0

django-rest-framework makes use of django.contrib.auth for authentication and authorization (as stated in the django-rest-framework authentication api guide)

However, no-where in the documentation does it talk about how users are actually authenticated using the rest-framework

By default the django.contrib.auth views will respond with a server-side rendered login form.

However, if using a client-side framework such as AngularJs this is not desired - you simply want an api endpoint against which you can authenticate.

Questions:

  • Is there django-rest-framework documentation I am somehow missing which explains how user authentication is done-out-of-the-box?

  • Does an out-of-the-box solution even exist?

  • If not, what is the recommended way of achieving this with minimal reinvention of the wheel?

Steve Lorimer
  • 22,912
  • 14
  • 99
  • 180
  • possible duplicate of [How to use Basic Auth and Jquery and Ajax](http://stackoverflow.com/questions/5507234/how-to-use-basic-auth-and-jquery-and-ajax) – Martin B. Oct 14 '14 at 09:12

2 Answers2

0

lets say that you have login view:

Note: with this method you have to assure SSL/TLS because username and password are sending as plain text. 

import json
import requests

def login(request):
    if request.method == "POST":
        username = request.POST['username']
        password = request.POST['password']
        login_url = 'http://your_url:port/rest-api/login/'
        response = requests.post(login_url, data={'username': username, 'password': password})
        response = json.loads(response.text)
        if response.status_code == 200:
            return render_to_response("login.html", {"success": True}, RequestContext(request))

your view in rest-api:

from django.contrib.auth.backends import ModelBackend as DjangoModelBackend

def login(request):
    response = base_response.copy()
    username = request.DATA.get('username', '')
    password = request.DATA.get('password', '')

    user = DjangoModelBackend().authenticate(username=email, password=password)
    if user is not None:
        response["message"] = "Authenticated"
    else:
        response["message"] = "Login Failed"

    return Response(response)

and here is the part of ModelBackend

from django.contrib.auth import get_user_model

class ModelBackend(object):

def authenticate(self, username=None, password=None, **kwargs):
    UserModel = get_user_model()
    if username is None:
        username = kwargs.get(UserModel.USERNAME_FIELD)
    try:
        user = UserModel._default_manager.get_by_natural_key(username)
        if user.check_password(password):
        return user
    except UserModel.DoesNotExist:
        return None
Sasa
  • 1,072
  • 1
  • 15
  • 24
0

You don't usually go through login forms when authenticating yourself at an API endpoint - you either use an API token or send the authentication credentials through a header, see How to use Basic Auth with jQuery and AJAX? on how to do that.

Community
  • 1
  • 1
Martin B.
  • 1,858
  • 12
  • 23