Elevate provides an extra layer of security beyond initial user authentication.
Views can be decorated with @elevate_required
, and then users must
re-authenticate to access that resource. This might be useful for deleting objects,
canceling subscriptions, and other sensitive operations. After re-authentication,
the user has elevated permissions for the duration of ELEVATE_COOKIE_AGE
.
This duration is independent of the normal session duration, allowing for short
elevated permission durations while still retaining long user sessions.
$ pip install django-elevate
- Django 2.2, 3.1, and 3.2
- Python 3.5 - 3.10
- pypy3