durin.settings)ï
Settings in durin are handled in a similar way to the rest framework settings. All settings are namespaced in the 'REST_DURIN' setting.
Example settings.py:
#...snip...
# These are the default values if none are set
from datetime import timedelta
from rest_framework.settings import api_settings
REST_DURIN = {
"DEFAULT_TOKEN_TTL": timedelta(days=1),
"TOKEN_CHARACTER_LENGTH": 64,
"USER_SERIALIZER": None,
"AUTH_HEADER_PREFIX": "Token",
"EXPIRY_DATETIME_FORMAT": api_settings.DATETIME_FORMAT,
"TOKEN_CACHE_TIMEOUT": 60,
"REFRESH_TOKEN_ON_LOGIN": False,
"AUTHTOKEN_SELECT_RELATED_LIST": ["user"],
"API_ACCESS_CLIENT_NAME": None,
"API_ACCESS_EXCLUDE_FROM_SESSIONS": False,
"API_ACCESS_RESPONSE_INCLUDE_TOKEN": False,
}
#...snip...
DEFAULT_TOKEN_TTLï
Default: timedelta(days=1)
This is how long a token can exist before it expires. Expired tokens are automatically removed from the system.
The setting should be set to an instance of datetime.timedelta.
Durin provides setting a different token Time To Live (token_ttl) value per client object. So this is the default value the durin.models.Client model uses incase a custom value wasnât specified.
Warning: setting a 0 or negative timedelta will create tokens that instantly expire, the system will not prevent you setting this.
TOKEN_CHARACTER_LENGTHï
Default: 64
This is the length of the token that will be sent to the client. This shouldnât need changing.
USER_SERIALIZERï
Default: None
This is the reference to the class used to serialize the User objects when succesfully returning from durin.views.LoginView. The default is durin.serializers.UserSerializer.
Default: "Token"
This is the Authorization header value prefix.
EXPIRY_DATETIME_FORMATï
Default: DATETIME_FORMAT (of Django REST framework)
This is the expiry datetime format returned in the login and refresh views.
May be any of None, iso-8601 or a Python strftime format string.
TOKEN_CACHE_TIMEOUTï
Default: 60
This is the cache timeout (in seconds) used by django-memoize in case you are using durin.auth.CachedTokenAuthentication backend in your app.
REFRESH_TOKEN_ON_LOGINï
Default: False
When a request is made to the durin.views.LoginView. One of two things happen:
Token instance for a particular user-client pair already exists.
A new token instance is generated for the provided user-client pair.
In the first case, the already existing token is sent in response. So this setting if set to True should extend the expiry time of the token by itâs durin.models.Client token_ttl everytime login happens.
Default: ["user"]
This is passed as an argument to select_related when the durin.auth.TokenAuthentication class fetches the durin.models.AuthToken instance. For example,
AuthToken.objects.select_related(*AUTHTOKEN_SELECT_RELATED_LIST).get(token=token_string)
Otherwise, set to a falsy value such as None or False to not use select_related.
API_ACCESS_CLIENT_NAMEï
Default: None
There may be an use-case where you want to issue API keys to your users so they can call your RESTful API using cURL or a custom client.
Set this setting to the ``name` of the specific durin.models.Client instance to issue these API keys against.
Note: The durin.views.APIAccessTokenView view allows management of this.
API_ACCESS_EXCLUDE_FROM_SESSIONSï
Default: False
If set to True, the AuthToken instance for the specifc API_ACCESS_CLIENT_NAMEâs Client` instance will be excluded from the overall âSessions Listâ (GET /api/sessions/) response.
This is useful because you may want the view to list only the âbrowser sessionsâ.
API_ACCESS_RESPONSE_INCLUDE_TOKENï
Default: False
If set to False, the token field would be omitted from the durin.views.APIAccessTokenView viewâs (GET /api/apiaccess/) response.
In case of POST request, the token field is always included despite of this setting.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4