Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/justinmayer/django-elevate

Protect your sensitive Django views by requiring re-authentication
https://github.com/justinmayer/django-elevate

authentication django python security

Last synced: 18 days ago
JSON representation

Protect your sensitive Django views by requiring re-authentication

Host: GitHub
URL: https://github.com/justinmayer/django-elevate
Owner: justinmayer
License: bsd-3-clause
Created: 2017-12-15T20:39:25.000Z (almost 7 years ago)
Default Branch: main
Last Pushed: 2023-06-29T09:08:24.000Z (over 1 year ago)
Last Synced: 2024-10-14T21:08:27.244Z (about 1 month ago)
Topics: authentication, django, python, security
Language: Python
Size: 177 KB
Stars: 47
Watchers: 5
Forks: 8
Open Issues: 0
Metadata Files:
- Readme: README.rst
- Contributing: CONTRIBUTING.rst
- Funding: .github/FUNDING.yml
- License: LICENSE
- Security: docs/security/index.rst

Awesome Lists containing this project

README

        django-elevate

==============

|pypi| |build-status| |readthedocs| |coverage|

.. |pypi| image:: https://img.shields.io/pypi/v/django-elevate.svg

    :target: https://pypi.python.org/pypi/django-elevate/

    :alt: PyPI Version

.. |readthedocs| image:: https://readthedocs.org/projects/django-elevate/badge/?version=latest

    :target: https://django-elevate.readthedocs.io/en/latest/

    :alt: Documentation Status

.. |build-status| image:: https://img.shields.io/github/actions/workflow/status/justinmayer/django-elevate/main.yml?branch=main

    :target: https://github.com/justinmayer/django-elevate/actions

    :alt: Build Status

.. |coverage| image:: https://img.shields.io/codecov/c/github/justinmayer/django-elevate/main?token=LMQUrdXJXk

    :target: https://codecov.io/gh/justinmayer/django-elevate

    :alt: Code Coverage

..

    | Elevate mode offers an extra layer of security for your most sensitive pages.

    | This is an implementation of GitHub's `Sudo Mode`_ for `Django`_.

.. inclusion-marker-do-not-remove-start

What is this for?

~~~~~~~~~~~~~~~~~

Elevate provides an extra layer of security beyond initial user authentication.

Views can be decorated with ``@elevate_required``, and then users must

re-authenticate to access that resource. This might be useful for deleting objects,

canceling subscriptions, and other sensitive operations. After re-authentication,

the user has elevated permissions for the duration of ``ELEVATE_COOKIE_AGE``.

This duration is independent of the normal session duration, allowing for short

elevated permission durations while still retaining long user sessions.

Installation

~~~~~~~~~~~~

.. code-block:: console

    $ pip install django-elevate

Compatibility

~~~~~~~~~~~~~

* Django 2.2, 3.2, and 4.0

* Python 3.7 - 3.10

* pypy3

.. inclusion-marker-do-not-remove-end

Resources

~~~~~~~~~

* `Documentation `_

* `Security `_

* `Changelog `_

.. _Sudo Mode: https://github.com/blog/1513-introducing-github-sudo-mode

.. _Django: https://www.djangoproject.com/