Any other quality references for Flask login management out there? - flask

Beginners find many quick construct templates and tips to get started with basic flask-python applications but it is very dry for complete ones. A complete app needs minimum login functionality and password management. Max Halford boilerplate is high quality (https://github.com/MaxHalford/flask-boilerplate/blob/master/README.md) Other fine references are welcome.
I have tried PythonAnywhere, Lynda and most of stackoverflow. All fine with basic starters, but not minimum login and password management examples.
Password change and forgot password are minimum elements of password management.
Any other fine references out there?

your first go-to should probably always be the documentation.
Flask-Login , Flask-Security.
the best overall comprehensive example of what i'm assuming you're looking for in this case can be found here.
the tutorial covers everything from building your flask app from scratch through deployment. enjoy!

Related

What are reasons for not using Django Admin with Django Rest Framework

It's been a while since I last used Django for a project and there have been some really great advances in the core project and the ecosystem around it.
One of those is the mature API development libraries like django-rest-framework.
So far I'm loving it. But it seems that all the guides I've found are disabling the Django Admin when using Django Rest Framework.
The reasons I've seen given were essentially "We don't need it for anything" or "We aren't using sessions, which Admin uses, so it won't work, so we're not using it."
"Don't need it" is a valid reason.
But other than that, are there reasons that it's bad practice to keep the Django Admin enabled when the project is primarily used as an API?
For my purposes, I find it convenient to manage user permissions and as a simple way to code admin only functions for dealing with the underlying data.
note: I've considered whether this question is designed to elicit opinions, which is not appropriate on SO. I believe that the answers I'm asking for will be technical or security based reasons with fact or experience based reasoning.
Totally agree.
On my current project, users are getting and setting ALL data via django-rest-framework.
Like you, I find the admin site convenient to manage user permissions, permissions groups, writing emails, sms, mobile applications push and more.
More, all these models are being translated, and translation is set in THE ADMIN SITE !!!
So, if we need a new object with translation, we do not need a new app release (example in pic of a question).
objects translations are readable and clear.
Data is organized nicely with minimal effort.
Admin get cool skins (jet / grappelli etc etc)
Language activation works like a charm in the APIViews.

django - How to create app equivalent to "admin"?

I have recently started learning Python & Django. I have gone through the Django tutorial twice now and am beginning to feel comfortable with its contents.
My goal is to make an app pretty much like the Django "Admin" site. What I am unsure about is how to go about it in the most efficient way.
Based on what I have learned from the tutorials I have had a go at making my app and am successfully displaying readonly data.
What I would like to do now is give users the ability to modify the data themselves, create new records etc etc, pretty much exactly the same way that the "admin" site works. Is there a shortcut way of implementing this, versus coding it all myself?
As the "admin" interface was built automatically to suit my model, i figure it should be possible to do something similar for the user facing side of the app without having to recode it all?
Any help greatly appreciated!
cheers
James (python & django newbie)
Thanks for the responses. To summarise them:
No, there is not a quick way to generate something similar to "admin" in the user side of an app.
You can extend/mod the "admin" side to your requirements, and give users access to this area (customise the permissions for this).

Turning a usual django website into a RESTful api

I've been working on. A web project for few months now.And it's a simple website with usual django models views urls and templates,with simple Ajax using jquery for the templates.
Now thinking of having a possibility of making an application soon. I am thinking of using Tastypie to make a RESTful api for my website. So the idea is to
Use Tastypie to make a RESTful api.
Using backbone.js to make my website a single page application
Using plist and json for my android and ios applications.
My concern starts here, with this new course of action, would. I have to make most of my website again? And if that is the case should I stop working on what I've already made and then start from scratch following the above guidelines? Again, in context to tastypie and backbone.js, what would happen to my already written views and template logic?
I've been reasearching over this topic alot and cannot find a definitive answer. So thought of asking all of you who are already experienced or have gone through the same transition.
I have almost no exposure to RESTful APIs. But I am getting inclined towards a RESTful approach as it would make app development easier.
PS. I would really appreciate if I don't get negative votes for it, but advice instead.
You could try it out side by side in the same site/project. Keep the existing django views. Add new tastypie ones under a different URL, for instance "/api/".
Likewise, a single page app? That is just one new template next to the existing ones. Keep it at "/single/" for the moment. And keep the existing pages.
The actual functionality will probably stay the same. Extract useful code as separate functions out of your existing views and call them from both tastypie and your original views. This will probably even make your existing code clearer and cleaner :-)
I'd say it's much of a philosophical question.
If the site is on a deadline or in production I would probably put it in git and give it two head branches:
production branch
refactor branch
The benefit then is that you can keep the old site up and add new features and merge this in your refactor branch.
Then again it much depends on the complexity and how the site acts today.
Doing the two branch system will give you the option to stop the refactor without losing your old version.

