I am creating an application that has a list of Employees, and after a user registers and verifies their email, I create a relationship between the Employee and their User account.
I am using Django all auth, and have the email confirmation on GET set to True.
I am unsure on how I can add logic, so after the GET I perform some operations, find use the email to find the user, etc.
I have created a custom RegisterSerializer before, but since this is a GET instead of POST I wasn't sure if I could do something similar with EmailVerification.
How would I go about adding custom logic for this?
Related
When I create the Django superuser , if I try to add a weak password Django doesn't let me, but for normal users, in admin, or using register form I can add very simple password.
How can I ad the password validation from the superuser creation to all users ?
Can the number of login bad tries be limited (I prefer without third-party)
When creating users or super users alike both use the same Django configuration settings AUTH_PASSWORD_VALIDATORS and if left unmodified it'll contain a list of validators that all passwords will validate against when creating users via Django admin.
This is also the place where you strengthen your validators by adding more if you want harder or remove if you want to be more lax.
However, if you're creating users via the management commands create_user and create_superuser this list of validators will not apply. This is because Django assumes that only developers are interacting with Django at this level.
For your second ask, there is nothing built-in to Django that supports login tries and following blocking of further logins. This is something that either comes from 3rd party apps such as django-defender or from own implementation.
The broad strokes of that implementation is
Add a new tablemechanism that stores number of tries
Add a new settings in settings.py LOGIN_ATTEMPTS = 3
Override the login flow for a user in which you check this table for attempts
If failed attempt increment counter, if successful reset counter.
If user hits the limit of attempts, set users is_active to False and always return False from your login override.
I am using Django rest framework to build my application backend. I have used Django-rest-auth (https://github.com/Tivix/django-rest-auth) to enable login and registration for my app. It is already working.
However as per my new requirement, I have a list of usernames and only those usernames can register into my system. How can I achieve this?
I had few ideas (do not know if they make total sense):
1. A new model to store usernames, so that in future more usernames can be added via admin interface
2. Whenever a user makes a call from client: the entered username is checked against this new usernames table and if it exists in the table registration is allowed.
Or there can be a still easier way to do this? Any code snippets?
On the client side I use the iOS SDK for Facebook to login and I get the Facebook ID and the access token.
Now on the Django side of things I would like to create a user with Facebook ID as the primary identifier and other fields like access token, first name, last name etc (the last two of which I will retrieve from the Graph API on the server side).
I know that I have to create a custom user model.
If you wish to store information related to User, you can use a one-to-one relationship to a model containing the fields for additional information. This one-to-one model is often called a profile model, as it might store non-auth related information about a site user.
This will not be enough as I will be using the Facebook ID and the access token for authentication.
This leaves me with two options: I can substitute a custom user model like so:
AUTH_USER_MODEL = 'myapp.MyUser'
Or I can subclass AbstractUser:
If you’re entirely happy with Django’s User model and you just want to
add some additional profile information, you can simply subclass
django.contrib.auth.models.AbstractUser and add your custom profile
fields.
But that doesn't sound quite right either. Also this design tip has confused me a little more.
Model design considerations
Think carefully before handling information not directly related to authentication in your custom User Model.It may be better to store app-specific user information in a model that has a relation with the User model.
What is the best way to implement what I am trying to do?
Just a side note: The problem of a custom user is that it is often the case that other apps (and yes, you will use them) don't interact correctly with it due to the assumptions they make on the base model for auth.
This will not be enough as I will be using the Facebook ID and the access token for authentication.
I'm not sure you really need a custom user. For instance, I'm using open id for authentication and there is no problem in using the default user: there is just another model with a OneToOne relationship to the default user.
The main concern you should have for a Facebook ID for authentication (and authentication in general) is to have a custom authentication Backend with its own specific facebook authentication.
Internally, authenticate() runs through all installed backends (settings.AUTHENTICATION_BACKENDS) and tries to authenticate the user with one of those.
You can search some of the existing implementations e.g. in Django packages for facebook authentication.
If your users should be enabled to login/register with username, mail and password -> use a OneToOne relationship to django's usermodel to store facebook credentials.
If your usermodel entirely depends on facebook data and you don't want your users to login with username/pass -> substitute the usermodel with AUTH_USER_MODEL = 'myapp.MyUser'.
You might also want to take a look at django-allauth which solves much of your problems in a sweet little package.
To learn Django, I was making a very basic app which does the following:
Takes a user's login (checks id password in a database).
If user exists and password is right, give user option to either insert,delete or update.
If insert, user can insert an entry into a common table.
Similarly for delete or update.
I was cruising through this but I just got stuck.
My Login page is /index/.
Option for insert/delete/update is at /application/.
Now next, page is displayed according to insert/delete/update at /application/action/
Now the problem is that after completing one insertion, I want to return to /application to carry on my next operation.
But if I do that, I get this error
"Key 'userid' not found in <QueryDict: {}>"
So the view for /application/ is expecting the userid and password in request.POST.
How do I get around this without using external user login modules. I just want a very basic login system just to learn.
Django comes with user authentication built in. I don't think it is external as it is included in django.contrib.
If you use the built in user authentiaction and User model, you will not have to pass the userid to each view. Django will automatically retrieve the logged in user from the session and make it available as a property of the request object.
So using built in user and authentiaction, after logging in a user, you can access that user at
request.user
I searched for a similar question but found none so far.
I have a subclass of User (django.contrib.auth.models.User). I want my site to support both Individual users and Business users, so in this case it's:
class BusinessUser(User):
website = models.CharField(max_length=20)
objects = UserManager()
I have a register form that saves a user as a User and another one that saves my user as a BusinessUser. The problematic case is the BusinessUser:
I have checked through the Django console that both an User and a BusinessUser object exists after registration of a BusinessUser, and all fields are fine (username, email, password).
However, on my login page, I cannot login with my BusinessUser's. I can login fine with the normal User's registered, but not BusinessUser's.
Does anyone know what might be wrong?
Thank you.
Custom authentification backend should be used when django's User subclassed
You can see example here
I haven't tested this, but I believe this will work.
You subclassed User. Don't do that ever. Use profiles to add additional data, and if you really need two separate models (say for having two separate views for individual and business users in the admin) create proxy models and custom managers that filter only individual or business users from User.