Authentication
By default, ESSArch is configured with the following authentication schemes:
AUTHENTICATION_BACKENDS = [
'django.contrib.auth.backends.ModelBackend',
'ESSArch_Core.auth.backends.GroupRoleBackend',
'guardian.backends.ObjectPermissionBackend',
]
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework.authentication.SessionAuthentication',
'rest_framework.authentication.BasicAuthentication',
'knox.auth.TokenAuthentication',
)
}
This can be altered in the local configuration file.
Token Authentication
With knox.auth.TokenAuthentication
enabled, HTTP Token
Auth can be used to authenticate the user in API requests.
Get token
POST /api/auth/token_login/ HTTP/1.1
Host: localhost
Accept: application/json
Content-Type: application/json
{
"username": "admin",
"password": "admin"
}
curl -i -X POST https://localhost/api/auth/token_login/ -H "Accept: application/json" -H "Content-Type: application/json" --data-raw '{"password": "admin", "username": "admin"}'
HTTP/1.1 200 OK
Content-Type: application/json
{
"expiry":"2023-03-18T02:26:11.639928+01:00",
"token":"b6e06b94162ab7ddbc03ea81ae70cca1e654fd6"
}
Use token in request
GET /api/me/ HTTP/1.1
Host: localhost
Accept: application/json
Authorization: Token b6e06b94162ab7ddbc03ea81ae70cca1e654fd6
curl -i -X GET https://localhost/api/me/ -H "Accept: application/json" -H "Authorization: Token b6e06b94162ab7ddbc03ea81ae70cca1e654fd6"
HTTP/1.1 200 OK
Content-Type: application/json
{
"url": "https://localhost/api/me/",
"id": 4,
"username": "admin",
"first_name": "Firstname",
"last_name": "Lastname",
"email": "admin@example.com",
"organizations": [
{
"id": 1,
"name": "Default",
"group_type": 1
}
],
"is_staff": true,
"is_active": true,
"is_superuser": false,
"last_login": "2018-09-28T08:34:25.905182+02:00",
"date_joined": "2018-08-04T17:54:42+02:00",
"permissions": [
"ip.get_from_storage_as_new",
"ip.delete_archived",
"ip.delete_last_generation",
"storage.storage_migration",
"profiles.add_profile",
"ip.diff-check",
"tags.create_archive"
],
"user_permissions": [],
"ip_list_columns": [
"label",
"object_identifier_value",
"start_date",
"end_date",
"delete"
],
"ip_list_view_type": "ip",
"file_browser_view_type": "grid",
"current_organization": {
"id": 1,
"name": "Default",
"group_type": 1
},
"notifications_enabled": true
}
Basic Authentication
With rest_framework.authentication.BasicAuthentication
enabled, HTTP Basic
Auth can be used to authenticate the user in API requests.
GET /api/me/ HTTP/1.1
Host: localhost
Accept: application/json
Authorization: Basic YWRtaW46YWRtaW4=
curl -i -X GET https://localhost/api/me/ -H "Accept: application/json" --user admin:admin
HTTP/1.1 200 OK
Content-Type: application/json
{
"url": "http://localhost/api/me/",
"id": 4,
"username": "admin",
"first_name": "Firstname",
"last_name": "Lastname",
"email": "admin@example.com",
"organizations": [
{
"id": 1,
"name": "Default",
"group_type": 1
}
],
"is_staff": true,
"is_active": true,
"is_superuser": false,
"last_login": "2018-09-28T08:34:25.905182+02:00",
"date_joined": "2018-08-04T17:54:42+02:00",
"permissions": [
"ip.get_from_storage_as_new",
"ip.delete_archived",
"ip.delete_last_generation",
"storage.storage_migration",
"profiles.add_profile",
"ip.diff-check",
"tags.create_archive"
],
"user_permissions": [],
"ip_list_columns": [
"label",
"object_identifier_value",
"start_date",
"end_date",
"delete"
],
"ip_list_view_type": "ip",
"file_browser_view_type": "grid",
"current_organization": {
"id": 1,
"name": "Default",
"group_type": 1
},
"notifications_enabled": true
}
Session Authentication
After acquiring a session using, for example, basic authentication, it can be used to authenticate users on subsequent requests using rest_framework.authentication.SessionAuthentication
.