I have a pretty simple Django app for quotes. I want to add likes to every single quote but I don't want user to login for that.
How can I achieve this without Logging in the user?
I tried to uniquely identify users without logging in.
Related
I am developing a personal blog using Django (to learn).
I want to be the only user that is allowed to post there.
However, I want to allow people to comment on my posts, when they do not register but (not sure of the correct terminology here) log in via their Google etc account to place a post.
How is this functionality called?
How can I achieve this in Django? Do I need to still save the user credentials etc into the database? Do I still need to have a Comment model (I think so)?
At first i wanna say that my code is not important here. I wanna understand logick how this works. So when i try to Login with Django Rest Framework i need to pass 2 fields "Password and Username". Is this possible to add more required fields for example i need to pass email to log in. And How do i make it compare to data that i passed while registering user. (sorry for eanglish)
I wanna make this:
enter image description here
Fields only required to log in:
enter image description here
Images Fixed
Well, login can be anything you want. See an example here :
https://docs.djangoproject.com/en/4.0/topics/http/sessions/#examples
What you need to understand is own you keep your users logged. This is done through the Authentication engines, which you can implement yourself, or keep something simple like session (cookies).
But you can even do "log-less" actions by using pre-generated token, or even using headers if you're using an proxy that setup users for you, etc.
Here is another view from SimpleJWT that generate your token (which is then used with the middleware to perform authentication when your client sends it): https://github.com/jazzband/djangorestframework-simplejwt/blob/master/rest_framework_simplejwt/views.py
I am using Django allauth for authentication to my rest api. I have the whole process working as expected (login, registration, password reset) with email confirmation ..etc.
My question is when a user register the user receives an email with the link that user need to click and confirm to get access to the website. However, i want to use allauth but instead of a link I want a randomly generated activation code (example: 123456). That user can input in a form to confirm.
Allauth currently doesn't support this. You could open up an issue asking for the feature to be implemented, but considering that there's really no obvious advantage of using both systems, I doubt this would be accepted.
Is there a reason why the link method doesn't work for you, but this does? If so, maybe there's some workaround that could work?
Here's a possible workaround (albeit a very complicated one):
Write a template tag that would trim out the website part (ex example.com/confirm/ out of example.com/confirm/sdafsdagfsagfsdafasdfsafgfdsg), so that only the actual code is sent to the user in the email
Make a form that would accept this code, and, on submission, reconstruct the url back to its original state, and go to that url, effectively activating the account. You would almost definitely need to write custom javascript for this.
I have a webapp that allows authenticated as well as anonymous users to start entering some form data. If a user is happy with his/her input, he/she can save that form to the server. This is a very similar problem to a shopping cart application that does not require login until checkout time.
For the authenticated user, implementing a save button is trivial. However for the anonymous user, the form data need to be stored somewhere while authentication is taking place, then correctly retrieved after logged in. Can someone please suggest some general strategies to go about this?
I found this link that is promising but I want to be thorough about this topic.
I think the correct way of doing this is to use django sessions. Basically each user (anonymousUser included) has a session during its stay on the website (or even more).
If you have a form that you want to store for a specific session, you can do it by using
request.session['myform'] = form
you get it by
request.session['myform']
and you can delete it using
del request.session['myform']
Basically Django pickles a dictionary of the session and saves it in a place (typically the database, but can be on other place as explained in django sessions).
I've recently started using Pushover.net, I've done some searching and can't find any examples of it being integrated with a django project.
Since i can't find any examples I've decided it would be fun to try myself. What I'm interested in is how you would suggest I do it. I want the actual pushover part as decoupled a possible, hence doing it asas an app.
What I'm not entirely sure on how to approach is the user authorization. The idea being a user enters their pushover user key and its saved in a user profile model using django's AUTH_PROFILE_MODULE with some functions such as has_pushover but obviously I'd like some security so the user keys aren't stored in plaintext. What do people suggest for this?
Is there some inbuilt django security I can use?
In the past when I've needed to encrypt Django fields I used the encrypted fields available in django-fields. You could use one of these on your UserProfile model and define a has_pushover() method on the model which basically returns whether the pushover token field is None or not.
I'm guessing because you're talking about storing each user's Pushover token you are wanting to build an app for pushing arbitrary notifications to your website's users? This is in contrast to having the website just push notifications to yourself for site events.