Settings (durin.settings)
Settings in durin are handled in a similar way to the rest framework settings.
All settings are namespaced in the 'REST_DURIN' setting.
Example settings.py:
#...snip...
# These are the default values if none are set
from datetime import timedelta
from rest_framework.settings import api_settings
REST_DURIN = {
"DEFAULT_TOKEN_TTL": timedelta(days=1),
"TOKEN_CHARACTER_LENGTH": 64,
"USER_SERIALIZER": None,
"AUTH_HEADER_PREFIX": "Token",
"EXPIRY_DATETIME_FORMAT": api_settings.DATETIME_FORMAT,
"TOKEN_CACHE_TIMEOUT": 60,
"REFRESH_TOKEN_ON_LOGIN": False,
"AUTHTOKEN_SELECT_RELATED_LIST": ["user"],
"API_ACCESS_CLIENT_NAME": None,
"API_ACCESS_EXCLUDE_FROM_SESSIONS": False,
"API_ACCESS_RESPONSE_INCLUDE_TOKEN": False,
}
#...snip...
-
DEFAULT_TOKEN_TTL Default:
timedelta(days=1)This is how long a token can exist before it expires. Expired tokens are automatically removed from the system.
The setting should be set to an instance of
datetime.timedelta.Durin provides setting a different token Time To Live (
token_ttl) value per client object. So this is the default value thedurin.models.Clientmodel uses incase a custom value wasn’t specified.Warning: setting a 0 or negative timedelta will create tokens that instantly expire, the system will not prevent you setting this.
-
TOKEN_CHARACTER_LENGTH Default:
64This is the length of the token that will be sent to the client. This shouldn’t need changing.
-
USER_SERIALIZER Default:
NoneThis is the reference to the class used to serialize the
Userobjects when succesfully returning fromdurin.views.LoginView. The default isdurin.serializers.UserSerializer.
-
AUTH_HEADER_PREFIX Default:
"Token"This is the Authorization header value prefix.
-
EXPIRY_DATETIME_FORMAT Default: DATETIME_FORMAT (of Django REST framework)
This is the expiry datetime format returned in the login and refresh views.
May be any of
None,iso-8601or a Python strftime format string.
-
TOKEN_CACHE_TIMEOUT Default:
60This is the cache timeout (in seconds) used by
django-memoizein case you are usingdurin.auth.CachedTokenAuthenticationbackend in your app.
-
REFRESH_TOKEN_ON_LOGIN Default:
FalseWhen a request is made to the
durin.views.LoginView. One of two things happen:Token instance for a particular user-client pair already exists.
A new token instance is generated for the provided user-client pair.
In the first case, the already existing token is sent in response. So this setting if set to
Trueshould extend the expiry time of the token by it’sdurin.models.Clienttoken_ttleverytime login happens.
-
AUTHTOKEN_SELECT_RELATED_LIST Default:
["user"]This is passed as an argument to
select_relatedwhen thedurin.auth.TokenAuthenticationclass fetches thedurin.models.AuthTokeninstance. For example,AuthToken.objects.select_related(*AUTHTOKEN_SELECT_RELATED_LIST).get(token=token_string)
Otherwise, set to a falsy value such as
NoneorFalseto not useselect_related.Hint
Refer to Django’s select_related docs to see how this can boost performance by reducing number of SQL queries made.
-
API_ACCESS_CLIENT_NAME Default:
NoneThere may be an use-case where you want to issue API keys to your users so they can call your RESTful API using cURL or a custom client.
Set this setting to the ``name` of the specific
durin.models.Clientinstance to issue these API keys against.Note: The
durin.views.APIAccessTokenViewview allows management of this.
-
API_ACCESS_EXCLUDE_FROM_SESSIONS Default:
FalseIf set to
True, theAuthTokeninstance for the specifcAPI_ACCESS_CLIENT_NAME’s Client` instance will be excluded from the overall “Sessions List” (GET /api/sessions/) response.This is useful because you may want the view to list only the “browser sessions”.
-
API_ACCESS_RESPONSE_INCLUDE_TOKEN Default:
FalseIf set to
False, thetokenfield would be omitted from thedurin.views.APIAccessTokenViewview’s (GET /api/apiaccess/) response.In case of
POSTrequest, thetokenfield is always included despite of this setting.