Metadata-Version: 2.1
Name: ponddy-auth
Version: 0.1.5
Summary: The Ponddy Auth SSO authentication library
Home-page: https://github.com/samwuTW/ponddy-auth
Author: lambdaTW
Author-email: lambda@lambda.tw
License: MIT
Keywords: Ponddy Auth SSO
Platform: UNKNOWN
Classifier: Programming Language :: Python :: 3.7
Description-Content-Type: text/markdown
Requires-Dist: Django
Requires-Dist: djangorestframework
Requires-Dist: python-jose
Requires-Dist: requests

# Ponddy Auth Library
- Provide the class for the Django restful framework authentication, accept the `Auth` token and check the name of <API_AGENT_PREFIX>_<API_ID> in django.contrib.auth.models.Group or not.
If the group exists then append the API_AGENT_PROPERTY_NAME into `request.user` let you can check either API or user permissions.

- Provide the Django model permission class compatible with the restful framework, let it can support valid the permission what in this request contains the API's permission validation.

- Provide the APIClient, it acts the role of API to execute the HTTP request

## Usage
### Install package
```shell-script
pip install -U ponddy-auth
```

### Install into restful framework authentication setting
```python
REST_FRAMEWORK = {
    # ...
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework.authentication.SessionAuthentication',
        'rest_framework.authentication.BasicAuthentication',
        'ponddy_auth.authentication.SSOAuthentication',  # Add this line
    ),
}
```

## Settings
### `AUTH_TOKEN_VALID_URL`
The real Auth server URL
 - None default
### `API_AGENT_PREFIX`
The prefix of API name of group
 - Default: `api_agent_`
### `API_AGENT_PROPERTY_NAME`
The property name what injects into the `request.user` object
 - Default: `_api_agent`
### `PONDDY_AUTH_APP_NAME`
Your APP name
### `PONDDY_AUTH_API_CLIENT_ID`
Your client ID
### `PONDDY_AUTH_API_SECRET`
Your client secret
### `PONDDY_AUTH_API_TOKEN_PREFIX`
The token prefix, default is `SSO`

#### Alias
If you are already set some variables as another setting variable, you can change those to specify the settled variable name
### `PONDDY_AUTH_APP_NAME_SETTING_NAME`
Setting alias of `PONDDY_AUTH_APP_NAME`
### `PONDDY_AUTH_API_CLIENT_ID_SETTING_NAME`
Setting alias of `PONDDY_AUTH_API_CLIENT_ID`
### `PONDDY_AUTH_API_SECRET_SETTING_NAME`
Setting alias of `PONDDY_AUTH_API_SECRET`
### `PONDDY_AUTH_API_TOKEN_PREFIX_SETTING_NAME`
Setting alias of `PONDDY_AUTH_API_TOKEN_PREFIX`

## Permission
### Check permission manually
```python
# project/app/views.py
from rest_framework.decorators import api_view


@api_view(['GET'])
def my_view(request):
   if request.user._api_agent.has_perm('auth.view_users') or \
      request.user._api_agent.has_perms(['app.perm', 'app.perm']):
       # do something
       pass
```

### Use Permission class
```python
# project/app/views.py
from django.contrib.auth.models import User
from rest_framework import viewsets

from ponddy_auth.permissions import SSODjangoModelPermissions

from .serializers import UserSerializer


class UserViewSet(viewsets.ModelViewSet):
    queryset = User.objects.all()
    serializer_class = UserSerializer
    permission_classes = [SSODjangoModelPermissions, ]
 ```

## APIClient
### Settings first
```python
# project/settings.py
PONDDY_AUTH_APP_NAME = 'YOUR APP NAME'
PONDDY_AUTH_API_CLIENT_ID = 'your-client-id-uuid-like'
PONDDY_AUTH_API_SECRET = 'y0urSecretKey'
```
### Make request
```python
from ponddy_auth.utils import APIClient
session = APIClient()
url = 'https://some.app'
data = {'apply': True}
response = session.post(url, data=data)
```
### Act as user
```python
from ponddy_auth.utils import APIClient
session = APIClient(payload_patch={'email': 'user@userdomain.com'})
url = 'https://some.app'
data = {'apply': True}
response = session.post(url, data=data)

```


