Skip to content

fl_server_api.views.base

Classes:

Name Description
BasicAuthAllowingTokenAuthInUrl

A class that extends the BasicAuthentication to allow token authentication in the URL.
ViewSet

A base ViewSet that includes default authentication and permission classes.

Classes

BasicAuthAllowingTokenAuthInUrl

Bases: BasicAuthentication


              flowchart TD
              fl_server_api.views.base.BasicAuthAllowingTokenAuthInUrl[BasicAuthAllowingTokenAuthInUrl]

              

              click fl_server_api.views.base.BasicAuthAllowingTokenAuthInUrl href "" "fl_server_api.views.base.BasicAuthAllowingTokenAuthInUrl"

A class that extends the BasicAuthentication to allow token authentication in the URL.

Used by:

Methods:

Name Description
authenticate_credentials

Authenticate credentials against username/password or token.
Source code in fl_server_api/views/base.py 
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
class BasicAuthAllowingTokenAuthInUrl(BasicAuthentication):
    """
    A class that extends the BasicAuthentication to allow token authentication in the URL.
    """

    def authenticate_credentials(self, userid_or_token, password, request=None):
        """
        Authenticate credentials against username/password or token.

        Basic Authentication:
        Authenticate the userid and password against username and password
        with optional request for context.

        Token Authentication over URL:
        Authenticate the given token against the token in the database.
        """
        # check if special token authentication is used
        if (len(userid_or_token) == 40 and password == ""):
            # tokens are always 40 characters long
            # see: rest_framework.authtoken.models.Token (class method: generate_key)
            #      which uses `binascii.hexlify(os.urandom(20)).decode()`
            return TokenAuthentication().authenticate_credentials(userid_or_token)

        # default Basic Authentication
        return super().authenticate_credentials(userid_or_token, password, request)

Functions

authenticate_credentials 
authenticate_credentials(userid_or_token, password, request=None)

Authenticate credentials against username/password or token.

Basic Authentication: Authenticate the userid and password against username and password with optional request for context.

Token Authentication over URL: Authenticate the given token against the token in the database.

Source code in fl_server_api/views/base.py 
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
def authenticate_credentials(self, userid_or_token, password, request=None):
    """
    Authenticate credentials against username/password or token.

    Basic Authentication:
    Authenticate the userid and password against username and password
    with optional request for context.

    Token Authentication over URL:
    Authenticate the given token against the token in the database.
    """
    # check if special token authentication is used
    if (len(userid_or_token) == 40 and password == ""):
        # tokens are always 40 characters long
        # see: rest_framework.authtoken.models.Token (class method: generate_key)
        #      which uses `binascii.hexlify(os.urandom(20)).decode()`
        return TokenAuthentication().authenticate_credentials(userid_or_token)

    # default Basic Authentication
    return super().authenticate_credentials(userid_or_token, password, request)

ViewSet

Bases: ViewSet


              flowchart TD
              fl_server_api.views.base.ViewSet[ViewSet]

              

              click fl_server_api.views.base.ViewSet href "" "fl_server_api.views.base.ViewSet"

A base ViewSet that includes default authentication and permission classes.

This class allows the authentication and permission classes to be overwritten by the child class or the request method. To overwrite the authentication and permission classes for a specific request method, use the @decorators.authentication_classes and @decorators.permission_classes decorators from rest_framework.decorators.

Subclassed by:

Methods:

Name Description
get_authenticators

Get the authenticators for the ViewSet.
get_permissions

Get the permissions for the ViewSet.

Attributes:

Name Type Description
authentication_classes

The authentication classes for the ViewSet.
permission_classes

The permission classes for the ViewSet.
Source code in fl_server_api/views/base.py 
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
class ViewSet(DjangoViewSet):
    """
    A base ViewSet that includes default authentication and permission classes.

