Junhong Kim

Python, Rust, React, and Pytorch.

1 minute read

Authentication

In today’s post, we will look through test-level authentication with a get request. Since it uses the get request, the login id and password will be exposed in the URL. It’s not a good manner when we build a production-ready service. If you want to see changes in a hurry, please visit the follow link.

This post is followed by this article.

Code snippet of using BaseAuthentication

# polls/api_authentication.py
from django.contrib.auth import authenticate

from rest_framework import authentication
from rest_framework import exceptions as e


class AdminOnlyAuth(authentication.BaseAuthentication):
    def authenticate(self, request):
        try:
            username = request.query_params.get('username')
            password = request.query_params.get('password')
            user = authenticate(username=username, 
            password=password)
        if user is None:
            raise e.AuthenticationFailed('No such user!')
        return (user, None)
    except:
        raise e.AuthenticationFailed('No such user!')

The code finds the username and password from the request parameter. If it’s possible to login, it will provide a valid result. Here in the authenticate function, it should return authentication with permission for that user. If the user can’t valid username or password, simply return the error message.

# mysite/settings.py
REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'polls.api_authentication.AdminOnlyAuth',
    )
}

If you want to add the authentication feature in the view directly, you can assign using the authentication_classes. The below shows that. So, when we query to question view set, it will check the authentication.

On the other hand, if we want to make it globally, then please check the above code. Since this is a global setting, it should be in the project-level configuration file.

# polls/api_views.py
from .api_authentication import AdminOnlyAuth


class QuestionViewSet(viewsets.ModelViewSet):
    authentication_classes = (AdminOnlyAuth,)
    queryset = Question.objects.all().order_by('-pub_date')
    serializer_class = QuestionSerializer

Leave a comment

You may also enjoy