Django 1.8: Password Protect Entire Project - django

I have built my first Django App! It is built to help my business track inventory. As such, I would not like it to be publicly available.
Maybe someday I will set up multiple user accounts, etc, but for now I really just need a basic password gate to get it up and running.
Does anyone have any middleware that works for this? All the solutions that I am finding are pretty old and they do not seem to work with the latest version of Django.

If you just need a single username/password couple, handling it directly via HTTP authentication in your webserver configuration will be the easiest way to achieve this. The benefits of this approach are:
You can set it up in 5 minutes: example with nginx, example with apache
You don't have to write code you'll delete later
It will protect all your website, including static files, third-party apps, admin, etc.

I found an answer that worked for me posted here:
#login_required for multiple views
Make sure the LOGIN_REQUIRED_URLS_EXCEPTIONS path is correctly set to your login page.

Related

Django Authenticate against external SSO

Forgive me if the wording here is a bit odd. I have a fair amount of experience with python, but I'm pretty new to Django and still trying to get my sea legs.
I've inherited a PHP site from the former System admin at my new job, and I want to rework it into a django app to simplify/cleanup the code.
The PHP site is using .htaccess file with Pubcookie apache module for authentication (as well as some basic checks in the php code to ensure the user checks out against a database of authorized users, but that part i'm less concerned with), and looks like this:
AuthType SecureID
require valid-user
PubcookieAppID "name of the app"
In my apache configs, I have various pubcookie definitions.
LoadModule pubcookie_module /usr/lib/apache2/modules/mod_pubcookie.so
PubcookieGrantingCertFile /usr/local/pubcookie/keys/pubcookie_granting.cert
PubcookieSessionKeyFile /etc/ssl/private/akey.pem
PubcookieSessionCertFile /etc/ssl/certs/acert.pem
PubcookieLogin https://weblogin.domain.com/
PubcookieLoginMethod POST
PubcookieDomain .domain.com
PubcookieKeyDir /usr/local/pubcookie/keys/
PubcookieAuthTypeNames ADUserID null SecurID
My question is...How do I implement this sort of thing on the python end? I have looked at using RemoteUserMiddleware, or PersistentRemoteUserMiddleware.
But most of the information I have found for that doesn't go into great detail about how to actually point your app at the correct login page. The official documentation seems to stop at adding the middleware under middleware in the settings.py file in the django project.
It also bare's mentioning that the weblogin.domain.com is handled by another group that I don't have direct access to, and is not one of my servers so I can't really poke around there.
I realize this is...extremely broad, but any information that could point me in the right direction would be appreciated.
In an ideal scenario, I would like to be able to restrict different views to different authtypes, but I'd be happy to get anything working sensibly.
So, For what it's worth. The answer was to use pubcookie with apache as normal. then use RemoteUserMiddleware or PersistentRemoteeUserMiddleware as expected. As it turns out you don't have to handle any outside configuration for the middleware, it just imports whats shoved at it.
Finally the piece I was really missing, information from apache/pubcookie authentication can be accessed with request.META library from inside django code

Django + Wordpress: Integrating user login

I would like to have one users system (preferrably Django's) to rule both Django and Wordpress.
The use case is that Django is an application embedded inside a wordpress installation (via iframe or something similar). In order to use the Django, users must be authenticated, authentication in WordPress is not mandatory, but recommended (for posting comments and stuff like that).
In order to ease the usage of the site, I would like the same sign-up to apply for both the Django app and the WordPress installation. Sign-up might occur either via OAuth / FB authentication (lots of Django solutions for this), or via dedicated site users. While the signup process is most important, it would be nice if certain user fields would remain synced between the two worlds.
My thoughts on the matter:
Maybe there's an out-of-the-box solution (couldn't find any)
Create a full-fledged django app for syncing the two user models (wp_users and django's users) via one of the following options:
A master(django)-slave(wp) solution, where each change in Django changes info in the wp_users and other related tables and vice-versa (via Django periodically checking the DB or creating a WP plugin). Can be implemented either by putting both django and wp on the same (MySQL) db, using XML-RPC or some other anomination I didn't think of.
Same as above, but let WP be the master instead of Django (seems harder).
An external system to rule both models - maybe make OAuth / some other external authentication mandatory, and somehow sync the two models using this?
Has anyone encountered this situation before?
Any suggestions will be appreciated.
You should really try to work out some approach, revising your work when encountering problems afterwards.
Nevertheless imo Wordpress is kind of bordered. I wouldn't recommend making changes to both frameworks, but fixate on Django.
For example you could create a WordpressUser(User) and create a python script a crobjob, celery task or whatever you'll need to syncronize your databases. Meaning to say you should keep things strictly separated unless you have very good reasons not to (I can't think of any).

