Authentication¶
At this section you will find description about the default user abstraction and using JSON Web Token as a basic implementation for authentication.
User abstraction¶
User
class provide a very useful user abstraction, which used for
storing information about current online user. Most basic fields are defined
inside his base class – AbstractUser
.
Note
At the current release User
model used with SQLite database,
however, if necessary, you can write your own implementation for any
other database (MySQL, PostgreSQL, Oracle, DB2, etc).
-
class
aiorest_ws.auth.user.abstractions.
User
(*args, **kwargs)¶ Bases:
aiorest_ws.auth.user.abstractions.AbstractUser
Default class, which describe current user.
-
check_password
(password)¶ Check for a valid password has taken.
Parameters: password – password as a string.
-
email
¶ Get email.
-
get_fullname
()¶ Get fullname of user.
-
has_permission
(obj=None)¶ Check that user have a some permission.
Parameters: obj – permissions object derived from the AbstractPermission.
-
id
¶ Get users ID.
-
is_active
¶ Get is_active status of user.
-
is_anonymous
¶ Get is_anonymous status of user.
-
is_authenticated
()¶ Check that this user is authenticated.
-
is_staff
¶ Get is_staff status of user.
-
is_superuser
¶ Get is_superuser status of user.
-
is_user
¶ Get is_user status of user.
-
password
¶ Get password.
-
permissions
¶ Get list of permissions.
-
username
¶ Get username.
-
JSON Web Token (JWT)¶
JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret (with HMAC algorithm) or a public/private key pair using RSA. (c) jwt.io
For more details about how JSON Web Token works, his advantages and why necessary to use it, you can read there.
Also you can look on example which implement simple user registration and log-in/log out mechanism with JSON Web Tokens.
At this package provided middleware and manager classes, which used for add support JWT inside you application.
-
class
aiorest_ws.auth.token.managers.
JSONWebTokenManager
¶ Bases:
object
JSON Web Token (or shortly JWT) manager for the aiorest-ws library.
- This manager written under inspire of the articles below:
- https://scotch.io/tutorials/the-anatomy-of-a-json-web-token https://en.wikipedia.org/wiki/JSON_Web_Token
-
generate
(data, *args, **kwargs)¶ Generate token.
Parameters: - data – dictionary, which will be stored inside token.
- args – tuple of arguments.
- kwargs – dictionary of reserved JSON Web Token fields, which shall be overridden for token.
-
set_reserved_attribute
(token, attribute, value)¶ Set for token reserved attribute.
Parameters: - token – dictionary object.
- attribute – updated reserved field of JSON Web Token.
- value – initialized value.
-
verify
(token)¶ Verify passed token.
Parameters: token – validated token (as header.payload.signature).