Задать вопрос

Тел: +7 965 3737 888





HTTP basic auth decorator

<p>This is a somewhat simpler alternative to <a href="http://foothold.ru/knowledge/detail/view-by-view-basic-authentication-decorator.html">http://foothold.ru/knowledge/detail/view-by-view-basic-authentication-decorator.html</a> that does not return a 401 response. It's meant to be used along with the login_required decorator as an alternative way to authenticate to REST-enabled views.</p>
def my_view(request):

<p>If an HTTP basic auth header is provided, the request will be authenticated before the login_required check happens. Otherwise, the normal redirect to login page occurs.</p>

Вопрос полезен? Да0/Нет0

Ответы (3):

Ответ полезен? Да0/Нет0

If there is no such entry: request.META['HTTP_AUTHORIZATION'] and you use Django on Apache, READ THIS: http://stackoverflow.com/questions/13387516/authorization-header-missing-in-django-rest-framework-is-apache-to-blame Apache in default deletes HTTP_AUTHORIZATION header for CGI.

Ответ полезен? Да0/Нет0

Snippet 243 should definitely be used for REST-only views, there's nothing wrong with it.

The views I am applying this to will be mainly serving HTML to users, and XML/JSON to REST apps if they request it. I don't want normal users getting a 401 (and browser requesting credentials) if they navigate to a page while not logged in. REST apps probably won't like the redirect either, but I'm just more concerned about the experience for humans in this case.

Ответ полезен? Да0/Нет0

?? So if you fail the basic auth popup, it redirects to the web based login? How are REST apps going to like that?

What's wrong with snippet 243?