Is it possible to authenticate against a single source from two distinct Django deployments?

I'm hoping there's a straightforward answer to this question.
First, some history: I deployed a Django project and it uses all of the authentication mechanisms provided in Django. Namely, users are stored in auth_users and my login app validates against the records found in that table.
Now, I have a second, distinct Django project that needs to authenticate against the database from the original application. I'm not entirely sure how can I approach the problem, so I'm hoping someone in the stackoverflow community can help.
One thought was to add "myfirstproject.login" to the INSTALLED_APPS of the second project, but I'm uncertain if that's a viable option (CSRF issues?). Again, any insight is appreciated.
Try the sites module?
http://docs.djangoproject.com/en/1.3/ref/contrib/sites/
Create an auth backend?
http://docs.djangoproject.com/en/1.3/topics/auth/#specifying-authentication-backends
Inherit from contrib.auth to create your own auth module?
CSRF would only be an issue if you were trying to authenticate by telling the client browser to ask the first site for auth; which is unlikely to be the best path to take.

Need one login for two different sites

I am tasked to create a web site using Django. It will be a 'sister' site to an existing Plone site. The same Apache instance will be the front end to the sites which allows me to use the same domain name.
However, the owners want the users to be able to log into one and still be logged into the other one.
How can this be accomplished?
Thanks! :)
Gut reaction is to use OAuth - see How to build a secure Django single signon between different sites?
Alternatively, have you tried this single sign-on app - http://code.google.com/p/django-sso/ ?
Also have a look on Django's documentation on how to implement your own authorization backend at http://docs.djangoproject.com/en/dev/topics/auth/#writing-an-authentication-backend
My gut reaction is to use LDAP. Plone's LDAP support is a little rough, but it works. Does Django have equivalent or better LDAP support? If so, then I think you are off and running…
You can move authentication to SQLPASPlugin and use the same table for Django and Plone.
There are two problems here, shared logins, and single sign on. LDAP or SQL based logins will give you the first, but you'll still have to enter your password in both sites. You need single sign on to remain logged in across bpth.
plone.session 3.0 (part of Plone 4, but compatible with Plone 3.3 if you also add hashlib to your buildout) is compatible with Apache mod_auth_tkt single sign on. It should be simple enough to configure Django to use Apache authentication, or if you're not running Apache, wrap plone.session's tktauth.py in a simple wsgi wrapper. Use the Plone site's require_login script as the TKTAuthLoginURL.

Django: One project for integrated blog, forums, and custom web app?

Im still fairly new to Django, so please explain things with that in
mind.
I'm trying to create three websites using 2 subdomains and 1 domain:
for the blog, blog.mysite.com
for the forums, forums.mysite.com
for the custom web app, mysite.com
When building the custom web app, I used contrib.auth to make use of
the built-in django provided user models and functionality.
For the forums, I am planning on using SNAPboard (http://
code.google.com/p/snapboard/) with minimal, if any, modifications. On
initial inspection, it looks like it also uses contrib.auth users.
For the blog, I will probably be rolling my own lightweight blogging
app (since that seems to be the Django way and, also, b/c as Bennet
mentions, there is no killer Django Blog app)
Currently, I am considering two features that require some integration
between the three sites. First, I want to have the users of the custom
web app to use the same account to also log into the forums. Second, I
also (but I haven't figured out how I'm going to do this yet) would
like my blog posts to automatically become a topic for discussion in
the forums (this is just an idea I had, I might end up dropping it).
Ok, so to my questions:
1) Again, I'm new to Django, but this integration leads me to believe
the three websites need to be all under one project. Is this correct?
2) How would I accomplish the url structure for the websites that I
described above (blog.mysite.com, etc)? In the project's urls.py, I
don't know how to filter off of subdomains. If it was mysite.com/
forums/, that would be easy, but I don't know how to to catch
forums.mysite.com and forward it to the appropriate Django app.
3) Would I have to make use of the django.contrib.sites framework? I
don't understand that framework fully, but it seems like it's used
when two different websites are using the same django app in the
background. Whereas my three websites are all using different django
apps, but I want them to share a little bit of data.
Thanks for your help.
1) Yes, it's only true way for that
2) Use middleware
3) No, you don't need it.