Authentication¶

By using a custom authentication backend, you can make use of Django’s authentication framework while storing users in Neo4j.

First, make sure the django.contrib.auth and django.contrib.sessions middleware and the django.contrib.auth template context processor are installed. Also make sure you have a proper SESSION_ENGINE set. django.contrib.sessions.backends.file will work fine for development.

Next, add neo4django.graph_auth to your INSTALLED_APPS, and add:

AUTHENTICATION_BACKENDS = ('neo4django.graph_auth.backends.NodeModelBackend',)

in your settings.py. If you’re running Django 1.5+, set the AUTH_USER_MODEL:

AUTH_USER_MODEL = 'graph_auth.User'

To create a new user, use something like:

user = User.objects.create_user('john', 'lennon@thebeatles.com', 'johnpassword')

Login, reset password, and other included auth views should work as expected. In your views, user will contain an instance of neo4django.graph_auth.models.User for authenticated users.

Referencing Users¶

Other models are free to reference users. Consider:

from django.contrib.auth import authenticate

from neo4django.db import models
from neo4django.graph_auth.models import User

class Post(models.NodeModel):
    title = models.StringProperty()
    author = models.Relationship(User, rel_type='written_by', single=True,
                                 related_name='posts')

user = authenticate(username='john', password='johnpassword')

post = Post()
post.title = 'Cool Music Post'
post.author = user
post.save

assert list(user.posts.all())[0] == post

Customizing Users¶

Swappable user models are supported for Django 1.5+. You can subclass the included NodeModel user, remember to set also the default manager as follows:

from neo4django.db import models
from neo4django.graph_auth.models import User, UserManager

class TwitterUser(User):
    objects = UserManager()
    follows = models.Relationship('self', rel_type='follows',
                                  related_name='followed_by')

jack = TwitterUser()
jack.username = 'jack'
jack.email = 'jack@example.com'
jack.set_password("jackpassword')
jack.save()

jim = TwitterUser()
jim.username = 'jim'
jim.email = 'jim@example.com'
jim.set_password('jimpassword')
jim.follows.add(jack)
jim.save()

And in your settings.py, add:

AUTH_USER_MODEL = 'my_app.TwitterUser'

If you’re still using 1.4, you can use the subclassing approach, with caveats. First, that User manager shortcuts, like create_user(), aren’t available, and that authenticate() and other included functions to work with users will return the wrong model type. This is fairly straightforward to handle, though, using the included convenience method from_model():

from django.contrib.auth import authenticate

user = authenticate(username='jim', password='jimpassword')
twitter_user = TwitterUser.from_model(user)

Permissions¶

Because neo4django doesn’t support django.contrib.contenttypes or an equivalent, user permissions are not supported. Object-specific or contenttypes-style permissions would be a great place to contribute.