The mg.acl.tree_token application¶
Requires The mg.orga.tree application.
Token-based authentication¶
Token-based authentication is when users want a lightwheight authentication system. Users don’t identify themselves with a login+password scheme, but only know a resource name. This name is the token and can match the contained data, with a little obfuscation. Example: OurTripToVegas.
In a real-world scenario, with your own photos, chances someone will bruteforce the token-based system to retrieve you pictures is quite small. Anyway, use it only if you want to :).
![digraph tree {
element [shape = "box", label="Element\nmg.core.element"];
user [shape = "box", label="User\ndjango.contrib.auth"];
token [shape = "box", label="Token"];
token -> element;
token -> user [labe = "owner"];
}](../../../_images/graphviz-6b6de4b32a1f06769d189d279f73463e61264895.png)
Views¶
mg.acl.tree_token.views provides a generic view usable for browsing in a tree protected by tokens.
- mg.acl.tree_token.views.token_path(request, pk_list)¶
Parameters: - request – A django request object
- pk_list (str) – A string containing a list of element primary keys, separated by slashes (/), with a trailing slash. Example: 23/41/11/. This is the current path from token’s root.
This view is a frontend to the mg.orga.tree.views.path(), checking the token exists and setting the correct root.
The following additional variables are passed to the template:
- token:
- The current Token object.
Note
If there is no valid token currently set in the session, this view issues a redirect to the token_open() view.
- mg.acl.tree_token.views.token_open(request)¶
Parameters: - request – A django request object
This view uses the token/token_form.html template to display a login-like form expecting a token.
When a correct token is entered, a session variable is set pointing to the token, and used is redirected to the token_path() view.
- mg.acl.tree_token.views.token_close(request)¶
Parameters: - request – A django request object
This view deletes the token information from the session and redirects to the token_open() view.
URLs¶
If tree/token organization is used, your root urls.py should include the mg.acl.tree_token.urls. It must not contain the mg.orga.tree.urls, as they would give direct access to the media with no token checking. Example usage:
from django.conf.urls.defaults import *
urlpatterns = patterns(
'',
# Include photo and video for prefered_size handling
url(r'^photo/', include('mg.media.photo.urls')),
url(r'^video/', include('mg.media.video.urls')),
# Token will do the rest.
url(r'^token/', include("mg.acl.tree_token.urls")),
) + patterns(
'django.views.generic.simple',
# Redirection for incoming visitors
url(r'^$', 'redirect_to', {'url': '/token/'}),
)