{ "info": { "author": "Marc Gibbons", "author_email": "marc_gibbons@rogers.com", "bugtrack_url": null, "classifiers": [ "Development Status :: 4 - Beta", "Environment :: Web Environment", "Framework :: Django", "Framework :: Django :: 1.10", "Framework :: Django :: 1.11", "Framework :: Django :: 1.8", "Framework :: Django :: 1.9", "Intended Audience :: Developers", "License :: OSI Approved :: BSD License", "Operating System :: OS Independent", "Programming Language :: Python", "Programming Language :: Python :: 2", "Programming Language :: Python :: 2.7", "Programming Language :: Python :: 3", "Programming Language :: Python :: 3.6", "Topic :: Internet :: WWW/HTTP" ], "description": "DRF Signed Auth\n===============\n\nA stateless authentication backend intended to temporarily expose\nprotected resources.\n\n|Build Status| |Code Coverage|\n\nWhy?\n----\n\nThe motivation for this package comes from a frequent project\nrequirement to directly download served by the API in formats like CSV\nor Excel within the context of a single-page-application.\n\nWithin this context, authentication cannot be achieved using HTTP\nHeaders, as the resource is accessed directly through a URL via an\n```` tag. Therefore, a temporary signature passed in the query string\nmust be used to authenticate the request.\n\nThis package uses Django's cryptographic signing to produce a\nshort-lived signature. It provides a view used to produce the signature\nand a DRF authentication backend.\n\nIs this secure?\n---------------\n\nUse this backend with caution and sparingly. Anyone with a copy of the\nsigned URL will be able to access a protected resource, so keep the\nexpiry time short (see settings), and ensure that the Django\n``SECRET_KEY`` setting is kept private.\n\nRequirements\n------------\n\n- Python 2.7 / 3.6\n- Django 1.8, 1.9, 1.10, 1.11\n- Django REST Framework 3.6, 3.7\n\nInstallation\n------------\n\n``pip install drf-signed-auth``\n\nQuick start\n-----------\n\nRegister the SignUrlView in ``urls.py``\n\n.. code:: python\n\n # urls.py\n\n from django.conf.urls import url\n from drf_signed_auth.views import SignUrlView\n\n\n urlpatterns = [\n ...\n url(r'^sign-url/$', SignUrlView.as_view(), name='sign-url'),\n ...\n ]\n\nUse the authentication backend on the view you wish to expose.\n\n.. code:: python\n\n # views.py\n from drf_signed_auth.authentication import SignedURLAuthentication\n from rest_framework.permissions import IsAuthenticated\n from rest_framework.views import APIView\n\n\n class MyCSVView(APIView):\n ...\n authentication_classes = [SignedURLAuthentication]\n permission_classes = [IsAuthenticated]\n ...\n\nUsage\n-----\n\nObtain the signature by making a POST request to the Sign URL endpoint,\nand provide the ``url`` of the endpoint you wish to access. This can be\na relative or absolute path.\n\nExample\n~~~~~~~\n\n::\n\n # Request\n POST /sign-url HTTP/1.1\n HOST your.api.host\n Content-Type: application/json\n\n {\"url\": \"/path\"}\n\n\n # Response\n http://your.api.host/path?sig=xxxxxxxxxxxxxxx\n\nThe returned URL will be valid for the time specified by the\n``SIGNED_URL_TTL``.