| Name | wc-django-jwt JSON |
| Version |
0.3.7
JSON |
| download |
| home_page | None |
| Summary | Django JWT authentication. |
| upload_time | 2024-09-19 14:50:08 |
| maintainer | None |
| docs_url | None |
| author | WebCase |
| requires_python | >=3.6 |
| license | MIT License |
| keywords |
|
| VCS |
|
| bugtrack_url |
|
| requirements |
No requirements were recorded.
|
| Travis-CI |
No Travis.
|
| coveralls test coverage |
No coveralls.
|
# WebCase django JWT authentication
Based on [djangorestframework-simplejwt](https://pypi.org/project/djangorestframework-simplejwt/) with a little bit of additional goodies.
Us it's documentation as a source of truth. All changes and additional info about configuration are described here, in this documentation.
## Installation
```sh
pip install wc-django-jwt
```
In `settings.py`:
```python
INSTALLED_APPS += [
'rest_framework_simplejwt',
'wcd_jwt',
]
WCD_JWT = {
# Serializer class for JWT token.
'TOKEN_OBTAIN_SERIALIZER': 'wcd_jwt.serializers.TokenObtainPairSerializer',
# Serializer class for JWT token refresh.
'TOKEN_REFRESH_SERIALIZER': 'wcd_jwt.serializers.TokenRefreshSerializer',
# Authentication class that will be used by auth middleware to check tokens.
'AUTHENTICATION_CLASS': 'wcd_jwt.authentication.JWTAuthentication',
# Available token types to match on.
'TOKEN_TYPES': [
'rest_framework_simplejwt.tokens.AccessToken',
'rest_framework_simplejwt.tokens.RefreshToken',
],
# Should you rotate refresh tokens on access refresh.
'ROTATE_REFRESH_TOKENS': False,
# Should you update lsat login field on user on token obtain call.
'UPDATE_LAST_LOGIN': False,
}
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
# Might be used to authenticate DRF requests.
'wcd_jwt.authentication.JWTAuthentication',
)
}
MIDDLEWARE = [
...
'django.contrib.auth.middleware.AuthenticationMiddleware',
...
# Authentication middleware must be placed after django's
# `AuthenticationMiddleware`.
'wcd_jwt.middleware.AuthenticationMiddleware',
...
]
```
There are ready for use frontend for django rest framework. It mostly provided by `djangorestframework-simplejwt` with some additional changes.
In `urls.py`:
```python
from wcd_jwt.views import make_urlpatterns as jwt_make_urlpatterns
urlpatters = [
...
path(
'api/v1/auth/token/',
include((jwt_make_urlpatterns(), 'wcd_jwt'),
namespace='jwt-auth')
),
]
```
And after all that manipulations you end up with 4 views for jwt tokens authentication.
Function `make_urlpatterns` can take your custom views and replace default ones.
## Token registry
Tokens by default are generate-and-forget things. In case you need to remember what tokens were created and for what users there is a contrib package added: `wcd_jwt.contrib.registry`.
It registers all your generated tokens. And may be used to force-expire any of them.
In `settings.py`:
```python
INSTALLED_APPS += [
'rest_framework_simplejwt',
'wcd_jwt',
'wcd_jwt.contrib.registry',
]
WCD_JWT = {
# Serializer class for JWT token refresh should be changed to:
'TOKEN_REFRESH_SERIALIZER': 'wcd_jwt.contrib.registry.serializers.TokenRefreshSerializer',
# If you want to block user not after trey'r access token expired, but
# at any time they made request change authentication class to:
'AUTHENTICATION_CLASS': 'wcd_jwt.contrib.registry.authentication.JWTAuthentication',
}
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'wcd_jwt.contrib.registry.authentication.JWTAuthentication',
)
}
WCD_JWT_REGISTRY = {
# Token expire serializer may be replaced like this:
'TOKEN_EXPIRE_SERIALIZER': 'wcd_jwt.contrib.registry.serializers.TokenExpireSerializer',
