Authentication backends

django_latch.backends.can_pass_latch(user)[source]

Check the user’s latch state. Return True if the latch is open, False if it’s closed.

class django_latch.backends.LatchModelBackendMixin[source]

A mixin for authentication backends that checks if the user has its latch on.

In order to be able to use Latch and not provoke any error, this class must be the first one to be inherited from when creating a custom authentication backend.

user_can_authenticate(user)[source]

Reject users who have their latch on. Users without the Latch configured are allowed.

If the user’s latch is on, i.e. it cannot access the application, then a PermissionDenied is raised.

Though it may seems this breaks the original “contract” of the user_can_authenticate() method, there is no other place to raise the exception without overriding the authenticate() method and blocking the check on the rest of the authentication backends (which is the objective of Latch: completely block the access, though in future releases this can be extended and generalized).

get_user(user_id)[source]

Returns the user object related to user_id.

We need to override this method because we are raising the PermissionDenied exception in the method django.contrib.auth.backends.BaseBackend.user_can_authenticate() instead of on django.contrib.auth.backends.BaseBackend.authenticate(). Then, if we use django.contrib.auth.backends.ModelBackend the exception would not be caught in get_user().

The decision behind of raising the exception in django.contrib.auth.backends.BaseBackend.user_can_authenticate() is because the method django.contrib.auth.backends.BaseBackend.authenticate() is more likely to be overridden, but, of course, overriding django.contrib.auth.backends.BaseBackend.get_user() may be also a big sacrifice.

class django_latch.backends.LatchDefaultModelBackend[source]

A subclass of django.contrib.auth.backends.ModelBackend that also checks if the user’s latch is on.

This backend is useful for a fast integration of the Latch service into a Django project that uses the default authentication process, so it has the same limitations.