\n\nSettings\n--------\n\nThe following settings may be configured in your project's\n``settings.py``\n\n+------+------+------+\n| Sett | Desc | Defa |\n| ing | ript | ult |\n| | ion | |\n+======+======+======+\n| ``SI | The | ``30 |\n| GNED | time | `` |\n| _URL | in | (sec |\n| _TTL | seco | onds |\n| `` | nds | ) |\n| | for | |\n| | whic | |\n| | h | |\n| | the | |\n| | sign | |\n| | atur | |\n| | e | |\n| | is | |\n| | vali | |\n| | d | |\n+------+------+------+\n| ``SI | The | ``si |\n| GNED | quer | g`` |\n| _URL | ystr | |\n| _QUE | ing | |\n| RY_P | vari | |\n| ARAM | able | |\n| `` | name | |\n+------+------+------+\n| ``SI | Perm | ``[r |\n| GNED | issi | est_ |\n| _URL | on | fram |\n| _PER | clas | ewor |\n| MISS | ses | k.pe |\n| ION_ | on | rmis |\n| CLAS | the | sion |\n| SES` | sign | s.Is |\n| ` | ed | Auth |\n| | URL | enti |\n| | view | cate |\n| | | d]`` |\n+------+------+------+\n\n.. |Build Status| image:: https://travis-ci.org/marcgibbons/drf_signed_auth.png?branch=master\n :target: https://travis-ci.org/marcgibbons/drf_signed_auth\n.. |Code Coverage| image:: https://codecov.io/gh/marcgibbons/drf_signed_auth/branch/master/graph/badge.svg\n :target: https://codecov.io/gh/marcgibbons/drf_signed_auth\n\n\n", "description_content_type": null, "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/marcgibbons/drf_signed_auth", "keywords": "", "license": "BSD", "maintainer": "", "maintainer_email": "", "name": "drf-signed-auth", "package_url": "https://pypi.org/project/drf-signed-auth/", "platform": "", "project_url": "https://pypi.org/project/drf-signed-auth/", "project_urls": { "Homepage": "https://github.com/marcgibbons/drf_signed_auth" }, "release_url": "https://pypi.org/project/drf-signed-auth/0.1.1/", "requires_dist": [ "furl (>=1.0.1)" ], "requires_python": "", "summary": "Sign and authenticate signed URLs for one-time use", "version": "0.1.1" }, "last_serial": 3274055, "releases": { "0.1.1": [ { "comment_text": "", "digests": { "md5": "1adf98d7519aaf413e7b2b28c76ff36e", "sha256": "7b36f6e2fa59dcba72ae7f37b4cdca46bfe6dcb96859a4c57e549bd6e92e2a28" }, "downloads": -1, "filename": "drf_signed_auth-0.1.1-py3-none-any.whl", "has_sig": false, "md5_digest": "1adf98d7519aaf413e7b2b28c76ff36e", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 13098, "upload_time": "2017-10-24T03:56:10", "url": "https://files.pythonhosted.org/packages/65/54/fc71d580c985dbcf9439146c64028ebefdefaa31f85857062c30fbe55b54/drf_signed_auth-0.1.1-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "95b82a410b27918f37ccb37cd6c3c79b", "sha256": "9cfdd0facbb0f6c4772e62feebabb521ccf8c603190619ce94441e8b32915298" }, "downloads": -1, "filename": "drf_signed_auth-0.1.1.tar.gz", "has_sig": false, "md5_digest": "95b82a410b27918f37ccb37cd6c3c79b", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 5683, "upload_time": "2017-10-24T03:56:13", "url": "https://files.pythonhosted.org/packages/44/aa/14bf21a401d36bac6511a75e9128cb6ea6ac9271475d7904af50adef2bc3/drf_signed_auth-0.1.1.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "1adf98d7519aaf413e7b2b28c76ff36e", "sha256": "7b36f6e2fa59dcba72ae7f37b4cdca46bfe6dcb96859a4c57e549bd6e92e2a28" }, "downloads": -1, "filename": "drf_signed_auth-0.1.1-py3-none-any.whl", "has_sig": false, "md5_digest": "1adf98d7519aaf413e7b2b28c76ff36e", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 13098, "upload_time": "2017-10-24T03:56:10", "url": "https://files.pythonhosted.org/packages/65/54/fc71d580c985dbcf9439146c64028ebefdefaa31f85857062c30fbe55b54/drf_signed_auth-0.1.1-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "95b82a410b27918f37ccb37cd6c3c79b", "sha256": "9cfdd0facbb0f6c4772e62feebabb521ccf8c603190619ce94441e8b32915298" }, "downloads": -1, "filename": "drf_signed_auth-0.1.1.tar.gz", "has_sig": false, "md5_digest": "95b82a410b27918f37ccb37cd6c3c79b", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 5683, "upload_time": "2017-10-24T03:56:13", "url": "https://files.pythonhosted.org/packages/44/aa/14bf21a401d36bac6511a75e9128cb6ea6ac9271475d7904af50adef2bc3/drf_signed_auth-0.1.1.tar.gz" } ] }