I need to show users some banners depending on certain situations. One of those situations is a moment, when user just logged in.
How can I detect in django 1.4 context processor login moment? I know about django.contrib.auth.signals.user_logged_in signal, but I have no idea, how can I use check it in context processor.
How can I do this? Or is there another ways to detect users login event in context processor?
May be there is the way to create signal handler, which will set some variable in request object, and in context processor I would check it. Or some other way.
You can set session in login view, and destroy it after use.
Related
I'm writing a web application with Django framework. This web application is API based and I'm using Django rest_framework. I have a security issue: On the first page, the user must solve a Recaptcha. After solving the Recaptcha my site gives a session ID to the user and after this, the user must post this session ID in the body of all his/her API calls and every API can be called just once with a specific session ID. In other words, I have a state machine for the APIs being called by the user and in each state, the user can call the APIs which have corresponding outgoing edges from that state.
The purpose of all of the above procedures is preventing the user from crawling my website. (User can't call an API many times with a session ID and he/she should act as a normal user and call every API at most two or three times)
Now my question is that how should I handle this in my Django app? Before this, I just used the ordinary Django session middleware for handling sessions. Now should I handle the authentication process and passing and getting session ID completely in a manual way or is there a way in which I can use that middleware that it can be able to handle my procedure.
You can do this with simply with saving your user's state and in each step update your user's state and consider the next states which user can see.
Use custom permission classes for your APIViews to block such request.
Read more here https://www.django-rest-framework.org/api-guide/permissions/#custom-permissions
In the context of a e-health related service, the end-users (health operators, doctors and physiotherapists) working in the same physical environment and sharing just one client PC to interact with my backend, asked me to provide them with a mechanism to quickly switch among different accounts (security is not a concern most of the time because they are used to work within a LAN but, occasionally, they might work from remote clients, so I must keep an authentication/authorization backend in place). They would log in just once and then, before using the web application, would select their logged-in account from a combobox (sort-of).
The UI model might be the same as in GMail where it's possible to keep multiple logged-in user accounts and switch between them through the account selector in the top right corner.
I'm no django-authentication expert, so I am not able to even tell whether this is possible in the context of a django based app.
Does anyone know of any ready-made app/middleware to get this done? Or maybe point me in the right direction if I have to extend or modify existing code?
Thanks a lot.
I haven't looked for any existing solution for this, so this is how I would go about it from scratch.
You'd need to add storage to the user session to hold multiple users. Currently it looks much like:
{'_auth_user_backend': 'membership.auth_backends.MyCustomAuthenticationBackend',
'_auth_user_hash': 'e2c8ecf1e7ecdbd<snip>',
'_auth_user_id': '3806'}
and I would add an array to the session:
logged_in_users = [{'_auth_user_backend': ... }, {}, {}] # one auth dict per user
Then when you "switch users", edit the session object to move that user's auth details (id, hash and backend) into the top-level ones in the session.
You'll also have to write a custom login function that stores the login into the logged_in_users array, and takes out the bit in the current login function that flushes your session if the key is the same as the session of a different logged in user. Similarly, you'll need to think what happens when you logout.
I'm implementing a simple referral system. I have middleware which sets a session variable identifying the referring user. I have a model which ties a referring user to the referred user. I'm trying to use the post_save signal from the User object to populate this model. How do I access the session object from within the post_save signal handler?
There is not way without using a thread specific global variable.
But I'm not sure you need to. For my referral and invite system I just have the user register as normal and after the user has been created, get the referral out of the session. In almost all situations it will still be the same session.
If there is something about your session that prevents that, I would instead add it to the create user form.
You may find useful documentation on using sessions out of views.
I mean, there's any generic app that you can use to make notifications like when in Facebook, someone adds you as friend, or invite you to an event?
Basically, I need to show to the user this type of notification for different contents type, with the possibility to do some custom actions (ignore, accept, etc) different for each one.
I wonder if someone have done this before, so I can plug it and create a type of notification simply passing the text of the notification, the options that must show and the views to call for each option.
Thanks.
django-notifications is a GitHub notifications alike app, and it's based on Django Activity Stream.
If you familia with django-activity-stream, the the usage of django-notifications almost the same.
django-notifications also provide notifications_unread templatetag to display unread notifications of current login user.
Django Activity Stream does this, for the most part. It's a generic relationship manager that watches for save events in the datbase, and when a condition is met it puts an "event happened!" record into its own tables.
It would be incumbent upon you to then present that feed of events to the user, along with links to the actions (specific to your project) that you want him to take.
Even if it's not what you want, it's an excellent example of how to start.
Maybe this is more closer to my needs:
django-notification
https://github.com/jtauber/django-notification
any experience with that?
There is also django-notify: http://code.google.com/p/django-notify/
I understand request.sessions dictionary and how to use this.
However, it appears that values set using request.sessions is only valid while the user is logged in.
I need to set a persistent cookie that lasts for a fixed time period and not dependent on whether the user is logged in or not.
What I would like is to store a value for an anonymous visitor to my site, and also retrieve that same value if that user creates an account and logs into the site. The value should be retriEvable if the user logs in or logs out between sessions.
Any code examples on this?
Sessions should work fine for anonymous users. What's happening to make you think it only works for authenticated users?
Aside from that, maybe take a look at deferred registration which may do what you're looking for, http://tartarus.org/james/diary/2009/07/24/implementing-deferred-registration-with-django .
As Rolo says, Sessions work when for anonymous users, but When you use the auth.logout method the session is completely wiped. In your logout view, you could call auth.logout, then add whatever data you wish to persist back into the session.