I have a login form. I need to authenticate users. All information about usernames and their passwords are stored in PostgreSQL database. I find such method:
from django.contrib.auth import authenticate
user = authenticate(username='john', password='secret')
How does Django know whether such user exists or no? How to combine it with DB? Is it necessary to create models or just to read data from database?
Related
i have a django application that carries authentication by requesting a token through MSAL. once i have that token, i will check if that username exists the the local django sqlite db and if it exists, he will be logged into the website. if the username doesnt exist, then the username will be recorded in the sqlite db and the user just need to enter his credentials again for authentication and will be logged in.
what i would like to do is to replace the sqlite db with a snowflake table, which should only have a username and email column. how can i go about doing it? i am thinking that i need to write a custom user class and specifying the correct table in the class meta, switch the database in settings.py to the correct snowflake database (should be possible with https://pypi.org/project/django-snowflake/). is there anything else needed?
I want to do some custom auth for my users with username or email with password. At the first time of logging with email and password the api should return me the respective user token. For all other operations with the api I need to make use of token, which I get at time of login.
And I need a custom model to store all user info like username, password, phone, email, token etc.
How to achieve this in django restframework.
Please guide me to achieve this. Thanks in advance.
Django rest-framework has a built in token system which can be used to distribute and authenticate tokens. Below is a sample of how to use it.
Create TOKEN
from rest_framework.authtoken.models import Token
user = User.objects.get(pk=some_pk)
token = Token.objects.create(user=user)
Authenticate token
if Token.ojects.get(key=token) # token is sent by client side
# do some task as auth is successful
If you want to extend the default User model then create a new model and put a onetoone field in your custom model which references default User model.
class AppUserProfile(models.Model):
user = models.OneToOneField(User)
... # add other custom fields like address or phone
I work on django project that migrate from django social auth to python social auth.
Previously new social auth user first name/last name will be saved automatically for first time login.
Now after using python social auth, it's not.
Seems I have to use this setting:
SOCIAL_AUTH_USER_MODEL
but
SOCIAL_AUTH_USER_MODEL = 'django.contrib.auth.models.User'
generate error when invoking runserver:
django.core.management.base.CommandError: One or more models did not validate:
default.usersocialauth: 'user' has a relation with model web.models.User, which has either not been installed or is abstract.
Wanted to try subclassing User model in the project
from django.contrib.auth.models import User
class User(User):
but that is not feasible right now.
Also saving manually the name from response data in custom pipeline is prohibited as well.
Really want to know if there any other solution?
Thanks.
remove SOCIAL_AUTH_USER_MODEL because you are using Django Default User model.
I wrote an script to import user information from my old site database to my new django database. I should be able to import theses fields: user, email and password.
All passwords users on my old database are hashed with "md5". So... I should get this "md5" hashed password and save as they are on my auth_user database. However, I dont know how to do it without hash it again....
How can I do that?
If I do...
u = User.objects.create_user(user_name,email)
u.set_password(old_pass)
u.save()
the password is hashed again... How can I save a "pure" password?
Just directly set the password attribute.
u.password = old_pass
The set_password function is intended as a helper to use because u.password = 'some_pass' will just store the password directly in human-readable form -- it doesn't apply here since you already have the hashed password.
I need to create a subdomain based authentication system, like the one 37signals, freshbooks, codebase use. That is, each subdomain of my main application needs to have its own username namespace. I would like to keep as much as possible of the django authentication system.
What is a good way to store the username?
In particular, it should be possible for different users to have the same username as long as their account belongs to a different subdomain.
Some approaches I've considered, for which I can foresee shortcomings:
storing some prefix in the username field of the django auth user model.
extending the user model according to this.
customizing the source of auth to my needs
I have built this functionality for several sites in the past and have found that your first bullet point is the way to go.
It means that you don't have to make massive change to django auth. What I did was set up a custom authentication backend that abstracts away the way usernames are stored.
auth_backends.py
from django.contrib.auth.backends import ModelBackend
from Home.models import Account
class CustomUserModelBackend(ModelBackend):
def authenticate(self, subdomain, email, password):
try:
user = Account.objects.get(username=u'%s.%s' % (subdomain, email))
if user.check_password(password):
return user
except Account.DoesNotExist:
return None
def get_user(self, user_id):
try:
return Account.objects.get(pk=user_id)
except Account.DoesNotExist:
return None
For this particular project Account was the user model and it just inherited directly from User however you could replace Account with whatever you want.
You have to install the custom auth backend in your settings file:
AUTHENTICATION_BACKENDS = (
'auth_backends.CustomUserModelBackend',
'django.contrib.auth.backends.ModelBackend',
)
Then when you call authenticate you need to pass in the subdomain, email and password.
You can also add some other helper functions or model methods that help with making sure that only the user's actual username is displayed, but that is all pretty trivial.
I think this may be a good use case for using django.contrib.sites in combination with the second bullet item you mentioned. You could create a CustomUser model like so:
from django.contrib.sites.models import Site
class CustomUser(User):
"""User with app settings."""
sites = models.ManyToManyField(Site)
Then you could write a custom auth backend to check that the user can sign in to the current subdomain using the supplied credentials. This allows you to have one username for multiple sites (subdomains) without having to hack the internal auth app or store multiple usernames with custom prefixes.
EDIT: you can get the current site by using Site.objects.get_current() and then check to see if the current site is in the user's sites.
You can read more about the sites framework here: http://docs.djangoproject.com/en/dev/ref/contrib/sites/