93dce79622e6d7e5379"
},
"downloads": -1,
"filename": "django_ninja_auth-0.1.7-py3-none-any.whl",
"has_sig": false,
"md5_digest": "5758f356ce1dcebb88edaac210b5d5b5",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.7,<4.0",
"size": 4382,
"upload_time": "2023-08-17T16:58:59",
"upload_time_iso_8601": "2023-08-17T16:58:59.899452Z",
"url": "https://files.pythonhosted.org/packages/48/3c/2948ba0d2ecb2a6a597f6d4358d7137b12f4c0c51badfc452cb9706af19e/django_ninja_auth-0.1.7-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "673938dd13c270818542f3f08f424ebea6c29c2fbdeab50434ad59cfbad89050",
"md5": "abc2de1e5f556d9c7a2c9a44b9739671",
"sha256": "63476b586f1dd6dc4bb76c7570114fde70cee6b47012db476cf29579a3260967"
},
"downloads": -1,
"filename": "django_ninja_auth-0.1.7.tar.gz",
"has_sig": false,
"md5_digest": "abc2de1e5f556d9c7a2c9a44b9739671",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.7,<4.0",
"size": 3942,
"upload_time": "2023-08-17T16:59:01",
"upload_time_iso_8601": "2023-08-17T16:59:01.845698Z",
"url": "https://files.pythonhosted.org/packages/67/39/38dd13c270818542f3f08f424ebea6c29c2fbdeab50434ad59cfbad89050/django_ninja_auth-0.1.7.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-08-17 16:59:01",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "mugartec",
"github_project": "django-ninja-auth",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"lcname": "django-ninja-auth"
}
JSON
