I am preparing a multitenant website on Django using tenant-id for identification (and not schema). Now, for tutorial, I would want to have a webpage with sample login and password (like Django CMS does). However, I don't want to store user data from that login/password combination, so that the data would be availabale for each session and as soon as the user logs out, the data deletes. Is there any application/packages that could help me with this? Otherwise, how can I do this?
Related
We are rebuilding our old analytics website in Django. Our old website was built with LAMP stack. We have the usernames and passwords for all our accounts in un-hashed form.
Now I want to migrate all those usernames and passwords to our Django website. All our users should be able to login to the new Django website using the same username and password.
Can someone suggest some best practices to do this? How to achieve this objective efficiently?
all our accounts in un-hashed form
Please do not do that. Django is designed for security. By default, Django uses the PBKDF2 algorithm with a SHA256 hash.
So, during data migration, you must pass your plain texted password through hash function and save the hash-ed password to database.
By applying the above approach, you do not need to force users to reset their password.
The easiest solution would be to export all the user accounts from the old platform into the Django auth_users table. With either a python script or SQL tricker-y poker-y.
Whilst this method takes a little more work from the users point of view it is the safest option (especially because you stated passwords are not encrypted).
After all usernames/ emails are in the new table I (personally) would not set a password for those migrated user accounts. Instead, make sure you have set up django password reset screens (this is built into django). You can then get the users to reset their own passwords allowing them access into the new application.
So, here is the thing. I want the best method to log users on my website. I've already made a registration system that registers details of Users in the mongoDB using model forms.
I don't understand how to login the user in th website. Do I fetch the user data from the DB and match with the the form data entered by the user to log in, what is the best practice?
I'm currently using django-auth-ldap to authenticate with LDAP, and I've looked through all the docs for the library, it doesn't mention what happens to the django database when the database we are authenticating against removes the user.
I know we can do a check when we authenticate to make sure if the user is removed, but how do I clean up the user since a user will be created if it's successfully authenticated. Do I just do it like I'd normally do with Django user object?
Thank you!
I am trying to integrate django sanction into my blog app (django newbie here), but I seem not to be able to "logout" the user after the login process (using Google OAuth2.0).
The entire process seems pain free - i.e I am able to get all user details on my db, and able to access user details on my django templates, but, when I logout and try to log back in, it seems to remember my credentials (cookies?). I am trying to logout from here
p.s: I am developing on localhost - wondering if this is the problem(?)
See here: How to force user logout in django?
quote:
I don't think there is a sanctioned way to do this in Django yet.
The user id is stored in the session object, but it is encoded. Unfortunately, that means you'll have to iterate through all sessions, decode and compare...
I would like when a user creates an account in Django, that the user information :
- Username
- Password
- Email
- First and Last Name
- Mobile
Gets also populated in my LDAP server. Also when the user get deactivated, this gets reflected in LDAP.
Authentication will still be done in Django.
I need the user information as i have another application which is getting the user info from LDAP. I need both to be have the same user universe.
Are there any snippet that does that already ?
I saw many code to authenticate thourgh LDAP, but what i really need is to populate the LDAP directory with my Django user on the fly
Thanks for your help
Check out this snippet, it should do exactly what you're after (a bit old though, so YMMV with newer django)