I'm building a global login page for Wagtail. The setting for PASSWORD_REQUIRED_TEMPLATE isn't working. In fact, i can't find n example where it actually does work which makes me think that I don't understand what it's supposed to do.
When I add; PASSWORD_REQUIRED_TEMPLATE = 'utils/auth/password-required.html' to the settings file it does not catch the login form and use my custom form.
Is this a know issue?
I think you've misunderstood what this is for. The PASSWORD_REQUIRED_TEMPLATE is used when someone tries to access a page that has been marked as private, and requires a password to view.
This is independent of whether or not the user is logged in, and is a different form entirely from the regular login form, which appears to be what you're trying to override.
If you want to change the frontend login form, then you need to set WAGTAIL_FRONTEND_LOGIN_TEMPLATE.
If you want to change the admin login form you need to override the wagtailadmin/login.html template.
Related
I am making a project where each client have their own app. This is because they have similar pages but not exactly the same so I think it's a good approach(I may be wrong) to just copy one app for each new client. I have not tried it yet, I am still planning for it. I see one problem with the view site link in the admin. I will let the clients use the admin. How can I set the view site link to the main page for the client? One way to solve it would be to leave it as is and have a function checking their user name and redirecting to the right app. But is there any other way to solve this problem?
I don't think it will be a good idea to have applications generated for users as that's too much once you reached a specific amount of users.
they have similar pages but not exactly the same
Then what you should do is to, after getting the user in your view, pass in a different context to your template. Something like:
def my_view(request):
# First assign different context to different users
context = {'data': 'whatever each user gets', 'other': 'put in more than 1 data',}
return render(request, 'myapp/index.html', context)
I will let the clients use the admin
That's not a good idea as the clients MUST be a superuser to view the admin site. Otherwise, you need to change the permissions of a superuser, make a separate superuser if you are the maintainer of the site, and all sorts of trouble. Just take some time and make your own templates.
Hello I'm new to Django and I'm using Django's built in forms to login my users, also I have a contact form where I'm using Google reCaptcha to avoid attacks.
I was wondering if it is needed to add reCaptcha to my login form. I have heard Django takes care most of security and I don't want to repeat code if default login form is already prepared for brute force attacks.
In case its better to add reCaptcha to default login form how can I process the validation? In my contact form I call Google's API to verify user click within my views, but I don't feel comfortable adding that code inside the auth_views.LoginView class.
Thanks!
Django does not take care of any rate-limiting with its forms, including login.
I think that it is a good idea to include some sort of rate-limiting security measure to your login form. re-Captcha might be overkill as a default, unless there are several incorrect attempts within a timeframe.
Take a look at the Django rate-limit project for an easy to implement alternative to captcha.
In order to add reCaptcha to the login view, rather than modifying the auth_views.LoginView class, just create a new view that extends that class. You can add your recaptcha form validation just like in your contact form.
Then you can update your url to point to your custom view and template:
url(r'^login/$', custom_auth_views.recaptcha_login, {'template_name': 'core/recaptcha_login.html'}, name='login'),
See this post on how to extend the login views / templates.
I'm currently using out-of-the-box django.contrib.auth to handle authentication in my Django app. This means that the user starts at a log in page and is redirected to the app on successful login. I would like to make my app single-page, including this login process, where a redirect doesn't happen, but maybe a "hot" template switch-out or some fancy client-side div magic (that still remains secure). My Google searching turned up pretty short, the closest solution dealing with putting a log in form on every page.
Any direction or ideas here would be much appreciated. I would obviously prefer to work within the existing confines of django.contrib.auth if possible, but I'm open to all solutions.
I'm not sure I understand your question completely. I think you want to have a single page. If so, put logic in your template that checks to see if the user is authenticated. If not, display a login form that POSTS to the appropriate django.contrib.auth view. You can supply an argument to this view to have it redirect back to your page. When you come back, the user will be authenticated, so you won't display the login form.
Have a look at Django-Easy-Pjax https://pypi.python.org/pypi/django-easy-pjax - it works like a charm and is well documented. Everything you like is being made with AJAX requests: links, forms using GET and forms using POST.
Essentially you only need to add a data-pjax="#id_of_the_container_where_the_result_goes" attribute in your a and form tags.
And the great thing about it: It updates the title and location bar of your browser.
One caveat: If you want to upload files in some form, this is not supported by Easy-Pjax, so you might want to use some workaround jQuery library for that.
Is there a good way to have both the login and register forms for django-registration on one page? I've had trouble finding a way to do it now that the backend system is enforced. Is there a view that can be overwritten that would allow you to add both forms to it? Anyone done this before or can point to an article about this?
Edit: Just to clarify I have the whole django-registration and login system set up and working properly, I'd just like to get both forms on the same page. I do not have access to their views.
Just hard-code your login-form in the registration-html-template. It should work like a charm.
You can always override the default login and registration views/templates. You can take a look at this link and see if this was what you were thinking to do. Then, you can read the Django documentation for further information about making custom login and registration views and templates as well.
I want to place a "login" field in every page. I looked some examples about authentication in django and all of them creates a new login page and uses django.contrib.auth.views.login .
However, I want to use some parts of this view. So how can i create a view that uses also django auth ?
p.s.: if it's not clear let me know, cause I'm kinda lost and don't know how to ask =)
At first try take a look here https://bitbucket.org/ubernostrum/django-registration/
It is ready done registration/login solution, you can create some template for login and after this include to your pages using include syntax http://docs.djangoproject.com/en/dev/ref/templates/builtins/?from=olddocs#include