I need to login programmatically in Django.I had registered by using normal registration page. but i need to login for a single person by saying the username and password in the program itself.So he is allowed to view the requested page.I don't need user authorization, just to redirect the page if username and password is " given in the program.."
You can use authenticate and login.
authenticate user credentials to confirm they are valid. If they are, authenticate will return a User object.
Then use login and you are all set.
Example:
from django.contrib.auth import login, authenticate
user = authenticate(request, username="some_user", password="some_password")
if user:
login(request, user)
Use with caution between sessions and make sure you are not mistakenly logging a stranger to an incorrect user.
Related
I am new to programming and I don't fully understand how allauth work and what exactly to do.
I have an application where the user is inactive after signing up and he must click on the confirmation email so that he becomes active.
I tried to configure allauth so that a user can also log in with google, but when a new user logs in he is redirected to a page that says Account Inactive.In admin I can see that it creates an account (inactive) and also an entry in social accounts but it doesn't generate a social application token.
On the other hand when a user that already has an acount tries to log in with google it redirect to allauth sign up page.
And so I don't understand how activation with allauth works. Did I make something wrong with my allauth configuration? Should I edit my login function or something else?
Take a look at the DefaultAdapter class. There is a method for pre_login that checks if your user is inactive and if they are it immediately redirects them to the account_inactive url.
def pre_login(
self,
request,
user,
*,
email_verification,
signal_kwargs,
email,
signup,
redirect_url
):
from .utils import has_verified_email, send_email_confirmation
if not user.is_active:
return self.respond_user_inactive(request, user)
....
def respond_user_inactive(self, request, user):
return HttpResponseRedirect(reverse("account_inactive"))
Is there away to authenticate username and password in Django. all i can find is
https://simpleisbetterthancomplex.com/tutorial/2017/02/18/how-to-create-user-sign-up-view.html
this it is just uses username authentication
Django by default authenticating the user by using of username. If you want to authenticate the user with email instead of username you can check this tutorial. Authenticate user with email instead of username
It might be worth your while to look at allauth. https://django-allauth.readthedocs.io/en/latest/overview.html
By overriding the SocialAccountManager
def save_user(self, request, sociallogin, form=None):
"""
Saves a newly signed up social login. In case of auto-signup,
the signup form is not available.
"""
u = sociallogin.user
u.set_unusable_password()
if form:
get_account_adapter().save_user(request, u, form)
else:
get_account_adapter().populate_username(request, u)
sociallogin.save(request)
return u
how to get the password from social account signup
Actually, you can't.
Django Allauth does not hash or store passwords for social login users. It does not handle the authentication on its end.
Suppose a user try to do a google login at your website, the authentication happens on google servers not on your end. If the user's password is correct then LOGIN_REDIRECT_URL = "url-name/" defined in your django project redirects that user to the url.
You can't get the password. If you can, or those social apps share the password of their users, then both you and that social apps have violate the user privacy rules. In my opinion it's a crime.
The only way you could do is ask your user to set a new password for your site. Send them an email to confirm the change. But that means you have to make an additional route for your app, which has no point.
Given an username and password, I want to authenticate against a LDAP directoy with these credentials in one of my Django apps. I've been taking a look Django-auth-ldap but I still don't know how to use it properly once I've configured it.
On the one hand, I receive a JSON with username and password and I need to add an user to LDAP with these credentials. And, on the other hand, in subsequent request, I need to check that the user who makes the request belongs to LDAP (and only LDAP not the own Django backend, so if there's an user with the same credentials in the Django users database should't be allow to continue).
I've tried something like this to add an user:
authbackends.py
class CustomLDAPBackend(LDAPBackend):
def authenticate(self, username, password, **kwargs):
# Add user to LDAP
user = LDAPBackend.authenticate(self, username, password)
return user
So I can import it in my view to add the user to LDAP.
Could anyone outline a solution?
Even if I understand the problem, I'm not sure how to solve this. I have a django powered api that has an endpoint that lets the user change the email. If the logged user A enters a already existing email, it checks if the logged user A entered a password that corresponds to the already existing user B object (i.e he owns another, older account). If that is the case, I have to logout the actual user A and login again the already existing B account.
...
if User.objects.filter(email=email).exists():
# If the email already belongs to another account
user = authenticate(username=email, password=password)
if user is not None:
# The user is the owner of the existing account, he has the password
# Get already existing client object
client_existing_user_obj = Client.objects.get(user=user)
# get clients actual cart
actual_cart = client.cart
# update existing clients cart with newly created cart
client_existing_user_obj.cart = actual_cart
# logout user with the old email, login already existing user
logout(request)
login(request, user)
...
The endpoint works correctly, it returns 200. However, the next post & put requests answer 403 - "detail": "CSRF Failed: CSRF token missing or incorrect."
How can I solve this? Any advice will help.
Django rotates the CSRF token when a user logs in. This is a security measure.
You'll have to refresh the token after login (e.g by refreshing the page) before you submit more POST/PUT requests.