# Automatically expire all other token in a tree except client's
# available refresh and access tokens.
# Works only when `TOKEN_REGISTRATION_ON_SIGNAL` enabled.
'TOKEN_EXPIRE_ON_REFRESH': False,
# Pipeline functions list for token registration runner.
'TOKEN_REGISTRATION_PIPELINE': [
'wcd_jwt.contrib.registry.services.pipeline.register_pairs',
'wcd_jwt.contrib.registry.services.pipeline.connecting_user',
],
# Automatically runs token registration on wcd_jwt obtain and
# refresh signals sended.
'TOKEN_REGISTRATION_ON_SIGNAL': True,
# Run token registration parallel to main request. It lowers response
# wait time.
# It uses Thread(daemon=True) to accomplish "parallelism".
'TOKEN_REGISTRATION_ON_SIGNAL_PARALLEL': False,
}
```
The same for urls.
In `urls.py`:
```python
from wcd_jwt.contrib.registry.views import make_urlpatterns as jwt_registry_make_urlpatterns
urlpatters = [
...
path(
'api/v1/auth/token/',
include((jwt_registry_make_urlpatterns(), 'wcd_jwt_registry'),
namespace='jwt-auth-registry')
),
]
```
Registry provides 2 models:
- `Token` - Stores information about generated tokens. They are hierarchical. Hierarchy is based on which token was used to generate those from response. Refresh token will always be a parent for access token.
- `TokenUserConnection` - Connects user to token model.
There is only one view at the moment that adds ability to expire any valid token.
To display tokens on the client you may made your own views. Package will not provide them, because there certainly will be additional logic to display, so wer'e not event bothering ourselves).
Tokens has some query methods to made querying easier:
```python
list_of_expired_tokens = Token.objects.expired()
list_of_active_tokens = Token.objects.active()
# Method `collect_tree` we can collect all the ids from token related trees
# for any number of tokens we wish.
# Here we collecting tree ids for some `token1`.
list_of_ids_for_all_the_token_relatives_tree = Token.objects.collect_tree(
ids=[token1.id]
)
# We may easily find tokens for a certain user:
list_of_users_tokens = Token.objects.filter(
user_connections__user=some_user_instance
)
# etc.
```
To register tokens manually run registration pipeline:
```python
from wcd_jwt.contrib.registry.services import pipeline
pipeline.run({
# Token pairs: (child, parent)
'pairs': [
(AccessToken(''), RefreshToken('')),
],
# Optional.
'user': user or None,
# Optional.
'request': request,
})
```
Old tokens that are no longer active might be not useful anymore. For this case there is an **archiver** service:
```python
from wcd_jwt.contrib.registry.services import archiver
from rest_framework_simplejwt.utils import aware_utcnow
archiver.archive(
# There is also optional `now` parameter.
# Here, as an example, we deleting only tokens that expired more than
# 10 days ago.
# It will be `aware_utcnow()` by default.
now=aware_utcnow() - timedelta(days=10)
)
```
## Token device registry
Also you may want to know what device was used to access site with registered token.
It depends on `wc-django-device-recognizer`. So it must be also added to installed apps.
```python
INSTALLED_APPS += [
'rest_framework_simplejwt',
'wcd_device_recognizer',
'wcd_jwt',
'wcd_jwt.contrib.registry',
'wcd_jwt.contrib.device_registry',
]
# To be able to register token interlocutors:
WCD_JWT_REGISTRY_TOKEN_REGISTRATION_PIPELINE = [
'wcd_jwt.contrib.registry.services.pipeline.register_pairs',
'wcd_jwt.contrib.registry.services.pipeline.connecting_user',
# Add this to your registry pipeline
'wcd_jwt.contrib.device_registry.services.pipeline.connect_interlocutor',
]
```
To connect tokens with some interlocutor manually just run connector service:
```python
from wcd_jwt.contrib.device_registry.services import connector
from wcd_device_recognizer.models import Interlocutor, InterlocutorNetwork
from wcd_jwt.contrib.registry.models import Token
connections: List[TokenInterlocutorConnection] = connector.connect(
Interlocutor(),
[
Token(),
],
# Optional.
network=InterlocutorNetwork(),
)
```
# Changelog
All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [Unreleased]
## [0.3.7]
### Changed
- Removed distinct on initial admin queryset, because of delete missbehaviour.
