Requires The mg.orga.tree application.
Token-based authentication is when users want a lightwheight authentication system. Users don’t identify themselves with a login+password scheme, but only know a resource name. This name is the token and can match the contained data, with a little obfuscation. Example: OurTripToVegas.
In a real-world scenario, with your own photos, chances someone will bruteforce the token-based system to retrieve you pictures is quite small. Anyway, use it only if you want to :).
mg.acl.tree_token.views provides a generic view usable for browsing in a tree protected by tokens.
Parameters: |
|
---|
This view is a frontend to the mg.orga.tree.views.path(), checking the token exists and setting the correct root.
The following additional variables are passed to the template:
Note
If there is no valid token currently set in the session, this view issues a redirect to the token_open() view.
Parameters: |
|
---|
This view uses the token/token_form.html template to display a login-like form expecting a token.
When a correct token is entered, a session variable is set pointing to the token, and used is redirected to the token_path() view.
Parameters: |
|
---|
This view deletes the token information from the session and redirects to the token_open() view.
If tree/token organization is used, your root urls.py should include the mg.acl.tree_token.urls. It must not contain the mg.orga.tree.urls, as they would give direct access to the media with no token checking. Example usage:
from django.conf.urls.defaults import *
urlpatterns = patterns(
'',
# Include photo and video for prefered_size handling
url(r'^photo/', include('mg.media.photo.urls')),
url(r'^video/', include('mg.media.video.urls')),
# Token will do the rest.
url(r'^token/', include("mg.acl.tree_token.urls")),
) + patterns(
'django.views.generic.simple',
# Redirection for incoming visitors
url(r'^$', 'redirect_to', {'url': '/token/'}),
)