I have customized the auth using the above explained method by Anthony. It is available in the documentation also on the web2py website.
But this is only for the tables in the database. I wanted to edit the controllers also. Like the profile page, which has all the fields editable by default(except password,which I don't even want to be shown).
I want to use the same page but with little modification. I can't find the controllers to edit them.
If you are using the scaffolding application, all of the Auth functions are handled by the user() function in the default.py controller (the associated view is /views/default/user.html). The particular Auth action is determined by the first URL arg (i.e., request.args(0)), so if you need to run some custom controller or view code for a particular Auth action, you can do something like:
if request.args(0) == 'profile':
[custom code for profile action]
For example, to hide the password field, you can do:
db.auth_user.password.readable = db.auth_user.password.writable = False
Related
Consider a model that stores application forms. I would like to use Django admin to quickly view applications and change their status. I would like to be able to change the status of an application right in the view listing all the applications without having to open each application for editing. So, is it possible to make a field editable right in the admin list view?
Hello I'm new to Django and I'm using Django's built in forms to login my users, also I have a contact form where I'm using Google reCaptcha to avoid attacks.
I was wondering if it is needed to add reCaptcha to my login form. I have heard Django takes care most of security and I don't want to repeat code if default login form is already prepared for brute force attacks.
In case its better to add reCaptcha to default login form how can I process the validation? In my contact form I call Google's API to verify user click within my views, but I don't feel comfortable adding that code inside the auth_views.LoginView class.
Thanks!
Django does not take care of any rate-limiting with its forms, including login.
I think that it is a good idea to include some sort of rate-limiting security measure to your login form. re-Captcha might be overkill as a default, unless there are several incorrect attempts within a timeframe.
Take a look at the Django rate-limit project for an easy to implement alternative to captcha.
In order to add reCaptcha to the login view, rather than modifying the auth_views.LoginView class, just create a new view that extends that class. You can add your recaptcha form validation just like in your contact form.
Then you can update your url to point to your custom view and template:
url(r'^login/$', custom_auth_views.recaptcha_login, {'template_name': 'core/recaptcha_login.html'}, name='login'),
See this post on how to extend the login views / templates.
I'm trying to create an account settings page for logged-in users. One of the things users should be able to do is to change their password.
I'm using django-registration and it provides a password change form at site/accounts/password/change by default, and it works. However, I want this function to be available at an Account Settings page instead, along with other administrative functions.
I first tried copying the template code, but it did not work because it includes a special form to create the inputs for the passwords (to handle validation). I don't know how to include this form in my own template.
How can I recreate these forms in my own Account Settings template?
This is the default password change template. I want to reuse form.oldpassword and the others in a separate template.
Django-registration doesn't implement its own password change view, it reuses the one included in Django (django.contrib.auth.views.password_change). It is hooked in through registration.auth_urls which is included in the default and simple registration backends.
By default the view uses django.contrib.auth.forms.PasswordChangeForm (which can be overridden through the password_change_form parameter).
When you only reuse the form (which you can do of course, just import the above form in your custom view), you should be aware that you would still be missing the whole view logic. So unless you have a more complex view in mind, you should consider to reuse it and just override the registration/password_change_form.html and registration/password_change_done.html templates.
I have a model that I don't want user to manually add/delete objects. Instead, I want to have some Get button that once clicked, it executes some code and automatically update the database.
I was able to do similar things via adding my own admin action. However, adding an admin action by default means you have to have at least one object for your model, you select that object and performs some action.
I want be able to perform my customized action on an empty model (if I can replace the Add button with a Get button on the index page, it will be perfect). Is there a way to do so? thanks!
You could override the add_view method of the django admin model and do whatever you felt like having that view do if you wanted. Poke around through the ModelAdmin code and you can see what it does by default
you could also take a look at this project: https://github.com/imtapps/django-admin-ext and see an example of how to register your own urls for an admin... so you could make your view something like admin/myproject/myapp/model/get and have it do what you'd like...
You can prevent users from adding new objects by removing the "Can add ModelName" permission from that user. If they're a superuser that won't actually stop them from doing that, however.
Admin actions are designed to be run on specific instances of the model; if that's not what your code is doing you probably shouldn't go that particular route. You can override the admin template for your model and add a new button or link to your custom view. You could also remove the Add button entirely by eliminating it from your template, but I'd recommend using permissions instead.
I want to create a helper screen that can create a bunch of Django auth users on my site and have those accounts setup the same exact way as if they were done one by one through the Django auth GUI signup. What methods from Django auth would I have to use in my view to accomplish this?
To create users you can use the method create_user from the UserManager:
from django.contrib.auth.models import User
new_user = User.objects.create_user('username', 'email', 'password')
Then you can set is as staff new_user.is_staff = True or add permissions new_user.permissions.add(permission).
Check this link for more information.
What are you trying to accomplish exactly? Are you just trying to populate your user database with a bunch of fake/test users? Then simply do some logic to do so and save the models like you normally would.
If you require the UI to be used, one option you have is using Django's test client which allows you to pragmatically write get/post requests just like you were to be someone browsing the web page.
Hope that helps as a start.
A quick check here indicates you'd just need to use the input from your form to create a group of django.contrib.auth.models.User objects, and related/relevant groups of django.contrib.auth.models.Permission objects to associate with the User objects. Create, set permissions, save, and you're done.