## [0.3.6]
### Changed
- One interlocutor connection for one token by default, even if interlocutor and network are different next time.
## [0.3.5]
### Fixed
- Token interlocutor connections duplication on it's registration.
## [0.3.4]
### Changed
- Improvements in admin panel informativity.
## [0.3.1]
### Changed
- Improvements in admin panel informativity.
## [0.3.0]
### Added
- Device registry.
- Token registry pipeline.
- Expire old tokens on refresh.
- Token archiver.
### Changed
- Extended configurations.
### Fixed
- Different fixes.
## [0.2.3]
### Fixed
- Authentication fixes.
## [0.2.0]
### Added
- Tokens registry.
### Changed
- Reduced amount of code dependent on simplejwt. Small improvements because of that and more flexible and extendable code as result.
## [0.1.4]
### Added
- Translation strings.
## [0.1.1]
Initial version.
Raw data
{
"_id": null,
"home_page": null,
"name": "wc-django-jwt",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.6",
"maintainer_email": null,
"keywords": null,
"author": "WebCase",
"author_email": "info@webcase.studio",
"download_url": "https://files.pythonhosted.org/packages/ae/27/61f1de520e310a2e0f10f665386aa0a0b9c9485b36b2022f8cfe74d7cef6/wc-django-jwt-0.3.7.tar.gz",
"platform": null,
"description": "# WebCase django JWT authentication\n\nBased on [djangorestframework-simplejwt](https://pypi.org/project/djangorestframework-simplejwt/) with a little bit of additional goodies.\n\nUs it's documentation as a source of truth. All changes and additional info about configuration are described here, in this documentation.\n\n## Installation\n\n```sh\npip install wc-django-jwt\n```\n\nIn `settings.py`:\n\n```python\nINSTALLED_APPS += [\n 'rest_framework_simplejwt',\n\n 'wcd_jwt',\n]\n\nWCD_JWT = {\n # Serializer class for JWT token.\n 'TOKEN_OBTAIN_SERIALIZER': 'wcd_jwt.serializers.TokenObtainPairSerializer',\n # Serializer class for JWT token refresh.\n 'TOKEN_REFRESH_SERIALIZER': 'wcd_jwt.serializers.TokenRefreshSerializer',\n\n # Authentication class that will be used by auth middleware to check tokens.\n 'AUTHENTICATION_CLASS': 'wcd_jwt.authentication.JWTAuthentication',\n # Available token types to match on.\n 'TOKEN_TYPES': [\n 'rest_framework_simplejwt.tokens.AccessToken',\n 'rest_framework_simplejwt.tokens.RefreshToken',\n ],\n # Should you rotate refresh tokens on access refresh.\n 'ROTATE_REFRESH_TOKENS': False,\n # Should you update lsat login field on user on token obtain call.\n 'UPDATE_LAST_LOGIN': False,\n}\n\nREST_FRAMEWORK = {\n 'DEFAULT_AUTHENTICATION_CLASSES': (\n # Might be used to authenticate DRF requests.\n 'wcd_jwt.authentication.JWTAuthentication',\n )\n}\n\nMIDDLEWARE = [\n ...\n 'django.contrib.auth.middleware.AuthenticationMiddleware',\n ...\n # Authentication middleware must be placed after django's\n # `AuthenticationMiddleware`.\n 'wcd_jwt.middleware.AuthenticationMiddleware',\n ...\n]\n```\n\nThere are ready for use frontend for django rest framework. It mostly provided by `djangorestframework-simplejwt` with some additional changes.\n\nIn `urls.py`:\n\n```python\nfrom wcd_jwt.views import make_urlpatterns as jwt_make_urlpatterns\n\nurlpatters = [\n ...\n path(\n 'api/v1/auth/token/',\n include((jwt_make_urlpatterns(), 'wcd_jwt'),\n namespace='jwt-auth')\n ),\n]\n```\n\nAnd after all that manipulations you end up with 4 views for jwt tokens authentication.\n\nFunction `make_urlpatterns` can take your custom views and replace default ones.\n\n## Token registry\n\nTokens by default are generate-and-forget things. In case you need to remember what tokens were created and for what users there is a contrib package added: `wcd_jwt.contrib.registry`.