Skip to content

Protect your sensitive Django views by requiring re-authentication

License

Notifications You must be signed in to change notification settings

dxclabs/django-elevate

 
 

Repository files navigation

django-elevate

https://travis-ci.org/justinmayer/django-elevate.svg?branch=master https://coveralls.io/repos/github/justinmayer/django-elevate/badge.svg?branch=master
Elevate mode offers an extra layer of security for your most sensitive pages.
This is an implementation of GitHub's Sudo Mode for Django.

What is this for?

Elevate provides an extra layer of security beyond initial user authentication. Views can be decorated with @elevate_required, and then users must re-authenticate to access that resource. This might be useful for deleting objects, canceling subscriptions, and other sensitive operations. After re-authentication, the user has elevated permissions for the duration of ELEVATE_COOKIE_AGE. This duration is independent of the normal session duration, allowing for short elevated permission durations while still retaining long user sessions.

Installation

$ pip install django-elevate

Compatibility

  • Django 1.8 - 2.0
  • Python 2.7 - 3.6
  • pypy

Resources

About

Protect your sensitive Django views by requiring re-authentication

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Python 100.0%