... | ... | @@ -188,12 +188,25 @@ urlpatterns = router.urls |
|
|
|
|
|
# The authentication classes
|
|
|
|
|
|
[Official DRF documentation about authentication](https://www.django-rest-framework.org/api-guide/authentication/)
|
|
|
|
|
|
To use the API, it is usually better for the user to be authenticated (except for specific pages like the root page) because it means that the actions can be tracked and the ACL checked. To do that DRF provides multiple methods. Re2o's API is only using two authentication method, they are defined in [the settings file](#the-settings-file)
|
|
|
|
|
|
## rest_framework.authentication.SessionAuthentication
|
|
|
|
|
|
# The permission classes
|
|
|
This method checks the user's cookies to retrieve a valid *Django-auth*'s session. This method is useful to explore the API in a browser, because logging in via the standard login page, will set this cookie and thus also log in the API
|
|
|
|
|
|
|
|
|
## api.authentication.ExpiringTokenAuthentication
|
|
|
|
|
|
This authentication method is using tokens passed in the `Authorization` field of the header of the request. One can get a token by making a POST request with valid credentials to a dedicated URL. See [the usage of the API](API/Raw usage) for more.
|
|
|
|
|
|
This is custom subclass of *rest_framework.authentication.TokenAuthentication* with the slight change that produced tokens expires after a certain delay (defined in [the settings file](#the-settings-file)) and need to be renewed.
|
|
|
|
|
|
This methods uses the *rest_framework.authtoken.models.Token* model to store per user token in the database. Those tokens are only created if the user successfully log in once.
|
|
|
|
|
|
|
|
|
# The permission classes
|
|
|
|
|
|
|
|
|
# The serializers
|
... | ... | |