8. Django Integration
Warning
Because Krptn uses a Zero Knowledge security model, the Django Admin cannot change the user’s password, or any other attributes. Any attempt to do so will fail. To avoid tempting administrators to try anyway, it may be a good idea to remove these forms from the admin site.
Note
In order for this to make sense please read User Auth first. It it also useful to have a knowledge of the Django webframework.
You can check our example implementation on GitHub.
As you will notice, Krptn does not integrate with Django’s Authentication but rather serves as a replacement. However, this comes with the limitation that (whitout extra programming) you cannot login with a Krptn account into the Django admin site. For that, you need to create a Django account.
Also, Krptn accounts, because of our strict security model, will have issues with Django’s permissions. Avoid using built-in Django permision management and instead do permision checks manually. The only exception to this is the login_required
decorator, but this is only valid, if you have your custom login page configured (/accounts/login
).
8.1. Middleware
In order to use Krptn’s user model as request.user
in your view, you need to install the middleware.
Please add Krptn middleware to the END OF THE LIST.
For exmaple:
1MIDDLEWARE = [
2 'django.middleware.security.SecurityMiddleware',
3 'django.contrib.sessions.middleware.SessionMiddleware',
4 'django.middleware.common.CommonMiddleware',
5 'django.middleware.csrf.CsrfViewMiddleware',
6 'django.contrib.auth.middleware.AuthenticationMiddleware',
7 'django.contrib.messages.middleware.MessageMiddleware',
8 'django.middleware.clickjacking.XFrameOptionsMiddleware',
9 'krypton.auth.django.middleware.kryptonLoginMiddleware' ## <-- Like here
10]
Inside your views:
1def aRandomView(request):
2 request.user.
3 # request.user is a krypton.auth.django.users.djangoUser object
4 # djangoUser object has the same interface as a standardUser objects
8.2. Forms
Krptn requires custom forms for user management (e.g.: creation, password reset, etc..). You need to configure the forms. Because everyone has a wide variety of needs regarding user creation, there is no single form to use. You need to create these forms according your needs.
We will breifly discuss how to create these forms.
8.2.1. Create User
1from django import forms
2from krypton.auth.django import users
3
4class UserCreationForm(forms.Form):
5 Password = forms.CharField(widget=forms.PasswordInput)
6 userName = forms.CharField(label = "User Name")
7 age = forms.CharField(label = "Age")
8 def save(self, commit=True):
9 user = users.djangoUser(None)
10 token = user.saveNewUser(pwd=self.cleaned_data["Password"], name=self.cleaned_data["userName"])
11 user.setData("Age", self.cleaned_data["age"])
12 return token, user.id
Do not forget to set token
and user.id
as cookies in any view that handles authentication!! Otherwise, the middleware will have issues!
1response.set_cookie("_KryptonUserID", UserId)
2response.set_cookie("_KryptonSessionToken", token, 15*60) # set token for 15 minutes
The cookies have to have the same name as in the above example.
Again, you will need to customise this form to include fields that you need.
As you can see we use Krptn’s User Auth inside the forms save
method.
8.2.2. Login
This form depends on whether you are using MFA and whether you use FIDO or TOTP MFA.
In this example, we will use TOTP.
1class LoginForm(forms.Form):
2 userName = forms.CharField(label = "User Name")
3 password = forms.CharField(widget=forms.PasswordInput)
4 totp = forms.IntegerField(label = "TOTP")
5 def save(self, commit=True):
6 user = users.djangoUser(self.cleaned_data["userName"])
7 token = user.login(pwd=self.cleaned_data["userName"], mfaToken=str(self.cleaned_data["totp"]))
8 return token, user.id
Do not forget to set token
and user.id
as cookies in any view that handles authentication!! Otherwise, the middleware will have issues!
1response.set_cookie("_KryptonUserID", UserId)
2response.set_cookie("_KryptonSessionToken", token, 15*60) # set token for 15 minutes
The cookies have to have the same name as in the above example.
8.2.3. Other forms
There are plenty of other possible forms. For example, enabling MFA, password resets, etc.. However, we will not discuess them.
In case of any doubt, you can check our example on GitHub or reach out to us.