\n\nIt registers all your generated tokens. And may be used to force-expire any of them.\n\nIn `settings.py`:\n\n```python\nINSTALLED_APPS += [\n 'rest_framework_simplejwt',\n\n 'wcd_jwt',\n 'wcd_jwt.contrib.registry',\n]\n\nWCD_JWT = {\n # Serializer class for JWT token refresh should be changed to:\n 'TOKEN_REFRESH_SERIALIZER': 'wcd_jwt.contrib.registry.serializers.TokenRefreshSerializer',\n\n # If you want to block user not after trey'r access token expired, but\n # at any time they made request change authentication class to:\n 'AUTHENTICATION_CLASS': 'wcd_jwt.contrib.registry.authentication.JWTAuthentication',\n}\n\nREST_FRAMEWORK = {\n 'DEFAULT_AUTHENTICATION_CLASSES': (\n 'wcd_jwt.contrib.registry.authentication.JWTAuthentication',\n )\n}\n\nWCD_JWT_REGISTRY = {\n # Token expire serializer may be replaced like this:\n 'TOKEN_EXPIRE_SERIALIZER': 'wcd_jwt.contrib.registry.serializers.TokenExpireSerializer',\n\n # Automatically expire all other token in a tree except client's\n # available refresh and access tokens.\n # Works only when `TOKEN_REGISTRATION_ON_SIGNAL` enabled.\n 'TOKEN_EXPIRE_ON_REFRESH': False,\n\n # Pipeline functions list for token registration runner.\n 'TOKEN_REGISTRATION_PIPELINE': [\n 'wcd_jwt.contrib.registry.services.pipeline.register_pairs',\n 'wcd_jwt.contrib.registry.services.pipeline.connecting_user',\n ],\n # Automatically runs token registration on wcd_jwt obtain and\n # refresh signals sended.\n 'TOKEN_REGISTRATION_ON_SIGNAL': True,\n # Run token registration parallel to main request. It lowers response\n # wait time.\n # It uses Thread(daemon=True) to accomplish \"parallelism\".\n 'TOKEN_REGISTRATION_ON_SIGNAL_PARALLEL': False,\n}\n```\n\nThe same for urls.\n\nIn `urls.py`:\n\n```python\nfrom wcd_jwt.contrib.registry.views import make_urlpatterns as jwt_registry_make_urlpatterns\n\nurlpatters = [\n ...\n path(\n 'api/v1/auth/token/',\n include((jwt_registry_make_urlpatterns(), 'wcd_jwt_registry'),\n namespace='jwt-auth-registry')\n ),\n]\n```\n\nRegistry provides 2 models:\n- `Token` - Stores information about generated tokens. They are hierarchical. Hierarchy is based on which token was used to generate those from response. Refresh token will always be a parent for access token.\n- `TokenUserConnection` - Connects user to token model.\n\nThere is only one view at the moment that adds ability to expire any valid token.\n\nTo display tokens on the client you may made your own views. Package will not provide them, because there certainly will be additional logic to display, so wer'e not event bothering ourselves).\n\nTokens has some query methods to made querying easier:\n\n```python\nlist_of_expired_tokens = Token.objects.expired()\nlist_of_active_tokens = Token.objects.active()\n\n# Method `collect_tree` we can collect all the ids from token related trees\n# for any number of tokens we wish.\n# Here we collecting tree ids for some `token1`.\nlist_of_ids_for_all_the_token_relatives_tree = Token.objects.collect_tree(\n ids=[token1.id]\n)\n\n# We may easily find tokens for a certain user:\nlist_of_users_tokens = Token.objects.filter(\n user_connections__user=some_user_instance\n)\n\n# etc.\n```\n\nTo register tokens manually run registration pipeline:\n\n```python\nfrom wcd_jwt.contrib.registry.services import pipeline\n\npipeline.run({\n # Token pairs: (child, parent)\n 'pairs': [\n (AccessToken(''), RefreshToken('')),\n ],\n # Optional.\n 'user': user or None,\n # Optional.\n 'request': request,\n})\n```\n\nOld tokens that are no longer active might be not useful anymore. For this case there is an **archiver** service:\n\n```python\nfrom wcd_jwt.contrib.registry.services import archiver\nfrom rest_framework_simplejwt.utils import aware_utcnow\n\narchiver.archive(\n # There is also optional `now` parameter.