Best IT Recipes

User Authentication in Django Rest Framework + Angular.js Web Application

I am working on a webapp where users can log in to a wine cellar online.

I have a setup for Django REST models, as well as an interface design in Angular, but I am having trouble linking the parts, and my main problem is user authentication.

I read a lot of posts here and various tutorials, but I cannot find a step-by-step method for implementing authentication:

  • What type of auth should be used (token, session, other?)
  • How server-side authentication is performed (is this a browsing method? In UserModel or UserManager?)
  • I have a user model of the user (using email as the username). Can I use the generic Django login method or do I need to create my own?
  • How is the authentication process between the server and the client side performed?

From what I understand, Angular makes a POST request at the URL where DRF checks for a username and password and returns a token or other authentication confirmation.

I feel like I'm close, but I need a more general idea of โ€‹โ€‹how this works to collect fragments.

Thank you in advance

+54
python angularjs authentication django django-rest-framework
Dec 10 '13 at 15:24
source share
2 answers

I guess there are many ways to do this, let me explain what I'm doing, hope this is helpful. This will be a long post. I would like to hear how others do it, or it is better to use the same approach. You can also check out my project on Github, Angular-Django-Seed .

I use token authentication with Witold Szczerba http-auth-interceptor . The beauty of his approach is that whenever a request is sent from your site without the proper credentials, you are redirected to the login screen, but your request is queued for restarting when the login is completed.

Here is the login directive used with the login form. It goes to the endpoint of the Django authentication token, sets a cookie with a response token, sets a default token with a token so that all requests are authenticated, and fires an http-auth-interceptor login event.

.directive('login', function ($http, $cookieStore, authService) { return { restrict: 'A', link: function (scope, elem, attrs) { elem.bind('submit', function () { var user_data = { "username": scope.username, "password": scope.password, }; $http.post(constants.serverAddress + "api-token-auth", user_data, {"Authorization": ""}) .success(function(response) { $cookieStore.put('djangotoken', response.token); $http.defaults.headers.common['Authorization'] = 'Token ' + response.token; authService.loginConfirmed(); }); }); } }

})

I use the moduleโ€™s .run method to set a cookie check, when a user comes to the site, if they have a set of cookies, I set the default authorization.

 .run(function($rootScope) { $rootScope.$broadcast('event:initial-auth'); })

Here is my interceptor directive that handles authService translations. If a login is required, I hide everything and show the login form. Otherwise, hide the login form and show everything else.

 .directive('authApplication', function ($cookieStore, $http) { return { restrict: 'A', link: function (scope, elem, attrs) { var login = elem.find('#login-holder'); var main = elem.find('#main'); scope.$on('event:auth-loginRequired', function () { main.hide(); login.slideDown('fast'); }); scope.$on('event:auth-loginConfirmed', function () { main.show(); login.slideUp('fast'); }); scope.$on('event:initial-auth', function () { if ($cookieStore.get('djangotoken')) { $http.defaults.headers.common['Authorization'] = 'Token ' + $cookieStore.get('djangotoken'); } else { login.slideDown('fast'); main.hide(); } }); } } })

To use it, all of my html were basically like that.

 <body auth-application> <div id="login-holder"> ... login form </div> <div id="main"> ... ng-view, or the bulk of your html </div>
+49
Dec 10 '13 at 16:56
source share

Check django-rest-auth and angular-django-registration-auth also

https://github.com/Tivix/angular-django-registration-auth

https://github.com/Tivix/django-rest-auth

We tried to solve the most common Django related records / records related to the backend and angular in these two libraries.

Thank!

+14
Jul 10 '14 at 2:28
source share


More articles:


All Articles