{ "info": { "author": "Hugo Rodger-Brown", "author_email": "hugo@yunojuno.com", "bugtrack_url": null, "classifiers": [ "Environment :: Web Environment", "Framework :: Django", "Intended Audience :: Developers", "License :: OSI Approved :: MIT License", "Operating System :: OS Independent", "Programming Language :: Python", "Programming Language :: Python :: 2.7", "Topic :: Internet :: WWW/HTTP", "Topic :: Internet :: WWW/HTTP :: Dynamic Content" ], "description": "django_jwt_expiringlinks\n------------------------\n\nDjango app that uses JWT to manage one-time and expiring links to protected URLs.\n\nUse Case\n========\n\nThe primary use case for this app is authenticating users on a per-\nrequest basis, without having to log in to the site first. \n\nThe canonical example of this would be unsubscribing from mailing lists -\nyou want to be able to identify the user, and process the request,\nbut requiring the user to log in first presents a barrier.\n\nUsing JWT we can 'pre-authenticate' access to the URL.\n\nAssumptions\n===========\n\nThis is not a general purpose link-generating app - it has some implicit\nassumptions built-in:\n\n* The link is being sent to a single user\n* The recipient is a known Django User\n* The token generated will only authenticate the initial request\n* The token will *not* log the user in\n* The link is not sensitive, and contains no sensitive data\n\nImplementation\n==============\n\nThe underlying technology used is JWT - see `jwt.io `_ for more\ndetails on the specifics. The summary is that it can be used to generate a Base64 encoded and signed token based on an arbitrary JSON payload. The signature is used to ensure that the payload has not been tampered with. The payload itself is not encrypted, and can be decoded by anyone - hence ensuring that no sensitive data is included. (NB You can encrypt the token, but the base assumption is that you're not sending sensitive data, you just want to ensure that the data you receive is the same data you sent.)\n\nThe implementation within Django consists of two parts: adding the token to a URL as it leaves the app (e.g. in an email), and then validating the token when someone clicks on the link and returns to the site.\n\nIn order to add the token, you need to create a new RequestToken object, and\nthen call the ``encode`` method on it. This will return the 3-part signed JWT\n(header.payload.signature). You will need to initialise the token with the\nrecipient ``User``, and the target URL - to ensure that the token is only used\nto access the intended endpoint.\n\n..code ::python\n\n >>> from django_jwt.models import RequestToken\n >>> # create a new RequestToken, and encode the contents\n >>> token = RequestToken.objects.create_token(\n ... user=User.objects.filter(...),\n ... target_url=reverse('foobar')\n ... ).encode()\n >>> token\n 1234567.qwertyuiop.zxcvbnm\n >>>\n\nYou now have a token that is bound to a taget URL, and an intended recipient.\nIf a user (any user - remmember, we are *not* authenticating the end user) clicks on this URL, they will hit the endpoint as an unauthenticated user. If the URL requires authentication, the request will fail, as the user is not yet authenticated.\n\n.. code::python\n\n # this will fail with a 403 as the request.user is not authenticated\n @login_required\n def my_view(request):\n logging.debug(\"View is not executed\")\n\nIn order to use the JWT instead of full authentication, we must add a decorator to the view function to expand out the token, verify it (against tampering, and in line with the \"not before time\" and \"expiration time\" attributes of the token payload) and then set the user.