Django inserts wrong domain to activation email, facebook auth and filebrowser - django

I've set up a Django project on a nginx server. But..
Django detects request.get_host() in signup and activation views as localhost and sends email (for activation and password reset) with links like http://localhost/....
I've set up Facebook authorization via social-auth-app-django. But Facebook tries to open redirect_uri in localhost
(...redirect_uri=http:localhost/oauth/complete/facebook...)
Inside django admin TinyMCE editor Filebrowser also refers to localhost..
How to fix these problems? Or it seems one solution can fix all of them.
Thank you for your time and help.

Did you tried changing your Site.domain and Site.name in admin panel or via shell? from django.contrib.sites.models import Site
https://docs.djangoproject.com/en/2.1/ref/contrib/sites/
It's used in many cases such as emails by default.

Related

How to return a 404 for just Django allauth signup page?

I am rather new to Django and all of the work I have done so far has been with models/views/viewsets.. The site I am working on incorporates Django allauth for authentication. I have successfully edited/styled the login/logout templates, but the page will be accessed by people who are given credentials created in the admin section rather than signing up on their own- so the sign up page is unnecessary. I'd like to just show a 404 page anytime someone lands on the signup page. I have already removed all the links to the signup page from the other templates.
In short- how do I just redirect someone to the Django default page_not_found when they hit /accounts/signup/?
My attempts so far have revolved around editing the URLs.py file to include something like path('account_signup', page_not_found) (after importing it at the top), or some other manipulation of that line. I'm probably missing something really easy, as I have been getting a little frustrated... And I haven't found any stack overflows where someone was desiring a 404 when a user navigated to one of the allauth account pages.
In order to server 404 pages automatically for not found url, create a 404 view and then in main projects urls.py have below code
Read the Official docs
handler404 = 'mysite.views.my_custom_page_not_found_view'
For redirecting use Redirect View in django docs
from django.views.generic.base import RedirectView
url('/accounts/signup/', RedirectView.as_view(url='/', permanent=False),name='index')
Note their is 404 page for developers builts in django, but once you turn debug=False in settings for production apps,it is not visible,
You can simply not use the signup page in your urls.
On the other hand, it is bad practice to use createsuperuser to create users, since by default they will have enough privileges, even to log in to admin and edit things. The right thing to do is to create a user with some method you want, and with the permissions you give them.
This last one will allow you to use a decorator in your signup view that only allows access to that page in case you have an account with a particular privilege, and not any user. There is no point in returning a 404.

Edit approved email points to localhost

After approving a change in the Wagtail admin, the editor receives an email letting them know the page is published. The problem is the link to the page doesn't use the site domain, but localhost:
You can view the page here: http://localhost/learn/good-stuff-to-learn/
I have both BASE_URL and WAGTAILAPI_BASE_URL configured in my settings.py. Is there another setting I missed?
Django 1.11.10
Wagtail 1.13.1
Update the domain in the Wagtail admin, under Settings -> Sites.

How to redirect from the Django login page to a single page application?

I am building a SPA React application that is served by a single Django view at /. I am using Django's admin page for login.
If an unlogged in user navigates to /#/accounts/ the Django admin page will correctly them redirect to http://localhost:8000/admin/login/?next=/#/accounts/pp01/ for login. Once they log in, they get redirected to my Django view that is configured at the / url path.
The #/account/pp01 part of the redirect gets lost and the user gets redirected to the wrong part of my single page application (http://localhost:8000/#/). Does anyone know how to get this to work?
I don't understand why Django is cutting off the # part of the URL. Any insight would be appreciated. Thanks!
You need to encode the redirect path. As it is, your browser is thinking that it should go to '#/accounts/pp01/' on the path '/admin/login?next=/', rather than the hash being part of the redirect path itself.
You can use urllib.request.quote to quote the path.

Google authentication and iframes

Background
I have an existing Python-based Google AppEngine app with a few pages for which login:required is set in app.yaml.
I'd like to be able to put this app in an iframe. However, whenever the user navigates to a page that requires login and the user is redirected to the Google login page, the iframe goes blank as the login page sets the x-frame-options:DENY header option.
Questions
Is there a way to make the Google authentication use a pop-up (like FaceBooks and Twitters authentication schemes does?)?
ALternatively, is it possible to catch the login required event, and redirect to another page that I supply, that does some iframe breakout and then redirects to the real login page?
auth_fail_action does not support a custom redirect URL, is there another way?
The only other solution I can think of is not to use login: required, but to reimplement the same logic in each view (or in a decorator). However, as this is rather clumsy and requires lots of rewriting I'd rather not go this route.
Thanks in advance,
Egil
Unfortunately No.
Depending on your specific needs, you could make a passthrough URL on your app that handles the login: required portion before loading the page that iframes your app.
Something akin to this:
app.yaml
handlers:
- url: /login-check
script: main.app
login: required
main.py
import webapp2
class LoginCheckHandler(webapp2.RequestHandler):
def get(self):
# If they get here, they have been authorized via google's login page
webapp2.redirect(self.request.get('redirect_url'), abort=True)
app = webapp2.WSGIApplication([
('/login-check', LoginCheckHandler),
], debug=True)
Now you can load your main page via $APPENGINE_HOST/login-check?redirect_url=$REAL_PAGE_URL and it will ensure the user is logged in first and then redirect them to $REAL_PAGE_URL which can now iframe your app engine page.

django-allauth and twitter integration - Social Network Login Failure

I am trying to work with django-allauth. I followed the instructions at github page and done following:
Added allauth urls into urls.py
urlpatterns += patterns ('',
url('^accounts/', include('allauth.urls')),
url('^accounts/profile/$', ProfileView.as_view(), name='ProfileView'),
url('^login/$', login, name='account_login'),
url('^logout/$', logout, name='account_logout'),
url('^login/cancelled/$', login_cancelled, name='socialaccount_login_cancelled'),
url('^login/error/$', login_error, name='socialaccount_login_error'),
)
Updated TEMPLATE_CONTEXT_DIRS, TEMPLATE_CONTEXT_PROCESSORS, AUTHENTICATION_BACKENDS and INSTALLED_APPS. Also added ACCOUNT_AUTHENTICATION_METHOD = "username_email"
Added Key and Secret for twitter in the Social apps table.
Copied django-allauth templates to my app's directory and modified it. I can see all the templates working fine like /accounts/signup/ and /accounts/social/connections/.
Now, from connections or signup when I click Twitter link /accounts/twitter/login/ I ended up with the following error:
Social Network Login Failure
An error occured while attempting to login via your social network
account.
Am I missing something? May be some stupid mistake (Twitter login url? No clues!). I also tried to find some tutorials based on the latest codebase but unable to find any. django-allauth example on github wasn't of any help. Please help. Also, please feel free to provide me any links or tutorials based on the latest codebase.
Thanks in advance.
I am a beginner so you can expect some stupid mistakes from people like me but I try to learn. I spent many hours trying to resolve this. Finally the issue turns out to be Twitter App Key Settings:
I get "Social Network Login Failure" error because my Twitter App settings are not configured for the localhost. Make sure you have the following settings configured in your Twitter App for your localhost (development machine):
Callback URL: http://127.0.0.1:8000/
NOTE: If you want to use it for production server then you need to set Callback to your domain name as follows:
Callback URL: http://Your_Domain_Name.com
OR better use another set of Keys specifically for production use only.
BONUS : If you are using django-social-auth and you don't have these settings configured then you may end up with 401 Unauthorized error.