Applying ratelimit decorator to auth views.py - django

I want to rate limit several views in my Django app (login, register_account, password reset, ...). I am already using Django-Ratelimit. But I am unsure how to add this decorator to existing views. Writing my own views and using them in a custom urls.py looks like a lot of boilerplate code just to add some decorators.

You can use decorators directly in your urls.
url(r'^login/$', ratelimit(key='whatever')(login_func), name='login'),

Related

Configure Django's builtin authentication to use a different template folder other than "registration"

When using Django's built-in authentication mechanism, how can I configure it to look for template pages like login.html in a different directory besides "registration"?
1.) Use class-based views
https://docs.djangoproject.com/en/2.2/topics/class-based-views/
2.) Get data from parent views,
from allauth.account.views import LoginView, SignupView
3.) replace in views.py the template path with your own
4.) Use your views in urls
urlpatterns = [
path('login/', MyLoginView.as_view(), name="custom_login"),
path('signup/', MySignupView.as_view(), name="custom_singup"),
]

django-allauth caching login and signup pages

is there a way to set up Django Redis caching for login and signup views from django-allauth? I looked at docu and found nothing. I don't want whole site caching but only some views and these two are part of it.
Django Redis makes use of Django's caching framework. So the documentation bit you are looking for is here.
The short bit:
A more granular way to use the caching framework is by caching the output of individual views. django.views.decorators.cache defines a cache_page decorator that will automatically cache the view’s response for you.
For allauth, you'd need to match the login and signup URL before you include allauth.urls and then use the decorator in the url conf:
from django.views.decorators.cache import cache_page
from allauth.account.views import login
urlpatterns = [
url(r'^accounts/login$', cache_page(60 * 15)(login)),
# same for signup
url(r'^accounts/$', include('allauth.urls')
]

how to change a default django admin login view to generate token on login to admin site

my site.py:
from django.contrib.admin import AdminSite
class OptiAdminSite(AdminSite):
def get_urls(self):
from django.conf.urls import patterns, url, include
from core import views
from django.contrib.contenttypes import views as contenttype_views
urlpatterns = patterns('',
#url(r'^$', wrap(self.index), name='index'),
url(r'^login/$', views.login, name='login'),
url(r'^logout/$', views.logout, name='logout'),
)
return urlpatterns
opti_site = OptiAdminSite()
I'm developing an authentication API. When user logs in to my API it generates a code which get destroyed once user hit logout.
My problem is that whenever I'm running my API and django admin site in same browser, then if I login into admin-site It automatically login me in my API too with out any token. When I try to logout in that case from my API it generates an error - 'Token does not exist'. I want to generate token when admin user login to admin-site.
I've tried to do it with above trick as in official documentation but didn't find the right way to do it.
Please suggest me the correct way to do it. Is it necessary to make a separate app for it?
Thanks! in advance.
This solution is almost complete... Almost, because you're simply creating your own admin site in opti_site variable, but probably not using it anywhere.
To make it work, you can monkey-patch default admin site with your site, using:
from django.contrib import admin
admin.sites.site = opti_site
admin.site = admin.sites.site
Remember that you must do it before root urlpatterns definition (especially before defining urls to your admin site).
Another approach is to change default admin to your admin in include of url patterns:
url(r'^admin/', include(opti_site.urls)),

Is it possible to implement django login-authentication with out writing my own template?

my project's urls.py:
from django.conf.urls import include, url
from django.contrib import admin
urlpatterns = [
url(r'^admin/', include(admin.site.urls)),
url('^', include('django.contrib.auth.urls')),
]
and, my app url's are:
from django.conf.urls import include, url
urlpatterns = [
url(r'^login/$', django.contrib.auth.views.login, {'template_name': 'login.html'}, name='login'),
url(r'^logout/$', django.contrib.auth.views.logout, {'template_name': 'logout.html'}, name='logout'),
]
I'm learning about django authentication. As after reading some docs, I've made a sample app and tried to implement the django authentication system on it.
Is there any built-in django template for these built in views. I've tried it without writing my own template but it throws exception. When I add my login template it works fine.
Is it possible to implement django-authentication with out writing my own 'login.html' template? Is django really having any built-in one? If it is, then how can I include it in my app?
Thanks! in advance
No, Django does not come with a login template. From the authentication docs:
It’s your responsibility to provide the html for the login template, called registration/login.html by default.
If Django came with a login template, it would probably look basic. Django doesn't know template structure, so wouldn't be able to inherit from your base template. So most people would end up creating a custom login template anyway. However, it would be easier for new users if Django included a template, however basic it looked.
Note that the authentication docs includes a sample template that you can use.
As an aside, you should either include 'django.contrib.auth.urls', or add entries for login and logout to your app's urls (this allows you to override the template name). You don't need to do both.

Django: Views problem with Django + django-registration + jinja

So, I have a django project that is using jinja2 rendering, and I also installed django-registration to make my life easier. I ran into the following problem:
Going to homepage I render it with jinja. In order to check for authentication, I have to use jinja's syntax, which is user.is_authenticated(). However, in regular django templating, this check is done with user.is_authenticated. If in regular django templating there are (), it gives error.
So going to the /accounts/login/ page, the django-registration modul doesn't do anything special, so it forwards the url to the standard django views the following way:
from django.contrib.auth import views as auth_views
url(r'^login/$',
auth_views.login,
{'template_name': 'registration/login.html'},
name='auth_login'),
So I know for sure I shouldn't be changing the django.contrib.auth view, but then where do i put my own view? In myapp/views.py?
And also, do I have to copy paste the django view, and then modify on top of it (in this case simply replace the render with render_jinja) or is there a way to 'extend' this original django view to my own slightly modified view for logging in?
Whether right or wrong, in the registration module, I made a new view, that handled the logging, copying a few lines from here and there. It logical and seems to be working fine.