Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/aaronlelevier/django-rest-framework-hmac

HMAC Authentication for the django-rest-framework
https://github.com/aaronlelevier/django-rest-framework-hmac

django django-rest-framework hmac python

Last synced: 2 months ago
JSON representation

HMAC Authentication for the django-rest-framework

Awesome Lists containing this project

README 

        

# Django REST Framework HMAC Authentication



This library implements the [HMAC](https://en.wikipedia.org/wiki/HMAC) Authentication protocol for the [django-rest-framework](http://www.django-rest-framework.org/).  



This is useful because HMAC allows the client to authenticate and make an http request at the same time.



HMAC is used by the [botocore](https://github.com/boto/botocore) Python library by AWS and other places around the web.



# Requirements



- Python 3.6

- Django 2.0+

- Django REST Framework 3.7



# Installation



Install using `pip`...



```

$ pip install django-rest-framework-hmac

```



# Documentation



## How to use



#### Define a `View` with `HMACAuthentication` set in the `authentication_classes`



```python

from rest_framework.views import APIView

from rest_framework_hmac.authentication import HMACAuthentication



class MyView(APIView):

    authentication_classes = (HMACAuthentication,)

```



#### Register the `HMACKey` Signal, so a HMAC `key` and `secret` get generated each time a User is created.



```python

from django.conf import settings

from django.db.models.signals import post_save

from django.dispatch import receiver

from rest_framework_hmac.hmac_key.models import HMACKey



@receiver(post_save, sender=settings.AUTH_USER_MODEL)

def create_hmac_key(sender, instance=None, created=False, **kwargs):

    if created:

        HMACKey.objects.create(user=instance)

```



#### Use the above relationship between the Django `User` and `HMACKey` Model with the `HMACSigner` convenience class to generate a HMAC signed request.



To successfully make a request to this View, the client must set 3 properties in the request header:



- Key

- Signature

- Timestamp



The `Key` is used to lookup the Django User



The `Signature` is the HMAC Signature generated by signing with the HMAC cryptographic key



The `Timestamp` can be any string timestamp. In the example the `HMACSigner` the timestamp is `ISO8601`



```python

import time



from rest_framework.test import APIClient

from rest_framework_hmac.client import HMACSigner

from django.contrib.auth.models import User



# generate the signature using the headers and request

# payload if present

ISO8601 = '%Y-%m-%dT%H:%M:%SZ'

TIME = time.strftime(ISO8601, time.gmtime())

user = User.objects.create_user('bob')



hmac_signer = HMACSigner(user)

headers = {

    'method': POST,

    'hostname': '127.0.0.1',

    'path': '/',

    'timestamp': TIME

}

post_data = {'title': 'new idea'}

signature = hmac_signer.calc_signature(headers, post_data)



# Make request with all required headers

client = APIClient()

headers = {

    'Key': user.hmac_key.key,

    'Signature': signature,

    'Timestamp': TIME

}

client.post('/notes/', post_data, format='json', **headers)

```



# Example project



To run the example project, run the following commands



```

cd rest_framework_hmac/example_project/



# create virtualenv (python3 must be installed)

python3 -m venv venv



# activate virtualenv

source venv/bin/activate



# install requirements

pip install -r requirements.txt



cd example



# run tests

./manage.py test



# or run Django local server

./manage.py runserver

```



# License



 BSD 2-Clause