I would like to have a Django Backend to handle Login : it would be a classic template generated from Django. The main difference is that once the user is logged in, I want django to redirect him to a Single Page App (page served by nginx or an other component but not by Django).
The idea is to have one git repo for my backend, and one git repo for my frontend. I don't want to mix Django templating with my Javascript App (ie AngularJS or React).
Is it possible to proceed like this ? (The main idea is to prevent users who can't login to have access to the SPA app.js file, this file will not be accessible from the classic template django login page)
I don't understand clearly the whole issue but if you just want to prevent unlogged visitors to come to a specific view (page) :
from django.http import HttpResponseRedirect
def access_limited_page(request):
if not request.user.is_authenticated():
# Forced Redirection
return HttpResponseRedirect('/index')
else:
# Welcome to the VIP zone
…
You can assign settings.LOGIN_REDIRECT_URL to the url of your Single Page App. Then just use standard login view from django.
While user logged in, django will redirect to settings.LOGIN_REDIRECT_URL.
Related
I have a Django web application and I'm trying to redirect users to my mobile app in one of the views.
def magic_link(request, token):
return redirect(f"{settings.FRONTEND_URL}/magic_link/{token}")
This redirect link is like: appname://magic_link/token. However, I'm getting the following error.
DisallowedRedirect at /magic_link/{token}/
Unsafe redirect to URL with protocol 'appname'
How can I fix this issue and redirect users to the mobile app in Django view?
You should create your own HttpResponsePermanentRedirect which inherits from HttpResponsePermanentRedirect by django. In your own class, you add your app scheme to the allow_schemes (something relevant, i can't remember so well)
to let django know your app scheme is valid.
Example:
class HttpResponsePermanentRedirect(HttpResponsePermanentRedirect by django):
allow_schemes=['your_app_scheme',...]
When I attempt to access my wagtail back-office at /cms/, I get redirected to wagtail's login page, /cms/login/.
However, I would like to use my own custom login, which is default for the rest of the site, and sits at /auth/.
My LOGIN_URL is already set to /auth/ in django settings.
EDIT : it's been suggested that this is a generic question of how do you override namespaced url patterns but this is not the case. The urls are not namespaced, and I was looking for wagtail functionality that adressed this specific issue. Fortunately, that functionality does exist.
WAGTAIL_FRONTEND_LOGIN_URL suggested above is specifically intended just for front end users and there is not an equivalent setting for admin users. You could use redirect_to_login like so:
from django.contrib.auth.views import redirect_to_login
from django.urls import reverse
from wagtail.admin import urls as wagtailadmin_urls
def redirect_to_my_auth(request):
return redirect_to_login(reverse('wagtailadmin_home'), login_url='myauth:login')
urlpatterns = [
url(r'^cms/login', redirect_to_my_auth, name='wagtailadmin_login'),
url(r'^cms/', include(wagtailadmin_urls)),
]
The Wagtail setting WAGTAIL_FRONTEND_LOGIN_URL allows you to configure how users login to the Wagtail admin.
From http://docs.wagtail.io/en/v1.10.1/advanced_topics/privacy.html#setting-up-a-login-page:
If the stock Django login view is not suitable - for example, you wish to use an external authentication system, or you are integrating Wagtail into an existing Django site that already has a working login view - you can specify the URL of the login view via the WAGTAIL_FRONTEND_LOGIN_URL setting
To elaborate on Erick M's answer, since this is the working answer:
You do need to set the correct permission (wagtailadmin.access_admin) or set the is_superuser flag in Django's auth_user database table to be able to access the CMS, otherwise you still get a "permission denied" error.
I thought this had to do with my implementation, but it was already working, but failed because of the above reason.
I'm using userena for handling the users' profiles. I created an app that override some of userena views and urls.
In particular I've created two different signup forms, so now I have two separate urls:
url(r'^signup/customer/$',....
url(r'^signup/owner/$',...
The original userena signup form was accessible at r'^signup/$'.
Question: How do I override the userena original signup url in order to make it unavailable?
The original url should not be accessible to anyone, so I guess Django should show a 404 page.
In your root urls.py conf, just override the url which you want to disable and direct it to Django 404 (page not found) view:
from django.views.defaults import page_not_found
url(r'^signup/$',
page_not_found,
name='userena_signup'),
If you are already overriding some views and URLs, you could override the signup URL with a view that just returns a 404 response.
I'm trying to use the admin login mechanisms in Django, and redirect to the requested page, and I'm getting a 404 as it's trying to redirect to the url posted, not to the url represented by the next parameter. I'm obviously not understanding something, because when I step through the contrib.auth.login view, it's not parsing the next parameter at all. For example, I have the following view (the main page of the site)
#login_required(login_url='/sdc/admin/login')
def cb_index(request):
#snip
return render_to_response('chargeback_base.html', variables)
So when I enter the url for the cb_index view, /sdc/chargeback/, it properly redirects to the login page, with the next variable set to /sdc/chargeback/, as shown below.
http://localhost:8000/sdc/admin/login/?next=/sdc/chargeback/
The default login view though, from contrib.auth.views, uses that complete url as the redirect_to not the next parameter, so I always get a 404 instead of being redirected to the next url. I can fix it by adding
redirect_to = request.GET.get('next','')
to the POST section of the view, but I thought this was supposed to be built in functionality and it's not working. And more to the point, since this is an edit to the base view, I have to remember to fix this every time I update, which I don't want to do. What am I not understanding?
EDIT:
Login url follows the admin site urls
url(r'^sdc/admin/', include(admin.site.urls)),
The login template is the included login template from the admin site, no changes.
The django auth app has a login view, which you should explicitly include in your url patterns directly.
(r'^accounts/login/$', 'django.contrib.auth.views.login', name='login'),
See the docs on auth views for more information. You don't need to choose /accounts/login/ as your login url. I just want to make it clear that this view is separate from the admin app.
Update LOGIN_URL='/accounts/login/' in your settings, then you don't have to use the login_url parameter when you use the login_required decorator.
Currently, /sdc/admin/login/ is handled by the admin app, but the admin app does provide a login view for this purpose. If you step through the code, you can see that the AdminSite.login method handles the request. This method sets REDIRECT_FIELD_NAME (in your case 'next')to the request path, then calls the auth login view.
I'm still a novice and I'm not sure how I should setup the profile page for users. The django.contrib.auth.views.login will redirect to a accounts/profile page, but how should I actually set this up?
Is it common to just define accounts/profile in urls.py and have it redirect to a template or is it a more complex pattern?
django.views.generic.simple.direct_to_template, {'template':'profile.html'}) where profile.html lives in PROJECT_ROOT/templates/profile.html and extends base.html?
You can either set up a view/url that points to accounts/profile, or you can tell Django to redirect somewhere else after login by setting the LOGIN_REDIRECT_URL param in your settings.py.
There are some reusable apps out there for handing common profile page functionality, take a look at https://bitbucket.org/ubernostrum/django-profiles/wiki/Home or http://code.google.com/p/django-profile/