Metadata-Version: 2.1
Name: drf-authentify
Version: 0.3.11
Summary: A simple authentication module for django rest framework
Author: Gabriel Idenyi
License: BSD 3-Clause License
        
        Copyright (c) 2024, Idenyi Gabriel
        
        Redistribution and use in source and binary forms, with or without
        modification, are permitted provided that the following conditions are met:
        
        1. Redistributions of source code must retain the above copyright notice, this
           list of conditions and the following disclaimer.
        
        2. Redistributions in binary form must reproduce the above copyright notice,
           this list of conditions and the following disclaimer in the documentation
           and/or other materials provided with the distribution.
        
        3. Neither the name of the copyright holder nor the names of its
           contributors may be used to endorse or promote products derived from
           this software without specific prior written permission.
        
        THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
        AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
        IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
        DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
        FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
        DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
        SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
        CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
        OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
        OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
        
Project-URL: Homepage, https://github.com/idenyigabriel/drf-authentify
Project-URL: Documentation, https://github.com/idenyigabriel/drf-authentify/blob/main/README.md
Project-URL: Repository, https://github.com/idenyigabriel/drf-authentify
Project-URL: Issues, https://github.com/idenyigabriel/drf-authentify/issues
Project-URL: Changelog, https://github.com/idenyigabriel/drf-authentify/blob/main/CHANGELOG.md
Keywords: django,djangorestframework,drf,authentication
Classifier: Development Status :: 4 - Beta
Classifier: Environment :: Web Environment
Classifier: Framework :: Django
Classifier: Framework :: Django :: 3.2
Classifier: Framework :: Django :: 4.2
Classifier: Framework :: Django :: 5.0
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: BSD License
Classifier: Natural Language :: English
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3 :: Only
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Topic :: Internet :: WWW/HTTP
Classifier: Topic :: Internet :: WWW/HTTP :: Session
Requires-Python: >=3.8
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: Django>=3.2
Requires-Dist: djangorestframework>=3.1

# DRF Authentify Documentation

<br />

[![Build Status](https://github.com/idenyigabriel/drf-authentify/actions/workflows/test.yml/badge.svg)](https://github.com/idenyigabriel/drf-authentify/actions/workflows/test.yml)
<br/>

[drf-authentify](https://github.com/idenyigabriel/drf-authentify) is a near splitting replica of the simple django rest framework default token system, except better.

The major difference between `django rest framework` default token and `drf-authentify` are:

- `drf-authentify` allows multiple tokens per users
- `drf-authentify` adds extra security layer by using access validation
- bonus: drf-authentify provides utility methods to handle common use cases.

drf authentify aims to be as simple as possible, while providing a great set of features to meet your authentication demands without enforcing a certain pattern to your application flow.


## Requirements

- Python >=3.8
- Django >=3.2
- djangorestframework 3


## Installation

Installation is easy using `pip` and will install all required libraries

```python
$ pip install drf-authentify
```

Then add the `drf-authentify` to your project by including the app to your `INSTALLED_APPS`.

The app should preferably go somewhere after your regular apps.

```python
INSTALLED_APPS = (
    ...
    'drf_authentify'
)
```

`drf-authentify` adds a model to your admin section called AuthToken, with this you can view and manage all tokens created on your applications. We already have a nice setup for you on django admin section.

Finally migrate all database entries.

```
$ python3 manage.py migrate
```


## Global Configuration

For a one type fits all case, you can globally alter the following settings, or leave the default as it is.

```python
DRF_AUTHENTIFY = {
    "COOKIE_KEY": "token", 
    "TOKEN_EXPIRATION": 3000,
    "ENABLE_AUTH_RESTRICTION": False,
    "ALLOWED_HEADER_PREFIXES": ["bearer", "token"],
}
```

## Customizing Tokens

- ALLOWED_HEADER_PREFIXES: Here you can provide a list of prefixes that are allowed for your authentication header. We will validate this when you apply our authentication scheme `drf_authentify.auth.TokenAuthentication` as shown below.

- COOKIE_KEY: With this, you can customize what key we should use to retrieve your authentication cookie frmo each request. We will also validate this when you apply our authentication scheme `drf_authentify.auth.CookieAuthentication` as shown below.

- TOKEN_EXPIRATION: With this you can globally set the duration of each token generated, this can also be set per view, as you would see below.

- ENABLE_AUTH_RESTRICTION: This can be used to disable/enable checks for authorization channels (cookie or authorization header). 

> **Note:**
> Do not forget to add custom header prefixes to your cors-header as this could cause cors errors.


## Creating Tokens

Two utility methods have been provided for you to leverage for creating or generating user tokens on `drf-authentify`. For ease, they are attached to the AuthToken model class.

```python
from drf_authentify.models import AuthToken

def sample_view(request, *arg, **kwargs):
    token = AuthToken.generate_cookie_token(user, context=None, expires=3000)

def sample_view(request, *arg, **kwargs):
    token = AuthToken.generate_header_token(user, context=None, expires=3000)

```

`drf-authentify` allows you to save contexts alongside your tokens if you need to, also feel free to alter the duration of a token validity using the expires parameters, we'll use the globally set `TOKEN_EXPIRATION` or default if none is provided.


## Deleting Tokens

To delete tokens, simply use one of the three utility methods provides on the AuthToken class.

```python
from drf_authentify.utils import clear_request_tokens, delete_request_token, clear_expired_tokens, clear_user_tokens

# Remove single token based on request authenticated user
delete_request_token(request) 

# Remove all user tokens based on request authenticated user
clear_request_tokens(request) 

# Remove all tokens for user
clear_user_tokens(user) 

# Remove all expired tokens
clear_expired_tokens()
```


## Authentication Schemes

drf authentify provides you with two authentication classes to cover for both broad type of tokens you can generate. These are very import in django rest framework, and can be used either globally or per view.

```python
REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': [
        'drf_authentify.auth.CookieAuthentication',
        'drf_authentify.auth.TokenAuthentication',
    ]
}
```

By adding this, you can appriopriately check for authentication status and return the user on the request object.

> **Note:**
> For convenience, you can access the current token object in your authenticated view through request.auth, this would allow easy access context which can be used to store authorization scope and other important data.
