Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/strogonoff/django-upwork-auth

Simple Upwork login for your Django-based project.
https://github.com/strogonoff/django-upwork-auth

django oauth2 python upwork-api

Last synced: about 2 months ago
JSON representation

Simple Upwork login for your Django-based project.

Awesome Lists containing this project

README 

        
Simple Upwork login for your app. Tested with Django 1.8 (see example project).



If there’s interest, migration to latest Django is on the table.



(Before oDesk rebranded as Upwork, this library was called django-odesk-auth.

The latest version of django-odesk-auth works with Upwork already.

This library is not backwards compatible with django-odesk-auth.)



## Creating Upwork OAuth API key



Go to https://www.upwork.com/services/api/apply.



* Authentication type should be set to "OAuth 1.0".

* Callback URL should be left blank.

* Default authentication backend requires

  "View the structure of your companies/teams" permission to be checked.



## Adding Upwork auth to your Django project



Make sure you have ``django-upwork-auth`` and ``python-upwork==1.0`` installed.

Make sure you have Django's ``sites`` and ``session`` frameworks enabled.



1. Add ``'django_upwork_auth'`` to ``INSTALLED_APPS``.



2. Add ``'django_upwork_auth.backends.UpworkOAuthBackend'``

   to AUTHENTICATION_BACKENDS.



3. Specify ``UPWORK_OAUTH_KEY`` and ``UPWORK_OAUTH_SECRET`` settings

   with your key information.



4. Add ``'your_upwork_username'`` to ``UPWORK_AUTH_ALLOWED_USERS``,

   and set ``UPWORK_AUTH_AUTO_CREATE_USERS`` to True.



5. Include ``django_upwork_auth.urls`` in your URL patterns.



6. In your login page template, put a link (say, "Log in via Upwork")

   and point it to ``{% url "upwork_oauth_login" %}``.



7. Open login page and click "Log in via Upwork" to verify everything works.



NOTE:

Keep ``UPWORK_OAUTH_KEY`` and ``UPWORK_OAUTH_SECRET`` settings

in a file that is not under version control. One way to do that:



* Keep public settings in a versioned file ``settings_base.py``

* Keep private settings in ``settings.py``

* In the beginning of ``settings.py``, have ``from settings_base import *``



## Example project



Requirements: Vagrant, Ansible, and free 8000 port.



First, fill in the necessary settings in ``example_project/settings.py``

(see comments in the file).



From ``example_project`` directory, bring up a virtual machine

using the Vagrantfile provided, and manually run Django development server inside:



    $ vagrant up

    $ vagrant ssh

    vm$ cd /vagrant/example_project/

    vm$ ./manage.py runserver 0.0.0.0:8000



On your host machine, navigate to 127.0.0.1:8000 where you should be able

to test Upwork login functionality in action.



## Authentication backend



Stock authentication backend assumes that you only use Upwork login in your app.

When someone logs in, if their Upwork ID matches existing username, it logs

them in as that user. If there's no username matching given Upwork ID, it optionally

creates a user with such username.



**IMPORTANT:**

If you are using other authentication methods

in addition to Upwork OAuth, or if there’s any other reason

one end user’s Upwork ID can match another’s ``User.username``,

you *must* subclass ``backends.UpworkOAuthBackend`` and override

some of its methods.



Stock authentication backend provides optional basic access control facilities.

You can specify who is allowed to log in to your site and who upon login gets

staff and/or superuser statuses. This is configured through Django settings.



If whitelisting is on and given user is not on the white list, their

``User.is_active`` flag gets set to False upon login.



**IMPORTANT:**

By default authentication backend lets anyone log in via Upwork.



See below all settings provided by stock authentication backend.



You can subclass stock authentication backend to override user manipulation

(see ``handle_unknown_user()`` and ``update_user()`` methods).



## Making authenticated Upwork API calls



After user is successfully authenticated you can call Upwork API on their behalf.

For that you'd need the access token obtained during OAuth flow.



By default this app uses Django's built-in session framework to store

access token. The key it uses can be retrieved from

``django_upwork_auth.settings.ACCESS_TOKEN_SESSION_KEY``

and customized via ``UPWORK_OAUTH_ACCESS_TOKEN_SESSION_KEY`` setting.



Example code you can have in your view::



```python

from django_upwork_auth import utils, settings



upwork_client = utils.get_client(

    request.session[settings.ACCESS_TOKEN_SESSION_KEY])



print upwork_client.hr.get_teams()

# Should output list of teamrooms current user belongs to

```



You can use another storage technique by overriding

``UPWORK_OAUTH_ACCESS_TOKEN_STORE_FUNC``. It's useful if you need to make Upwork API call

but can't easily read user's session because there's no request context.

For example, you can store access token with associated username in Redis

and query it in your asynchronous tasks.



Note:



* How you make API calls is up to you. Internally django-upwork-auth

  uses python-upwork library, and so does the above example.



* ``utils.get_client()`` function returns an instance of ``upwork.Client``.

  Handy if you're using python-upwork library to make API calls.



## Verifying OAuth access token



If you want to periodically check whether current user's authentication

is still valid, this Django app provides a helper for that:

``utils.check_login()``.



It can be used in a view like this:



```python



from django_upwork_auth import utils



def oauth_check_login(request):

    u"""Verifies OAuth access token and user status on Upwork.

    Returns HTTP 200 (OK) or HTTP 401 (Unauthorized)

    with additional information in response body text.

    """

    access_token = utils.access_token.get(request)



    if access_token is None or len(access_token) != 2:

        return http.HttpResponse(

            u"Bad or missing Upwork OAuth access token", status=401)



    result, details = utils.check_login(access_token)



    if result is True:

        return http.HttpResponse(details, status=200)

    else:

        return http.HttpResponse(details, status=401)

```



## Important Django settings



Default values shown where appopriate.



* UPWORK_OAUTH_KEY, UPWORK_OAUTH_SECRET



  API key information.



* UPWORK_AUTH_LOGIN_REDIRECT_URL = settings.LOGIN_REDIRECT_URL



  Where to redirect the user at the end of OAuth flow.

  Path or URL pattern name.



* UPWORK_AUTH_ACCESS_TOKEN_STORE_FUNC



  Function to be called to store OAuth access token for future access.

  It's passed two arguments: a request where user is already

  authenticated and the access token associated with that user.

  Default implementation stores token in session under

  ``settings.ACCESS_TOKEN_SESSION_KEY``.



### Settings specific to stock backend



These are relevant unless you subclass the provided

``backends.UpworkOAuthBackend`` and override some of its logic.



* UPWORK_AUTH_AUTO_CREATE_USERS = False



  Whether to create a new account in Django if given user uses Upwork login

  for the first time (i.e., ID returned by Upwork is free in your Django DB).



* UPWORK_AUTH_WHITELIST = ()



  Upwork IDs of users who are allowed to log in via Upwork.



* UPWORK_AUTH_STAFF_WHITELIST = ()



  Upwork IDs of users who are marked as ``is_staff`` upon login.



* UPWORK_AUTH_SUPERUSER_WHITELIST = ()



  Upwork IDs of users who are marked as ``is_superuser`` upon login.



* UPWORK_AUTH_TEAM_WHITELIST = ()



  IDs of Upwork teamrooms, members of which are allowed to log in via Upwork.



* UPWORK_AUTH_STAFF_TEAM_WHITELIST = ()



  IDs of Upwork teamrooms, members of which are marked as ``is_staff`` upon login.



* UPWORK_AUTH_SUPERUSER_TEAM_WHITELIST = ()



  IDs of Upwork teamrooms, members of which are marked as ``is_superuser`` upon login.