\n # Here, as an example, we deleting only tokens that expired more than\n # 10 days ago.\n # It will be `aware_utcnow()` by default.\n now=aware_utcnow() - timedelta(days=10)\n)\n```\n\n## Token device registry\n\nAlso you may want to know what device was used to access site with registered token.\n\nIt depends on `wc-django-device-recognizer`. So it must be also added to installed apps.\n\n```python\nINSTALLED_APPS += [\n 'rest_framework_simplejwt',\n\n 'wcd_device_recognizer',\n\n 'wcd_jwt',\n 'wcd_jwt.contrib.registry',\n 'wcd_jwt.contrib.device_registry',\n]\n\n# To be able to register token interlocutors:\nWCD_JWT_REGISTRY_TOKEN_REGISTRATION_PIPELINE = [\n 'wcd_jwt.contrib.registry.services.pipeline.register_pairs',\n 'wcd_jwt.contrib.registry.services.pipeline.connecting_user',\n # Add this to your registry pipeline\n 'wcd_jwt.contrib.device_registry.services.pipeline.connect_interlocutor',\n]\n```\n\nTo connect tokens with some interlocutor manually just run connector service:\n\n```python\nfrom wcd_jwt.contrib.device_registry.services import connector\n\nfrom wcd_device_recognizer.models import Interlocutor, InterlocutorNetwork\nfrom wcd_jwt.contrib.registry.models import Token\n\n\nconnections: List[TokenInterlocutorConnection] = connector.connect(\n Interlocutor(),\n [\n Token(),\n ],\n # Optional.\n network=InterlocutorNetwork(),\n)\n```\n# Changelog\nAll notable changes to this project will be documented in this file.\n\nThe format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),\nand this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).\n\n## [Unreleased]\n\n## [0.3.7]\n### Changed\n- Removed distinct on initial admin queryset, because of delete missbehaviour.\n\n## [0.3.6]\n### Changed\n- One interlocutor connection for one token by default, even if interlocutor and network are different next time.\n\n## [0.3.5]\n### Fixed\n- Token interlocutor connections duplication on it's registration.\n\n## [0.3.4]\n### Changed\n- Improvements in admin panel informativity.\n\n## [0.3.1]\n### Changed\n- Improvements in admin panel informativity.\n\n## [0.3.0]\n### Added\n- Device registry.\n- Token registry pipeline.\n- Expire old tokens on refresh.\n- Token archiver.\n\n### Changed\n- Extended configurations.\n\n### Fixed\n- Different fixes.\n\n## [0.2.3]\n### Fixed\n- Authentication fixes.\n\n## [0.2.0]\n### Added\n- Tokens registry.\n### Changed\n- Reduced amount of code dependent on simplejwt. Small improvements because of that and more flexible and extendable code as result.\n\n## [0.1.4]\n### Added\n- Translation strings.\n\n## [0.1.1]\nInitial version.\n",
"bugtrack_url": null,
"license": "MIT License",
"summary": "Django JWT authentication.",
"version": "0.3.7",
"project_urls": null,
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "ae2761f1de520e310a2e0f10f665386aa0a0b9c9485b36b2022f8cfe74d7cef6",
"md5": "9ac76aede3f4108732fbbbc44b5d029f",
"sha256": "d931119446f50cf8701d42031c6d5ade84ff23f5de4cde16e9c01b758d31b3a4"
},
"downloads": -1,
"filename": "wc-django-jwt-0.3.7.tar.gz",
"has_sig": false,
"md5_digest": "9ac76aede3f4108732fbbbc44b5d029f",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.6",
"size": 42093,
"upload_time": "2024-09-19T14:50:08",
"upload_time_iso_8601": "2024-09-19T14:50:08.800754Z",
"url": "https://files.pythonhosted.org/packages/ae/27/61f1de520e310a2e0f10f665386aa0a0b9c9485b36b2022f8cfe74d7cef6/wc-django-jwt-0.3.7.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-09-19 14:50:08",
"github": false,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"lcname": "wc-django-jwt"
}