    This class allows the authentication and permission classes to be overwritten by the child class or the request
    method. To overwrite the authentication and permission classes for a specific request method, use the
    `@decorators.authentication_classes` and `@decorators.permission_classes` decorators from
    `rest_framework.decorators`.
    """

    _logger = getLogger("fl.server")

    # Note: BasicAuthentication is sensles here since it will and can't never be called due to
    #       BasicAuthAllowingTokenAuthInUrl but is required for OpenAPI to work.
    # Also note that the order of BasicAuthAllowingTokenAuthInUrl and BasicAuthentication is important
    # since if BasicAuthentication is first, Django won't ever call BasicAuthAllowingTokenAuthInUrl!
    authentication_classes = [
        TokenAuthentication,
        BasicAuthAllowingTokenAuthInUrl,
        BasicAuthentication,
        SessionAuthentication,
    ]
    """The authentication classes for the ViewSet."""
    permission_classes = [IsAuthenticated]
    """The permission classes for the ViewSet."""

    def get_authenticators(self):
        """
        Get the authenticators for the ViewSet.

        This method gets the view method and, if it has authentication classes defined via the decorator, returns them.
        Otherwise, it falls back to the default authenticators.

        Returns:
            list: The authenticators for the ViewSet.
        """
        if method := self._get_view_method():
            if hasattr(method, "authentication_classes"):
                return method.authentication_classes
        return super().get_authenticators()

    def get_permissions(self):
        """
        Get the permissions for the ViewSet.

        This method gets the view method and, if it has permission classes defined via the decorator, returns them.
        Otherwise, it falls back to the default permissions.

        Returns:
            list: The permissions for the ViewSet.
        """
        if method := self._get_view_method():
            if hasattr(method, "permission_classes"):
                return method.permission_classes
        return super().get_permissions()

    def _get_view_method(self):
        """
        Get the view method for the ViewSet.

        This method gets the action or the HTTP method of the request and returns the corresponding method of the
        ViewSet, or `None` if no such method is found.

        Returns:
            Callable | None: The view method for the ViewSet, or `None` if no such method is found.
        """
        if hasattr(self, "action") and self.action is not None:
            return self.__getattribute__(self.action)
        if hasattr(self.request, "method") and self.request.method is not None:
            http_method = self.request.method.lower()
            if hasattr(self, http_method):
                return self.__getattribute__(http_method)
        return None

Attributes

authentication_classes class-attribute instance-attribute 
authentication_classes = [TokenAuthentication, BasicAuthAllowingTokenAuthInUrl, BasicAuthentication, SessionAuthentication]

The authentication classes for the ViewSet.

permission_classes class-attribute instance-attribute 
permission_classes = [IsAuthenticated]

The permission classes for the ViewSet.

Functions

get_authenticators 
get_authenticators()

Get the authenticators for the ViewSet.

This method gets the view method and, if it has authentication classes defined via the decorator, returns them. Otherwise, it falls back to the default authenticators.

Returns:

Name Type Description
list

The authenticators for the ViewSet.
Source code in fl_server_api/views/base.py 
63
64
65
66
67
68
69
70
71
72
73
74
75
76
def get_authenticators(self):
    """
    Get the authenticators for the ViewSet.

    This method gets the view method and, if it has authentication classes defined via the decorator, returns them.
    Otherwise, it falls back to the default authenticators.

    Returns:
        list: The authenticators for the ViewSet.
    """
    if method := self._get_view_method():
        if hasattr(method, "authentication_classes"):
            return method.authentication_classes
    return super().get_authenticators()
get_permissions 
get_permissions()

Get the permissions for the ViewSet.

This method gets the view method and, if it has permission classes defined via the decorator, returns them. Otherwise, it falls back to the default permissions.

Returns:

Name Type Description
list

The permissions for the ViewSet.
Source code in fl_server_api/views/base.py 
78
79
80
81
82
83
84
85
86
87
88
89
90
91
def get_permissions(self):
    """
    Get the permissions for the ViewSet.

    This method gets the view method and, if it has permission classes defined via the decorator, returns them.
    Otherwise, it falls back to the default permissions.

    Returns:
        list: The permissions for the ViewSet.
    """
    if method := self._get_view_method():
        if hasattr(method, "permission_classes"):
            return method.permission_classes
    return super().get_permissions()