Provides basic multi-tenancy features for OpenWISP 2 (using the Django web-framework).
Table of Contents:
An automated installer is available at ansible-openwisp2.
Install from pypi:
pip install openwisp-users
Install tarball:
pip install https://github.com/openwisp/openwisp-users/tarball/master
Alternatively you can install via pip using git:
pip install -e git+git://github.com/openwisp/openwisp-users#egg=openwisp_users
INSTALLED_APPS
in settings.py
should look like the following:
INSTALLED_APPS = [
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'openwisp_utils.admin_theme',
'django.contrib.admin',
'django.contrib.sites',
'django_extensions',
'allauth',
'allauth.account',
'allauth.socialaccount',
'openwisp_users',
'rest_framework',
'rest_framework.authtoken',
]
also add AUTH_USER_MODEL
and SITE_ID
to your settings.py
:
AUTH_USER_MODEL = 'openwisp_users.User'
SITE_ID = 1
urls.py
:
from django.conf.urls import include, url
from django.contrib import admin
from django.contrib.staticfiles.urls import staticfiles_urlpatterns
urlpatterns = [
url(r'^admin/', include(admin.site.urls)),
url(r'^accounts/', include('allauth.urls')),
url(r'^api/v1/', include('openwisp_users.api.urls')),
]
urlpatterns += staticfiles_urlpatterns()
For additional steps to properly configure allauth
in your project, please refer to their documentation: allauth documentation installation section.
Install sqlite:
sudo apt-get install sqlite3 libsqlite3-dev openssl libssl-dev
Install your forked repo:
git clone git://github.com/<your_fork>/openwisp-users
cd openwisp-users/
python setup.py develop
Install test requirements:
pip install -r requirements-test.txt
Start Redis
docker-compose up -d
Create database:
cd tests/
./manage.py migrate
./manage.py createsuperuser
Launch development server:
./manage.py runserver
You can access the admin interface at http://127.0.0.1:8000/admin/.
Run tests with:
# --parallel and --keepdb are optional but help to speed up the operation
./runtests.py --parallel --keepdb
type: | boolean |
default: | False |
Indicates whether the admin section for managing OrganizationUser
items is enabled or not.
It is disabled by default because these items can be managed via inline items in the user administration section.
type: | boolean |
default: | False |
Indicates whether the admin section for managing OrganizationOwner
items is enabled or not.
It is disabled by default because OpenWISP does not use this feature of django-organizations yet.
type: | boolean |
default: | False |
Indicates whether the API is enabled or not.
type: | str |
default: | 100/day |
Indicates the rate throttling for the API authentication endpoint.
Please note that the current rate throttler is very basic and will also count valid requests for rate limiting. For more information, check Django-rest-framework throttling guide.
To enable the API the setting OPENWISP_USERS_AUTH_API must be set to True
.
A general live API documentation (following the OpenAPI specification) at /api/v1/docs/
.
Additionally, opening any of the endpoints listed below directly in the browser will show the browsable API interface of Django-REST-Framework, which makes it even easier to find out the details of each endpoint.
/api/v1/user/token/
This endpoint only accepts the POST
method and is used to retrieve the Bearer token that is required to make API requests to other endpoints.
Example usage of the endpoint:
http POST localhost:8000/api/v1/user/token/ username=openwisp password=1234
HTTP/1.1 200 OK
Allow: POST, OPTIONS
Content-Length: 52
Content-Type: application/json
Date: Wed, 13 May 2020 10:59:34 GMT
Server: WSGIServer/0.2 CPython/3.6.9
Vary: Cookie
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
{
"token": "7a2e1d3d008253c123c61d56741003db5a194256"
}
The authentication class openwisp_users.api.authentication.BearerAuthentication
is used across the different OpenWISP modules for authentication.
To use it, first of all get the user token as described above in Obtain Authentication Token, then send the token in the Authorization
header:
# get token
TOKEN=$(http POST :8000/api/v1/user/token/ username=openwisp password=1234 | jq -r .token)
# send bearer token
http GET localhost:8000/api/v1/firmware/build/ "Authorization: Bearer $TOKEN"
- MultitenantAdminMixin: adding this mixin to a
ModelAdmin
class will make it multitenant. Setmultitenant_shared_relations
to the list of parameters you wish to have only organization specific options. - MultitenantOrgFilter: admin filter that shows only organizations the current user is associated with in its available choices.
- MultitenantRelatedOrgFilter: similar
MultitenantOrgFilter
but shows only objects which have a relation with one of the organizations the current user is associated with.
- Announce your intentions in the OpenWISP Mailing List
- Fork this repo and install it
- Follow PEP8, Style Guide for Python Code
- Write code
- Write tests for your code
- Ensure all tests pass
- Ensure test coverage does not decrease
- Document your changes
- Send pull request
See CHANGES.
See LICENSE.