Skip to content

dimagi/django-digest

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

154 Commits

django_digest

django_digest

 
 

.gitignore

.gitignore

 
 

.hgignore

.hgignore

 
 

AUTHORS

AUTHORS

 
 

LICENSE

LICENSE

 
 

README

README

 
 

bootstrap.py

bootstrap.py

 
 

buildout.cfg

buildout.cfg

 
 

setup.py

setup.py

 
 

Repository files navigation

Visit http://bitbucket.org/akoha/django-digest/ for further information.

This library facilitates the implementation of HTTP Digest Authentication for Django projects.

It supplies a middleware (HttpDigestMiddleware) that may installed to protect access to all
URLs, a decorator (@httpdigest) that may be applied to selected view functions, and a simple
class (HttpDigestAuthenticator) that can be used to implement custom authentication scenarios.

The following settings may be defined in your Django settings file. Sensible defaults are
provided as well.

DIGEST_ENFORCE_NONCE_COUNT (True):
    Whether the nonce-count supplied by the client is required to increase with each request.
DIGEST_REALM (DJANGO):
    The realm value to use.
DIGEST_NONCE_TIMEOUT_IN_SECONDS (5*60):
    The maximum time between the generation of a nonce and the initiation of a session with
    that nonce.
DIGEST_REQUIRE_AUTHENTICATION (False):
    If True, the middleware will require all requests to be authenticated. Otherwise, the
    middleware only performs authentication after intercepting a 401/403 response from the view.
DIGEST_ACCOUNT_BACKEND ('django_digest.backend.db.AccountStorage'):
    A class responsible for managing access to users and their credentials. Must implement:
      * get_partial_digest(self, username):
            Returns H(username:realm:password) or None
      * get_user(self, username):
            Returns an object representing the specified user, or None. This object will be
	    stored in request.user upon successful authentication.
DIGEST_NONCE_BACKEND ('django_digest.backend.db.NonceStorage')
    A class responsible for managing session information. Must implement:
      * update_existing_nonce(self, user, nonce, nonce_count):
          Called upon successful authentication of the specified user (as returned from the
	  account backend's get_user method) with the specified nonce and nonce_count.
	  If the nonce-count is not being enforced, nonce_count will be None. This method should
	  return True if the nonce is already associated with the specifed user (only) and the
	  nonce_count is greater than all previous nonce-counts for the same nonce (or is None)
	  or False otherwise.
      * store_nonce(self, user, nonce, nonce_count):
          Called upon successful authentication of the specified user (as returned from the
	  account backend's get_user method) if update_existing_nonce returns False. If the
	  nonce-count is not being enforced, nonce_count will be None. This method should return
	  True if the nonce is not already associated with any user.

About

No description, website, or topics provided.

Resources

Readme

License

BSD-3-Clause license
Activity
Custom properties

Stars

4 stars

Watchers

29 watching

Forks

8 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 16

+ 2 contributors

Languages