Django: Basic Auth for one view (avoid middleware)

前端 未结 4 1171
星月不相逢
星月不相逢 2021-02-18 23:46

I need to provide http-basic-auth to one view.

I want to avoid modifying the middleware settings.

Background: This is a view which gets fil

4条回答
  •  慢半拍i
    慢半拍i (楼主)
    2021-02-19 00:09

    You can try a custom decorator (as seems to be the recommended way here and here) instead of adding new middleware:

    my_app/decorators.py:

    import base64
    
    from django.http import HttpResponse
    from django.contrib.auth import authenticate
    from django.conf import settings
    
    
    def basicauth(view):
        def wrap(request, *args, **kwargs):
            if 'HTTP_AUTHORIZATION' in request.META:
                auth = request.META['HTTP_AUTHORIZATION'].split()
                if len(auth) == 2:
                    if auth[0].lower() == "basic":
                        uname, passwd = base64.b64decode(auth[1]).decode(
                            "utf8"
                        ).split(':', 1)
                        user = authenticate(username=uname, password=passwd)
                        if user is not None and user.is_active:
                            request.user = user
                            return view(request, *args, **kwargs)
            
            response = HttpResponse()
            response.status_code = 401
            response['WWW-Authenticate'] = 'Basic realm="{}"'.format(
                settings.BASIC_AUTH_REALM
            )
            return response
        return wrap
    

    Then use this to decorate your view:

    from my_app.decorators import basicauth
    
    
    @basicauth
    def my_view(request):
        ...
    

提交回复
热议问题