django-forceauth
A Django package that force authentication requirement by default on every single endpoint.
Why 'Secure by Design' ?
Usage
First and foremost, you need to add forceauth.ForceAuthenticationMiddleware middleware right after AuthenticationMiddleware. This is important.
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'forceauth.ForceAuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
Usage of publicly_accessible_endpoint decorator for function based views.
from forceauth import publicly_accessible_endpoint
@publicly_accessible_endpoint
def home(request):
...
return render(request, 'home.html', context={})
Usage of PubliclyAccessibleEndpointMixin mixin for class based views.
from forceauth import PubliclyAccessibleEndpointMixin
from django.contrib.auth.views import LoginView
class AuthLoginView(LoginView, PubliclyAccessibleEndpointMixin):
pass
For example, let's say that you are using LoginView CBV for your authentication mechanism. But ForceAuthenticationMiddleware middlware will redirect user back to login because LoginView does not have PubliclyAccessibleEndpointMixin. So you just need to inherit LoginView and call mixin :)