8. Django Integration

Warning

Because Krptn uses a Zero Knowledge security model, the Django Admin cannot change the user’s password, or any other attributes. Any attempt to do so will fail. To avoid tempting administrators to try anyway, it may be a good idea to remove these forms from the admin site.

Note

In order for this to make sense please read User Auth first. It it also useful to have a knowledge of the Django webframework.

You can check our example implementation on GitHub.

As you will notice, Krptn does not integrate with Django’s Authentication but rather serves as a replacement. However, this comes with the limitation that (whitout extra programming) you cannot login with a Krptn account into the Django admin site. For that, you need to create a Django account.

Also, Krptn accounts, because of our strict security model, will have issues with Django’s permissions. Avoid using built-in Django permision management and instead do permision checks manually. The only exception to this is the login_required decorator, but this is only valid, if you have your custom login page configured (/accounts/login).

8.1. Middleware

In order to use Krptn’s user model as request.user in your view, you need to install the middleware.

Please add Krptn middleware to the END OF THE LIST.

For exmaple:

 1MIDDLEWARE = [
 2    'django.middleware.security.SecurityMiddleware',
 3    'django.contrib.sessions.middleware.SessionMiddleware',
 4    'django.middleware.common.CommonMiddleware',
 5    'django.middleware.csrf.CsrfViewMiddleware',
 6    'django.contrib.auth.middleware.AuthenticationMiddleware',
 7    'django.contrib.messages.middleware.MessageMiddleware',
 8    'django.middleware.clickjacking.XFrameOptionsMiddleware',
 9    'krypton.auth.django.middleware.kryptonLoginMiddleware' ## <-- Like here
10]

Inside your views:

1def aRandomView(request):
2    request.user.
3    # request.user is a krypton.auth.django.users.djangoUser object
4    # djangoUser object has the same interface as a standardUser objects

8.2. Forms

Krptn requires custom forms for user management (e.g.: creation, password reset, etc..). You need to configure the forms. Because everyone has a wide variety of needs regarding user creation, there is no single form to use. You need to create these forms according your needs.

We will breifly discuss how to create these forms.

8.2.1. Create User

 1from django import forms
 2from krypton.auth.django import users
 3
 4class UserCreationForm(forms.Form):
 5    Password = forms.CharField(widget=forms.PasswordInput)
 6    userName = forms.CharField(label = "User Name")
 7    age = forms.CharField(label = "Age")
 8    def save(self, commit=True):
 9        user = users.djangoUser(None)
10        token = user.saveNewUser(pwd=self.cleaned_data["Password"], name=self.cleaned_data["userName"])
11        user.setData("Age", self.cleaned_data["age"])
12        return token, user.id

Do not forget to set token and user.id as cookies in any view that handles authentication!! Otherwise, the middleware will have issues!

1response.set_cookie("_KryptonUserID", UserId)
2response.set_cookie("_KryptonSessionToken", token, 15*60) # set token for 15 minutes

The cookies have to have the same name as in the above example.

Again, you will need to customise this form to include fields that you need.

As you can see we use Krptn’s User Auth inside the forms save method.

8.2.2. Login

This form depends on whether you are using MFA and whether you use FIDO or TOTP MFA.

In this example, we will use TOTP.

1class LoginForm(forms.Form):
2    userName = forms.CharField(label = "User Name")
3    password = forms.CharField(widget=forms.PasswordInput)
4    totp = forms.IntegerField(label = "TOTP")
5    def save(self, commit=True):
6        user = users.djangoUser(self.cleaned_data["userName"])
7        token = user.login(pwd=self.cleaned_data["userName"], mfaToken=str(self.cleaned_data["totp"]))
8        return token, user.id

Do not forget to set token and user.id as cookies in any view that handles authentication!! Otherwise, the middleware will have issues!

1response.set_cookie("_KryptonUserID", UserId)
2response.set_cookie("_KryptonSessionToken", token, 15*60) # set token for 15 minutes

The cookies have to have the same name as in the above example.

8.2.3. Other forms

There are plenty of other possible forms. For example, enabling MFA, password resets, etc.. However, we will not discuess them.

In case of any doubt, you can check our example on GitHub or reach out to us.