305 / 478
CHAPTER 16
Server-Side Authentication and
Mocking in Python
Let’s crack on with the server side of our new auth system. In this chapter we’ll do some
more mocking, this time with Python. We’ll also find out about how to customise Djan‐
go’s authentication system.
A Look at Our Spiked Login View
At the end of the last chapter, we had a working client side that was trying to send
authentication assertions to our server’s login view. Let’s start by building that view, and
then move inwards to build the backend authentication functions.
Here’s the spiked version of our login view:
def
persona_login
(
request
):
(
'login view'
,
file
=
sys
.
stderr
)
#user = PersonaAuthenticationBackend().authenticate(request.POST['assertion'])
user
=
authenticate
(
assertion
=
request
.
POST
[
'assertion'
])
#
if
user
is
not
None
:
login
(
request
,
user
)
#
return
redirect
(
'/'
)
authenticate
is our customised authentication function, which we’ll de-spike
later. Its job is to take the assertion from the client side and validate it.
login
is Django’s built-in login function. It stores a session object on the server,
tied to the user’s cookies, so that we can recognise them as being an authenticated
user on future requests.
Our
authenticate
function is going to make calls out, over the Internet, to Mozilla’s
servers. We don’t want that to happen in our unit test, so we’ll want to mock out
authenticate
.
277