Metadata-Version: 1.1
Name: django-fost-authn
Version: 0.3.5
Summary: HTTP SHA1 HMAC authentication backend for Django
Home-page: https://github.com/Felspar/django-fost-authn
Author: Kirit Saelensminde
Author-email: kirit@felspar.com
License: Boost Software License - Version 1.0 - August 17th, 2003
Description: Django Fost Authentication
        ==========================
        
        An authentication back-end for Django implementing request signing using
        strong cryptography. It is based on the request signing mechanism
        implemented by Amazon for s3.
        
        Both requests and URLs can be signed. Request signing are used where the
        user agent itself is able to perform the signing (i.e. it knows the API
        key and secret). URL signing is used where a authentication needs to be
        delegated to a user agent not capable (or not trusted) to sign the
        request.
        
        To use in a Django project
        ==========================
        
        Add the git repository to your pip install file and then use:
        
        ::
        
            pip install -r setup.pip
        
        To your settings.py you need to add the middleware. It doesn't matter
        where in the middleware list it is added:
        
        ::
        
            MIDDLEWARE_CLASSES = (
                'django.middleware.common.CommonMiddleware',
                'django.contrib.sessions.middleware.SessionMiddleware',
                'django.middleware.csrf.CsrfViewMiddleware',
                'django.contrib.auth.middleware.AuthenticationMiddleware',
                'django.contrib.messages.middleware.MessageMiddleware',
                'fost_authn.Middleware',
            )
        
        Unless you've already added a custom authentication backend your
        settings.py probably doesn't already have the authentication backends
        set on it. The following will enable the normal Django authentication
        (forms/session based) and the Fost authentication:
        
        ::
        
            AUTHENTICATION_BACKENDS = (
                'django.contrib.auth.backends.ModelBackend',
                'fost_authn.FostBackend',
            )
        
        In order to be able to authenticate requests the authentication backend
        needs to know how to map API keys to secrets and to users.
        
        Finding a secret from an API key is done by giving a function to the
        FOST\_AUTHN\_GET\_SECRET setting. If this is not configured then the
        default implementation will use a SHA1 hash of the user's password
        field. This ensures that the secret will change even if the user changes
        their password to the same as it was due to the change in the salt
        stored in the field.
        
        The following is an example of what can be put in the settings.py.
        
        ::
        
            def FOST_AUTHN_GET_SECRET(request, key):
                from myapp.models import api_keys
                return api_keys.objects.get(key=key).secret
        
        Changes to existing Django classes
        ----------------------------------
        
        After installing the authentication middleware the Django HttpRequest
        object is augmented with a new member, SIGNED, which is a ``dict``
        holding the signed request header members. If the request has not been
        properly signed this ``dict`` will be empty.
        
        Optional settings
        -----------------
        
        FOST\_AUTHN\_MISSIGNED\_SLEEP\_TIME
        
        The amount of time to sleep when a FOST Authorization header is
        incorrect. Defaults to 0.5 seconds.
        
        FOST\_AUTHN\_MAXIMUM\_CLOCK\_SKEW
        
        The maximum allowed difference between the time when the request was
        signed and the time on the server. Defaults to 300 seconds.
        
        Signing requests
        ================
        
        In order to authenticate against the back end requests must be properly
        signed. \`fost\_auth.signature' includes two functions for doing this
        that can be used.
        
        ``fost_hmac_request_signature(secret, method, path, timestamp, headers = {}, body = '')``
        -----------------------------------------------------------------------------------------
        
        The headers are in the form of a dict giving the header name and values.
        The function returns both the signature and the document that was
        signed.
        
        It is the responsibility of the caller to correctly place the header
        values into the request object that is to be used, including the
        ``Authorization`` header.
        
        Running tests
        =============
        
        For best results create a virtualenv, then initialise it with test.pip.:
        
        ::
        
            mkvirtualenv django-fost-authn
            pip install -r test.pip
        
        Run the tests using:
        
        ::
        
            ./runtest
        
        
Keywords: django authentication hmac sha1 fost
Platform: UNKNOWN
Classifier: Development Status :: 3 - Alpha
Classifier: Framework :: Django
Classifier: Intended Audience :: Developers
Classifier: Programming Language :: Python
Classifier: Topic :: Software Development :: Libraries :: Python Modules
Classifier: License :: OSI Approved
