通过Django中的IP地址进行身份验证 [英] Authenticate by IP address in Django

问题描述

我有一个小的Django应用程序，其视图只限于某些用户.仅基于IP地址，来自特定网络的任何人都应该能够看到该视图而无需任何进一步的身份验证.该IP范围之外的其他任何人都应该被要求输入密码，并根据默认的Django用户管理进行身份验证.

I have a small Django application with a view that I want to restrict to certain users. Anyone from a specific network should be able to see that view without any further authentication, based on IP address alone. Anyone else from outside this IP range should be asked for a password and authenticated against the default Django user management.

我认为我必须为此编写一个自定义身份验证后端，但是文档使我感到困惑，因为authenticate()函数似乎期望使用用户名/密码组合或令牌.我不清楚在这里如何使用IP地址进行身份验证.

I assume I have to write a custom authentication backend for that, but the documentation confuses me as the authenticate() function seems to expect a username/password combination or a token. It is not clear to me how to authenticate using IP addresses here.

在Django中实现基于IP地址的身份验证的正确方法是什么?我宁愿为安全性相关的代码使用尽可能多的现有库函数，而不是自己编写所有库函数.

What would be the proper way to implement IP address-based authentication in Django? I'd prefer to use as much existing library functions as possible for security-related code instead of writing all of it myself.

推荐答案

有两种适用于这种身份验证的方法:

There are two suitable approaches for that kind of authentication:

• 作为装饰器::如果某些视图(但不是很多)需要进行此检查，则最好为此编写一个装饰器(类似于@Jingo编写的东西)
• 作为中间件::如果该检查需要由所有(或许多)视图完成，则可以使用

• As Decorator: if some of views (but not many of them) requires this check, then it is better to write a decorator for that (something like @Jingo had written)
• As Middleware: if that check needed to be done by all (or many) views, instead of using a decorator, writing a middleware is a better solution.

示例中间件可以是这样的:

A sample middleware can be something like:

ALLOWED_IP_BLOCKS = [......]

class NeedToLoginMiddleware(object):
    def process_request(self, request):
        ip = request.META['REMOTE_ADDR']
        if not ip in ALLOWED_IP_BLOCKS: #ip check
            if not request.user.is_authenticated(): #if ip check failed, make authentication check
                return HttpResponseRedirect(...)
        return None

• 您可以使用列表或@Jingo提到的正则表达式进行ip检查.

• 如果使用的是django身份验证，并且REMOTE_ADDR不在ALLOWED_IP_BLOCKS列表中，则可以使用is_authenticated检查相关用户是否已登录.但是要在自定义中间件中使用is_authenticated，必须将自定义中间件放置在 AuthenticationMiddleware之后，因为request.user设置在该级别.

  • You can make ip check using a list, or a regex as @Jingo mentioned.

  • If you are using django authentication and REMOTE_ADDR is not in ALLOWED_IP_BLOCKS list, then you can use is_authenticated to check if related user had logged in or not. But for using is_authenticated in a custom middleware, your custom middleware must be placed after AuthenticationMiddleware, because request.user is set on that level.

    MIDDLEWARE_CLASSES = (
        ...
        'django.contrib.auth.middleware.AuthenticationMiddleware',
        'path.to.my.NeedToLoginMiddleware',
        ...
    )
    

    • 如果一些视图不需要此身份验证，则可以列出例外url 列表，并从request.path获取请求url，然后检查请求url是否需要ip check/authentication.
    • If a few views do not require this authentication, then you can make a list of exceptional urls and get the request url from request.path and check if the request url requires ip check/authentication.

    有关自定义中间件类的详细信息

    这篇关于通过Django中的IP地址进行身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！