Using Django-admin and a custom user-specific admin concurrently

I'm creating a Django powered website that will have numerous applications (Blog, Shop, Portfolio, etc.) that will be edited by 5 or so people, and I have so-far been designing everything with the Django admin in mind.
I have come to realise that this is a very bad way of thinking -as really- the Django admin should really only be for top level administrators, and should be used for exactly that: administrating the website, not contributing to it.
I wrote out the feature-set and realised that the number of applications the entire website should have (sitemaps,mailers,contactforms,comments,tags etc.)is much much larger than the number of features the editor should have access to (CRUD actions for blog/about section etc).
Is it better practice to build a complex permission based Django admin, or build a second custom "editors" admin to run concurrently.
I think this is something that should be discussed in the documentation, as until I realised this, I had a lot of trouble understanding how to break the website down into applications, as I was designing everything with the admin in mind (and what actual user should see in the admin)
I'd argue that you should build a separate "diverse" admin app. Here are the pros and cons as I see them:
Pros:
No need to tamper with Admin or use hacks to get specific features. I suspect you'll need several such given your requirements.
De coupling from Admin. While Admin is very useful it is a bad idea to tightly couple your app with it. All the more so if you are tweaking it. Your would have to watch out for any changes in Admin that would break your app.
Custom styling. I guess visual appeal may not be high on your list but it is far more easier to style your apps than the Admin app.
Separate the really super users from "line admins". Let only the power users see the real innards of your system.
Cons:
You'd be reinventing the wheel. Generic views make this easier but you'd still end up duplicating features or featurelets.
Testing. The Admin app is widely used and is fairly well tested. You can use it without writing any unit tests (for most part). If you build your own you'll have to build an extensive test suite around it.
It is a matter of opinion I think. But personally I prefer to create a separate admin and link a user group to that instead of using the main admin for both.
That way you can easily see how everything looks for the other users when there's a problem. It all depends on your situation though, so YMMV

Customizable Authencation backends not followed by Django's own login testcases. Why?

I learnt that using Customizable Authencation backends philosophy, one can create a website which accepts email addresses as usernames. But after building the corresponding logic and testing that my code is working fine, I found one issue with Django's own testcases. They were failing to follow the Customizable Authencation backend philosophy. Meaning, the testcases were actually having hardcoded values('username': 'testclient') for testing the "login" process. Why is that? Django always discourages Tight Coupling. But whats happening here?
I am not bashing Django by any means! I am a big fan and I will be, for years to come. Just want to know the reason behind this!
Update: As #dmishe pointed out those testcases should validate Django's own functionality. I understood that. But how do I let those "failing testcase" errors NOT show up when I run my testcases or run the whole project test suite?
As dmishe points out, it is not a problem that the contrib.auth tests test the functionality that is built in to the contrib.auth app. It is a problem that those tests are run for user projects by default, and it is easy to break them via normal settings customization. This is a problem the Django developers are aware of and working on possible solutions.
In the meantime, my solution is to define a simple bash script to test only the apps I want to. So instead of "./manage.py test" I run a script that does "./manage.py test app1 app2 app3...". Not perfect, but it's far from the worst of my problems :-)
Update: This commit might interest you.
I don't see a problem here, django.contrib.auth.tests should test auth app and nothing more. Thus, it should test built-in backend which is username/password combination.