I am using Django rest auth and allauth to login and register users. I can register users by sending username, email, pwd1, pwd2. It is successful.
I am wondering, how can I register a user as an admin, do I need to send any extra parameter?
Related
In my django project, I am using django rest auth for api authentication. The default is to use username and password for login. I can also use email and password. But I want my user to have the option of either using email or username and password for login authentication; which I believe is more user friendly.
How do I do this in django rest auth?
I need to login programmatically in Django.I had registered by using normal registration page. but i need to login for a single person by saying the username and password in the program itself.So he is allowed to view the requested page.I don't need user authorization, just to redirect the page if username and password is " given in the program.."
You can use authenticate and login.
authenticate user credentials to confirm they are valid. If they are, authenticate will return a User object.
Then use login and you are all set.
Example:
from django.contrib.auth import login, authenticate
user = authenticate(request, username="some_user", password="some_password")
if user:
login(request, user)
Use with caution between sessions and make sure you are not mistakenly logging a stranger to an incorrect user.
In python social auth library:
I am making a social auth for my django project. I want to disable social auth for admin.
how it works by default:
social auth url is visited and permissions granted
new Python Social Auth › User social auths object is created for Admin
this social account logs in admin
How I want it to work:
social auth url is visited and permissions granted
new Python Social Auth › User social auths object is created along with new regular user, as if admin was not logged in
this social account logs in a regular user
Is there an elegant way of doing this? Overriding the least amount of pipeline functions as possible.
The way to solve this is to directly forbid admin users from using the social authentication process, for that you need a custom function in the pipeline that would raise AuthForbidden if the user is an admin.
This function should be after the social_user step to ensure that already associated accounts are identified. The code for that function should be something simple like:
def disable_admin(backend, user=None, *args, **kwargs):
if user and user.is_admin:
raise AuthForbidden(backend)
More docs about extending the pipeline here.
By overriding the SocialAccountManager
def save_user(self, request, sociallogin, form=None):
"""
Saves a newly signed up social login. In case of auto-signup,
the signup form is not available.
"""
u = sociallogin.user
u.set_unusable_password()
if form:
get_account_adapter().save_user(request, u, form)
else:
get_account_adapter().populate_username(request, u)
sociallogin.save(request)
return u
how to get the password from social account signup
Actually, you can't.
Django Allauth does not hash or store passwords for social login users. It does not handle the authentication on its end.
Suppose a user try to do a google login at your website, the authentication happens on google servers not on your end. If the user's password is correct then LOGIN_REDIRECT_URL = "url-name/" defined in your django project redirects that user to the url.
You can't get the password. If you can, or those social apps share the password of their users, then both you and that social apps have violate the user privacy rules. In my opinion it's a crime.
The only way you could do is ask your user to set a new password for your site. Send them an email to confirm the change. But that means you have to make an additional route for your app, which has no point.
Given an username and password, I want to authenticate against a LDAP directoy with these credentials in one of my Django apps. I've been taking a look Django-auth-ldap but I still don't know how to use it properly once I've configured it.
On the one hand, I receive a JSON with username and password and I need to add an user to LDAP with these credentials. And, on the other hand, in subsequent request, I need to check that the user who makes the request belongs to LDAP (and only LDAP not the own Django backend, so if there's an user with the same credentials in the Django users database should't be allow to continue).
I've tried something like this to add an user:
authbackends.py
class CustomLDAPBackend(LDAPBackend):
def authenticate(self, username, password, **kwargs):
# Add user to LDAP
user = LDAPBackend.authenticate(self, username, password)
return user
So I can import it in my view to add the user to LDAP.
Could anyone outline a solution?