Authenticate a view without user

aaugustin / django-sesame

"Magic Links" - URLs with authentication tokens for one-click login

https://django-sesame.readthedocs.org/

BSD 3-Clause "New" or "Revised" License

980 stars 57 forks source link

Authenticate a view without user #110

Closed robhafemeister closed 5 months ago

robhafemeister commented 5 months ago

Is it possible to use django-sesame to authenticate public views without a user (anonymous user)? Example: I have a table of subscribers that contains an email and pin fields, I have a form view with the same fields when submitted if the email and pin values match an object in the subscriber table then a url with a token to access a scoped view is emailed to the user that will allow them access to their records.

robhafemeister commented 5 months ago

After diving deeper into it I realize that django-sesame is designed to work with Django's built-in User model.

aaugustin commented 5 months ago

That's correct. django-sesame is tightly connected to Django's authentication framework. I don't see a practical way to bypass this in the current state of the library: https://github.com/aaugustin/django-sesame/blob/5e134881dfbbf0b276ab4727b9481055205d2c7a/src/sesame/utils.py#L91-L96

This is essentially the same request at #107.