\n\n.. code::python\n\n @use_jwt\n @login_required\n def my_view(request):\n logging.debug(\"View is executed\")\n\nThe decorator does one more important task, once the function has run - it records the use of the token - extracting the source IP and user-agent from the request (for auditing purposes), and updating the token ``use_count`` property, along with the response status_code - this enables fine-grained reporting on the use of the tokens.", "description_content_type": null, "docs_url": null, "download_url": "UNKNOWN", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/yunojuno/django-jwt-expiringlinks", "keywords": null, "license": "UNKNOWN", "maintainer": null, "maintainer_email": null, "name": "django-jwt-expiringlinks", "package_url": "https://pypi.org/project/django-jwt-expiringlinks/", "platform": "UNKNOWN", "project_url": "https://pypi.org/project/django-jwt-expiringlinks/", "project_urls": { "Download": "UNKNOWN", "Homepage": "https://github.com/yunojuno/django-jwt-expiringlinks" }, "release_url": "https://pypi.org/project/django-jwt-expiringlinks/0.1.0/", "requires_dist": null, "requires_python": null, "summary": "Django app that uses JWT to manage one-time and expiring links to protected URLs.", "version": "0.1.0" }, "last_serial": 2257919, "releases": { "0.1.0": [ { "comment_text": "built for Darwin-15.0.0", "digests": { "md5": "edef4e540484f72469cd54c1314bda64", "sha256": "56d83820ec1d87e4ce6d0316aeaf8a568edcb9e69d709dadedcf96b2a4954067" }, "downloads": -1, "filename": "django-jwt-expiringlinks-0.1.0.macosx-10.10-x86_64.tar.gz", "has_sig": false, "md5_digest": "edef4e540484f72469cd54c1314bda64", "packagetype": "bdist_dumb", "python_version": "any", "requires_python": null, "size": 22453, "upload_time": "2015-12-28T19:56:32", "url": "https://files.pythonhosted.org/packages/eb/c3/a6065bfc0f0d2422e2b0289853bf2084685d3cdaf8cf36d33929aaf5a253/django-jwt-expiringlinks-0.1.0.macosx-10.10-x86_64.tar.gz" }, { "comment_text": "", "digests": { "md5": "84ba16ae8d487c3944aaa7add51fc6a5", "sha256": "df870b983085b7e9872ae6788512adf818a1d20764ae6602231a100f6dfbc7e2" }, "downloads": -1, "filename": "django_jwt_expiringlinks-0.1.0-py2-none-any.whl", "has_sig": false, "md5_digest": "84ba16ae8d487c3944aaa7add51fc6a5", "packagetype": "bdist_wheel", "python_version": "2.7", "requires_python": null, "size": 17688, "upload_time": "2015-12-28T19:56:38", "url": "https://files.pythonhosted.org/packages/0f/b3/5b29af4afbb2b2be951b4a041cb5a70bdea56fe4d9ed8846ca5ef67a0bbb/django_jwt_expiringlinks-0.1.0-py2-none-any.whl" }, { "comment_text": "", "digests": { "md5": "6c04f46b505cba9a253b9e9d0db8ab8b", "sha256": "74c6091eda6c239d21a12c650af8a3f412edb4e8c778b8ef1e78ca0501f28e10" }, "downloads": -1, "filename": "django-jwt-expiringlinks-0.1.0.tar.gz", "has_sig": false, "md5_digest": "6c04f46b505cba9a253b9e9d0db8ab8b", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 11281, "upload_time": "2015-12-28T19:56:27", "url": "https://files.pythonhosted.org/packages/ed/91/ffcd4a86b46c68ad24e8c89cd8ae5ee93522279dd171d43742e142783133/django-jwt-expiringlinks-0.1.0.tar.gz" } ], "0.1.0.dev0": [ { "comment_text": "built for Darwin-15.0.0", "digests": { "md5": "eb71e4be9e1e3bc6a6ca2b85e503fb41", "sha256": "3f38d28ab27976ad9f23f87145478f91a718f5bc7a330c7214b7c86919a4d5d2" }, "downloads": -1, "filename": "django-jwt-expiringlinks-0.1.0.dev0.macosx-10.10-x86_64.tar.gz", "has_sig": false, "md5_digest": "eb71e4be9e1e3bc6a6ca2b85e503fb41", "packagetype": "bdist_dumb", "python_version": "any", "requires_python": null, "size": 22447, "upload_time": "2015-12-28T19:59:01", "url": "https://files.pythonhosted.org/packages/6b/3b/731cb0e304003eb3cb0292fd3deec2313a9c591e02a6a86b73fcf715c395/django-jwt-expiringlinks-0.1.0.dev0.macosx-10.10-x86_64.tar.gz" }, { "comment_text": "", "digests": { "md5": "371ecc0c2dcd023b09886d1269b21ab2", "sha256": "c96614b6f2ec37deb173bdea1994481a2eb997180b5166db257a07eab865ea8c" }, "downloads": -1, "filename": "django_jwt_expiringlinks-0.1.0.dev0-py2-none-any.whl", "has_sig": false, "md5_digest": "371ecc0c2dcd023b09886d1269b21ab2", "packagetype": "bdist_wheel", "python_version": "2.7", "requires_python": null, "size": 17751, "upload_time": "2015-12-28T19:59:14", "url": "https://files.pythonhosted.org/packages/2f/6f/97dc77b3c28f59d8b669e6299cb6ac9ec16a48ee584bf81e6405ef35d238/django_jwt_expiringlinks-0.1.0.dev0-py2-none-any.whl" }, { "comment_text": "", "digests": { "md5": "cc02e883c459f211ad2ece29452ce68c", "sha256": "6cdd282d85314d6cc0f18b46fba071f70973e90f2b43e607fcce6ddb3910f2ca" }, "downloads": -1, "filename": "django-jwt-expiringlinks-0.1.0.dev0.tar.gz", "has_sig": false, "md5_digest": "cc02e883c459f211ad2ece29452ce68c", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 11271, "upload_time": "2015-12-28T19:58:54", "url": "https://files.pythonhosted.org/packages/a3/b9/018124fe535b76bfca5eca1af566f022b64a75d79fe9ba08b9bdf1558ee3/django-jwt-expiringlinks-0.1.0.dev0.tar.gz" } ], "0.1.0.dev2": [ { "comment_text": "built for Darwin-15.2.0", "digests": { "md5": "09adf1551cc27744a930a2708db55991", "sha256": "c137302508fd7fd4aa83da6a9ab012a1c636cc7f20c2917a95a87801640b623b" }, "downloads": -1, "filename": "django-jwt-expiringlinks-0.1.0.dev2.macosx-10.11-intel.tar.gz", "has_sig": false, "md5_digest": "09adf1551cc27744a930a2708db55991", "packagetype": "bdist_dumb", "python_version": "any", "requires_python": null, "size": 22392, "upload_time": "2015-12-29T13:59:06", "url": "https://files.pythonhosted.org/packages/6d/50/9390e8dc85410c9e1baa0c68a820531af61699e26d97d0cf5fcf7781e585/django-jwt-expiringlinks-0.1.0.dev2.macosx-10.11-intel.tar.gz" }, { "comment_text": "", "digests": { "md5": "24f10cf21edb596eb6fdbf7e3980f777", "sha256": "1e881719238dfb520a3e5683b245a8559e8013da9d7fec4f5e8d1014789d9b9b" }, "downloads": -1, "filename": "django_jwt_expiringlinks-0.1.0.dev2-py2-none-any.whl", "has_sig": false, "md5_digest": "24f10cf21edb596eb6fdbf7e3980f777", "packagetype": "bdist_wheel", "python_version": "2.7", "requires_python": null, "size": 18437, "upload_time": "2015-12-29T13:59:12", "url": "https://files.pythonhosted.org/packages/d8/82/036396de9542d03b8e74f5aff4f7130d354ea70d8934926e2b72cccf654f/django_jwt_expiringlinks-0.1.0.dev2-py2-none-any.whl" }, { "comment_text": "", "digests": { "md5": "84af61a16d95ee83ef29691915f798e9", "sha256": "99b04bf2f2765c98ae55770c4220256396e25801bd111a3956cc474b3686a66c" }, "downloads": -1, "filename": "django-jwt-expiringlinks-0.1.0.dev2.tar.gz", "has_sig": false, "md5_digest": "84af61a16d95ee83ef29691915f798e9", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 11307, "upload_time": "2015-12-29T13:59:01", "url": "https://files.pythonhosted.org/packages/21/c8/978b4b0ad6a704371676db3e863ca43cce5f80b1e5bdc28211361d74d221/django-jwt-expiringlinks-0.1.0.dev2.tar.gz" } ], "0.2.0-dev": [ { "comment_text": "", "digests": { "md5": "6589b858035f83c8e4c563b9922d596b", "sha256": "d29b52a14cd6e88768707eea582b88d8d6feb947837ca976e86c327f3a1d4229" }, "downloads": -1, "filename": "django-jwt-expiringlinks-0.2.0-dev.tar.gz", "has_sig": false, "md5_digest": "6589b858035f83c8e4c563b9922d596b", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 14369, "upload_time": "2016-01-04T21:46:35", "url": "https://files.pythonhosted.org/packages/2f/4f/2a971b2c826ae2d392017f4108306ef4d87beb467a76f197d3c46a640f46/django-jwt-expiringlinks-0.2.0-dev.tar.gz" } ] }, "urls": [ { "comment_text": "built for Darwin-15.0.0", "digests": { "md5": "edef4e540484f72469cd54c1314bda64", "sha256": "56d83820ec1d87e4ce6d0316aeaf8a568edcb9e69d709dadedcf96b2a4954067" }, "downloads": -1, "filename": "django-jwt-expiringlinks-0.1.0.macosx-10.10-x86_64.tar.gz", "has_sig": false, "md5_digest": "edef4e540484f72469cd54c1314bda64", "packagetype": "bdist_dumb", "python_version": "any", "requires_python": null, "size": 22453, "upload_time": "2015-12-28T19:56:32", "url": "https://files.pythonhosted.org/packages/eb/c3/a6065bfc0f0d2422e2b0289853bf2084685d3cdaf8cf36d33929aaf5a253/django-jwt-expiringlinks-0.1.0.macosx-10.10-x86_64.tar.gz" }, { "comment_text": "", "digests": { "md5": "84ba16ae8d487c3944aaa7add51fc6a5", "sha256": "df870b983085b7e9872ae6788512adf818a1d20764ae6602231a100f6dfbc7e2" }, "downloads": -1, "filename": "django_jwt_expiringlinks-0.1.0-py2-none-any.whl", "has_sig": false, "md5_digest": "84ba16ae8d487c3944aaa7add51fc6a5", "packagetype": "bdist_wheel", "python_version": "2.7", "requires_python": null, "size": 17688, "upload_time": "2015-12-28T19:56:38", "url": "https://files.pythonhosted.org/packages/0f/b3/5b29af4afbb2b2be951b4a041cb5a70bdea56fe4d9ed8846ca5ef67a0bbb/django_jwt_expiringlinks-0.1.0-py2-none-any.whl" }, { "comment_text": "", "digests": { "md5": "6c04f46b505cba9a253b9e9d0db8ab8b", "sha256": "74c6091eda6c239d21a12c650af8a3f412edb4e8c778b8ef1e78ca0501f28e10" }, "downloads": -1, "filename": "django-jwt-expiringlinks-0.1.0.tar.gz", "has_sig": false, "md5_digest": "6c04f46b505cba9a253b9e9d0db8ab8b", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 11281, "upload_time": "2015-12-28T19:56:27", "url": "https://files.pythonhosted.org/packages/ed/91/ffcd4a86b46c68ad24e8c89cd8ae5ee93522279dd171d43742e142783133/django-jwt-expiringlinks-0.1.0.tar.gz" } ] }