Suggestion: Implement ApiAuthentication

[asfaltboy]

We should add support for the ApiAuthentication by adding a mongoengine model that overrides this (from tastypie/models.py):

class ApiKey(models.Model):
        user = models.OneToOneField(User, related_name='api_key')
        key = models.CharField(max_length=256, blank=True, default='')
        created = models.DateTimeField(default=datetime.datetime.now)

        def __unicode__(self):
            return u"%s for %s" % (self.key, self.user)

        def save(self, *args, **kwargs):
            if not self.key:
                self.key = self.generate_key()

            return super(ApiKey, self).save(*args, **kwargs)

        def generate_key(self):
            # Get a random UUID.
            new_uuid = uuid.uuid4()
            # Hmac that beast.
            return hmac.new(str(new_uuid), digestmod=sha1).hexdigest() 

Then it will be possible to use a specialized version of the following hook to authenticate against a mongoengine.django.auth.User object :

def create_api_key(sender, **kwargs):
        """
        A signal for hooking up automatic ``ApiKey`` creation.
        """
        if kwargs.get('created') is True:
            ApiKey.objects.create(user=kwargs.get('instance')) 

[burakkilic]

Agree.

[mitar]

I am not sure if I understand this ticket? What is this? What is this ApiKey? What exactly does django-tastypie-mongoengine have to support?

[burakkilic]

Tastypie normally supports ApiKey Authentication. Every user has an api key, and authenticates to the system with this key. ApiKey is a unique id by the way.

[mitar]

And why you cannot use this in django-tastypie-mongoengine?

[mitar]

So I do not understand what are you asking here. Just to define some standard document for storing API keys?

[mitar]

I checked a bit more and I do not agree that this should be an independent document. MongoDB should not be used in the same manner as relation-databases is used. So for this to really work nicely, API keys should be defined as fields in User document you are using. Not in separate document and then referencing it.

So it is not just a question of simply converting model to document, but maybe more creating a mixin which could be combined with MongoEngine-defined User document.

Anyway, pull request is welcome.

[mitar]

Closing because no feedback.

[coolkang]

Hi, For my project, I need to use apikey authentication in tastypie and I am wondering if it is (or will be) supported in this framework. To me, it is not important whether apikey is a separate document or not, I just need to know whether it is supported.

[mitar]

Tastypie supports it. So try it.

[Seraf]

Hello @mitar, sorry to re-open this issue, but I'm looking for using ApiKey feature of tastypie with the mongo part. I totally agree that from a Mongo point of view, the api should be set in the user document.

I'm a little lost about the implementation of this feature. Here is where I am : https://github.com/Seraf/LISA/blob/angularjs/lisa/server/web/weblisa/api/accounts.py I created a user class, and tried to use it in my settings : https://github.com/Seraf/LISA/blob/angularjs/lisa/server/web/weblisa/settings.py#L153 but I have an error "AUTH_USER_MODEL refers to model 'mongo_auth.MongoUser' that has not been installed"

Should I override the default mongo user and adding my custom fields like I'm trying to do ? I'm lost.

Thanks

[mitar]

Yes, you should reference with AUTH_USER_MODEL your new model.

[Seraf]

Thanks @mitar, it did the trick, I had other problems. Thanks for your help !

[Seraf]

Sorry to annoy you again, but I hope it will help other coming to this issue to handle the apikey correctly ^^ I have a strange problem : when I do a User.objects.all() from my custom user class, it returns me no document (and I have a user in my User collection). When I create a super user, it creates a user but using the default User class (provided by mongoengine).

I wrote a post on mongoengine group, but didn't had answers :( https://groups.google.com/forum/#!topic/mongoengine-users/VTgbLXrXRco

As you can see in the settings.py file, I use my custom class : https://github.com/Seraf/LISA/blob/71fbdeb1bba3c19a183cce74eab87f344647fd1c/lisa/server/web/weblisa/settings.py#L155

Any idea ?

Thanks a lot

[mitar]

Sorry, no idea.