Generic Django application for safer user accounts
Project description
Generic Django application for safer user accounts.
Features
Sessions
User can see all active sessions
User can disable a given active session
User can disable all active sessions
Force password change
Administrators can require a password change for any user
Workflows
Sessions
User logs in
We connect the logic to the user_logged_in signal
We create a new safety.models.Session instance
User can see the list of her sessions (with IP, last activity and device information)
User can delete a given session in the list
We delete both the related safety.models.Session instance and related session in store
User can delete all active sessions excepted the current one
We proceed the same way: deleting instances and related sessions from store
User logs out
We connect the logic to the user_logged_out signal
We delete the related safety.models.Session instance
Force password change
Administrator creates a PasswordChange instance and sets required to True
When user logs in, it will be redirected to password change form
Until the user does not change its password, it is not authorized to go elsewhere
User changes its password
It is now authorized to go elsewhere
Installation
Installing prerequisites
GeoIP library must be installed on your server.
On OS X with Homebrew:
brew install geoip
You also need the GeoIP databases.
For Django >= 1.9, download City and Country databases as binary (not CSV):
http://dev.maxmind.com/geoip/geoip2/geolite2/
For Django 1.8, download City and Country legacy databases as binary (not CSV):
http://dev.maxmind.com/geoip/legacy/geolite/
Create a directory wherever you want and uncompress these archives this directory. Once done, set GEOIP_PATH setting pointing to this directory:
GEOIP_PATH = '/absolute/path/to/maxmind/db/directory'
Installing django-safety
Install
$ pip install django-safety
In your settings.py, add safety to INSTALLED_APPS:
INSTALLED_APPS = (
# Your other apps here.
'safety',
)
In your urls.py, include safety.urls under safety namespace.
urlpatterns = [
# Your other URLs here.
url(r'^security/', include('safety.urls', namespace='safety')),
]
Synchronize the database:
$ python manage.py migrate safety
Great. The session feature is ready.
If you want to enable the “force password change” feature, read the next.
Enabling “force password change” feature
To enable this feature, you have two choices:
You want to protect only specific views? Use password_change_required() decorator
You want to protect your whole application? Use PasswordChangeMiddleware middleware
The decorator works as any Django view decorator.
#
# In your urls.py
#
from safety.decorators import password_change_required
from .views import protect_me
urlpatterns = [
# Other URLs here.
url(r'^protect-me/$', password_change_required(protect_me)),
]
#
# Or in your views.py (it's up to you)
#
from django.shortcuts import render
from safety.decorators import password_change_required
@password_change_required
def protect_me(request):
return render(request, 'protect_me.html')
The middleware works as any Django middleware.
Add safety.middleware.PasswordChangeMiddleware middleware in your settings.py:
MIDDLEWARE_CLASSES = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'safety.middleware.PasswordChangeMiddleware',
]
Done.
Settings
Setting |
Description |
---|---|
SAFETY_LOGIN_REQUIRED_MIXIN_CLASS |
The Python path to your own “login required” mixin class. Defaults to safety.mixins.LoginRequiredMixin. |
SAFETY_IP_RESOLVER |
The Python path to your own IP resolver callable. Defaults to safety.resolvers.remote_addr_ip. |
SAFETY_DEVICE_RESOLVER |
The Python path to your own device resolver callable. Defaults to safety.resolvers.device. |
SAFETY_LOCATION_RESOLVER |
The Python path to your own location resolver callable. Defaults to safety.resolvers.location. |
Development
# Install pip and virtualenv
$ sudo easy_install pip
$ sudo pip install virtualenv
# Clone repository
$ git clone https://github.com/ulule/django-safety.git
# Setup your development environment
$ cd django-safety
$ make devenv
$ source .venv/bin/activate
# Download GeoIP databases
$ make geoip
# Launch test suite
$ make test
# Launch test suite with tox to check compatibility
$ tox
# Run the example project (default user username is "johndoe")
$ make example-migrate
$ make example-user
$ make example-serve
Contribute
Create an issue (before submitting pull requests)
Submit your bug or feature request
You want to fix or code it yourself? Great! Fork the project
Create a branch, always add tests and make sure they all pass with tox
Submit a pull request
Compatibility
python 2.7: Django 1.8, 1.9
Python 3.4: Django 1.8, 1.9
Python 3.5: Django 1.8, 1.9
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
File details
Details for the file django-safety-0.1.0.tar.gz
.
File metadata
- Download URL: django-safety-0.1.0.tar.gz
- Upload date:
- Size: 13.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | c00378bdf74988cb562206b3825bcfaba6addd3d9ebdff9f8edb9e2f27ac143b |
|
MD5 | b699d628d91b4749140c18e945e6bc31 |
|
BLAKE2b-256 | 49f32e8e2f9fad5bd1abe4a3792fe7e12be28f32ae6c059291f75968b5251db1 |