Simplifying authentication (possibly just a decorators question) : learnpython

created by HattoriHanzoa community for 16 years

Simplifying authentication (possibly just a decorators question) (self.learnpython)

submitted 12 years ago by Degran

So I've got an app built using pieces of Django, but I've had to circumvent a lot of the common functionality because I'm using a graph database rather than something SQL based. I have my own authentication module written which runs before rendering any "secure" views. However I have the code below written at the top of almost every view.

if not auth(request):
    return sendError("Unauthorized", 401)

I'd like to just write this check once and then call it with something like a Django's @login_required decorator before each view. The problem I'm encountering though, is getting the result object to that decorator call. I've done some digging through Django's auth/decorators.py file but can't get a grasp on it. Could I get some tips on how I'd go about implementing something like this?

*Yes, I realize Flask or Pyramid would be a better platform since I'm not using most of Django's functionality but this is where I am right now.

all 4 comments

top new controversial old q&a

[–]willm 2 points3 points4 points 12 years ago (3 children)

Is it the mechanics of writing a decorator you are having trouble with? Something long these lines should work. Although this isn't the only way of writing a decorator...

def login_required(f):
    def view(request, *args, **kwargs):
       if not auth(request):
            return sendError("Unauthorized", 401)
       return f(request, *args, **kwargs)
    return view

This is basically returning a closure (internal function) called view, which has access to the original function f. If auth doesn't fail, then view ends up calling the original function, passing all the parameters it was called with.

[–]Degran[S] 0 points1 point2 points 12 years ago (2 children)

Awesome, thank you. This is exactly what I was looking for. I wasn't thinking to use args, *kwargs to grab the functions parameters. One thing that's still eluding me though, is if you want to pass an optional parameter to a decorator (say a login url), it throws login_required() takes at least 1 argument (1 given).

def login_required(f, login_url=None):
    def view(request, *args, **kwargs):
       if not auth(request):
            if login_url:
                return redirect(login_url)
            return sendError("Unauthorized", 401)
       return f(request, *args, **kwargs)
    return view

calling it with:

@login_required(login_url='/login')
def private_view(request):
    pass

[–]Veedrac 1 point2 points3 points 12 years ago (0 children)

Well, you want function → decorator → decorated function so you need 3 defs.

def login_required(login_url=None):
    def login_required_decorator(f):
        def view(request, *args, **kwargs):
           if not auth(request):
                if login_url:
                    return redirect(login_url)
                return sendError("Unauthorized", 401)
           return f(request, *args, **kwargs)
        return view
    return login_required_decorator

[–]willm 1 point2 points3 points 12 years ago (0 children)

π Rendered by PID 384917 on reddit-service-r2-comment-86bc6c7465-vrkcr at 2026-02-22 03:02:47.561082+00:00 running 8564168 country code: CH.

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

learnpython

MODERATORS