Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
I am wondering what is the most Django-like way to handle Django's user model together with OAuth users? Specifically I would have mostly OAuth users (logged in using **social-app-django
** (https://github.com/python-social-auth/social-app-django)), some of which also have a password for the admin interface. All users should have the ability to save some settings in the webapp. Each user belongs to one or more groups.
Snippet of the problem:
Django users require a password to be set, but for OAuth users the field would need another value. This is for example shown here: https://github.com/joestump/python-oauth2/wiki/Logging-into-Django-w--Twitter After the successful authentification a user is created and logged into the session like this:
user = authenticate(username=access_token['screen_name'],
password=access_token['oauth_token_secret'])
login(request, user)
Two possible approaches:
A:
The approach from the snippet uses the Django user model and I can just relate the user settings to the user model. The downside is that the password and email are set to an arbitrary value (I also don't get the email from the OAuth provider).
B:
Approach B is to save the settings and roles in a table that is not associated with the user table (thereby not requiring email and password), but also loosing a lot of built in functionality of the user model.
You can use a different model for storing all additional data associated with an OAuth user and linked to settings.AUTH_USER_MODEL.
It might require a custom OAuth authentication backend. You don't have to fake the password and email (just leave them blank), but have to generate unique username.
Check the sources of one of the third-party libraries, for example django-all-access
https://github.com/mlavin/django-all-access/blob/master/allaccess/models.py
https://github.com/mlavin/django-all-access/blob/master/allaccess/backends.py
Related
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 1 year ago.
Improve this question
I would try to explain our desired product idea as clear as possible but feel free to ask further questions.
So, basically what we want to build is a SaaS product that will be used by multiple clients. For now, we're not interested in custom domains like (cust1.myproduct.com, cust2.myproduct.com) and we will simply be using one database to manage all customers' data. So far so good.
Our SaaS product will be sold to enterprise organizations which will then be used by their employees. So for any one customer organization, there are three types of roles that we would like to provide their users, as follows:
Admin: An organization's admin that should be able to do all the settings for that particular organization
Manager: An organization's manager that can manage the users that are under his/her team
Employee: A normal user with bare minimal permissions that can only manage his own data
Now, to provision customers for this SaaS product and to set their global settings (e.g. maximum allowed users, license type etc), we also plan to create an admin portal and APIs that will be used by our internal employees only. For this portal, we also want to define roles as follows:
Executives: All the senior executives of our company that will have the permissions to see sensitive data of customers
Sales: All of our sales team that have some basic permissions to provision customers
Engineering: All of our engineering team with permissions to see some basic information
So, to summarize, we want to create three different roles for our customer users and three different roles for our internal admin portal. Both the systems are different from each other and have different purposes. Also, the users of both the portals have different fields.
So far I have considered the following routes:
1- Define a user model and then inherit two different types of users from this user model such as ManagementUser and CustomerUser, define their own fields, create a role field in both which can have different multi-choice values according to their roles. Then simply create permissions such as IsCustomerUserAdmin, IsCustomerUserManager, IsCustomerUserEmployee for customers and similary IsManagementUserExecutive, IsManagementUserSales, IsManagementUserEngineer for admin users.
2- Use Django's internal groups system and create three different groups for customers and three different groups for admin users depending upon their roles and define their relevant permissions.
3- Completely segregate the two projects, each having their own Database. The admin project will apply changes on the DB of the customer project directly to provision any new customers or to change their roles.
Please let me know which of the above approach we should use and if there's any alternative that will better suit our use-case.
Thanks!
I would suggest the following approach:
Use single database and single backend project for all the APIs.
Create UserProfile model and use User from auth. Add role in UserProfile. For now, there are 6 roles (3+3)
Write permission classes depending on the role field in UserProfile
I would suggest to use reactjs for frontend.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
I'd like to password-protect my staging environment so it's not accessible to the public. Also, the password protection should not be tied to Django's authentication backend, so that I can test features (e.g. creating an account for user, logging in / out, etc.).
How best to achieve that?
So here are some ideas:
Do not make a registration possible. No form, no form validation etc
Give users you created special profile attributes like is_real_user = models.BooleanField(default=False) or maybe a group. Check or uncheck the boolean in the admin only!
