tags:

views:

46

answers:

1
+3  Q: 

Django RSS Feed Authentication

I am looking into adding RSS feeds to one of my Django apps and I would like to be able to have them be authenticated.

I want to use the new syndication framework in Django 1.2. I've read the docs on how to do this and have the basic feeds setup.

I am new to authenticating feeds, so I am not sure what the best approach to take is or what my options really are.

Each user has a unique sub domain and I would like the URL structure to look something like this: http://mysubdomain.mysite.com/myapp/rss/ if possible.

I don't want the feeds to be publicly available, is it possible to use the users username and password for the authentication? Have you found that most feed readers support this? If it's not possible to authenticate for each user, should I try to use a uuid to give them a unique url or is that not secure enough?

As you can probably tell I am not sure what direction to take with this, so any advice on the best way to do this would be very much appreciated.

Thanks

+1  A: 

Have you tried wrapping the syndication view django.contrib.syndication.views.feed into a view that requires login? RSS feeds should normally be fetched over HTTP, so this should work!

# Import Django's standard feed view.
from django.contrib.auth.decorators import login_required
from django.django.contrib.syndication.views import feed

# Wrap it in a new feed view that requires authentication!
private_feed = login_required(feed)

Caveat: I've never tried this!

Edit!

To be safe with RSS readers that don't support redirection, return a HTTP 401 status code with the following:

authentication_url = '/accounts/login'
def feed_safe_login_required ( view ):
    def _ ( request, *args, **kwargs ):
        if not request.user.is_authenticated:
            return HttpResponseNotAuthorized, authentication_url
    return _

feed = feed_safe_login_required(django.contrib.syndication.views.feed)

Where HttpResponseNotAuthorized is as defined in this django snippet.

André Caron  2010-09-28 23:51:39
I don't think that will work because if they are not signed in, it will redirect the user and most RSS feed readers don't support redirects to sign in. From reading up, I think I have to use basic auth and then return a 401 code if they are not signed in. Haven't figured out how to do that yet though, so any advice would be helpful.
bababa  2010-09-29 21:14:25
Same thing Stills spolies, though. Wrap thé vie, testing if the user is authenticated, and if not, return a custom HttpResponse object, as shown here: http://djangosnippets.org/snippets/813/
André Caron  2010-09-29 23:37:48

related questions

Programmatically talking to a Serial Port in OS X or Linux
Best ways to teach a beginner to program?
Calling a Function From a String With the Function's Name in Python
An executable Python app
Text Editor For Linux (Besides Vi)?
What Hosting Service is best for Django applications?
File size differences after copying a file to a server vía FTP
Python: what is the difference between (1,2,3) and [1,2,3], and when should I use each?
Python: What OS am I running on?
How do I make a menu in python that does not require the user to press (enter) to make a selection?
How do you express binary literals in Python?
What is the most efficient graph data structure in Python?
Adding a Method to an Existing Object
How to learn Python: Good Example Code?
How do I use Python's itertools.groupby()?
Python and MySQL
Class views in Django
Is there an IDE that provides code completion for Python
Using 'in' to match an attribute of Python objects in an array
cx_Oracle - what is the best way to iterate over a result set?
cx_Oracle - How do I access Oracle from Python?
Continuous Integration System for a Python Codebase
Get a preview jpeg of a pdf on windows?
How can I find the full path to a font from its display name on a Mac?
XML Processing in Python