Check in the views, templates, forms etc if the user has the attribute is_real_user and if not send 404/Validation_error
The first view on your "homepage" (start page) can have a form where user needs to type in password(s). Do a form validation and if its True render next template else 404/Validation_error and redirect him again to the main page.
Save in session/userprofile that the password was correct and check on templates/views if the correct password is given (again Booleanfield) else 404/Validation_error
Do not tell anybody about your site, url.
Hope that helps a bit :)
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
I am not an expert in Django and learning it by doing. I am making an application and it has two kind of users-
User who offers services
User who uses services
So my query is how to manage these two types of users? One possible approach i am thinking of is make two separate profile models for both these users and have different login pages for these users. And still I want to have upper layer of Django admin which can manage both these users. So my problem is-Is there any particular way to implement this kind of scenario or i can go with my approach? These users will have different privileges like offer-er of service can add his service while simple user can only use that service by logging in himself. So i want to have a secure separation between these users.
I would suggest using django's built in Groups and custom Permissions. Also another interesting tidbit I would consider is implementing two versions of the django admin.
How to have 2 different admin sites in a Django project?
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
I want to build a Django app that allows users to sign up using their Facebook account (but isn't necessary). However, I don't feel like dealing with the social auth stuff from the get go because I'd rather focus on the meat of my app. So, can I make an app without social authentication and just "plug it in" at the end or is it something I should set up from the beginning?
It is fine to plug it in later. However, one decision you must make at the start and stick to is the user model you're going to use.
Whether users register/login to your site with a social account or not, a local account will need to be created. Social accounts are linked to that local account.
If you are happy for the local account to use the default user model and have users log in to your site with a username and password, then go right ahead.
If you'd like the local account to use an email instead of a username then you've a bit of work to do.
The Django docs explain your options and provide a working example at the bottom .
Assuming you're going to use django-allauth, this tutorial will get you started and this demo will give you most of the templates you need.
The demo gives an example of customizing the user model to use email instead of a username but it is not quite complete.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 5 years ago.
Improve this question
What is the best authentication app for Django that:
has configurable required fields, for example allows using email as username
integrates with other authentication APIs, such as Facebook, Twitter, Google
password recovery flow is configurable, sends temporary password vs. recovery link
preferably has invitation system, so the registration process can be controlled
I don't think there is any that has all these features, so I'm looking for one that covers as much as possible. But these are features that almost any well design web service should have. So I don't want to reinvent the wheel.
There isn't one django package that will cover everything, instead there are numerous great projects that tackle each of the requirements you mention:
general auth : django-auth - this is a part of the django distribution but needs to be eneabled
social authentication : django-social-auth - integrates social authentication with the default django-auth flow
registration and passwords : django-registration - adds the registration flow, including sign up and email confirmation etc.
invitation system : django-invitation - allows registration to be limited to invitations
profiles : django-profiles - allows you to extend the users account with a profile
You could also have a look at django-userena which is a new hosted solution to user management for your django app. I haven't looked into how it works or how comprehensive it is, but it looks promising.
Finally, have a look at django packages for other authentication apps:
http://djangopackages.com/grids/g/authentication/
EDIT:
This post is a little outdated
django-social-auth has become python-social-auth
django-allauth: There is another good all-in-one auth app called django-allauth. I haven't used it extensively but I believe it takes care of auth, social-auth, registration and profiles in one app
Configurable User Models: Django 1.5 introduced a configuratble User models in the auth module so you can now edit what fields you want to make use of for your user (email only, no username etc.). This is also useful if you want to add profile-like information to your user without having to join with another table (like you would with django-profiles or a OneToOne relationship with a custom profile model)
Here is nice and official comparison for only Facebook Authentication Packages
Facebook Authentication
Go for django allauth. it Covers all authentication flows, Custom user model. and over 50+ social authentication providers. We are using it from a long time and it has evolved a lot over the time.
First you have to install social-auth-app-django:
pip install social-auth-app-django
Then add it into your INSTALLED_APPS (in settings) then you have to create API keys, using the steps below for the networks you want to enable:
Google
Create a project on Google Cloud Platform
Facebook
Log into Facebook developers and create API keys
Twitter
https://apps.twitter.com/app/new
After creating project you will get the App ID and App Secret (don’t share it with any one) then add these ID & Secret in setting and provide a redirec valid url for more info