I'm working with:
A) A large Drupal 7.23 application running at https://sitename.com using a MySQL database with thousands of users, around 30 of which are Staff.
B) A small Django 1.3.7 application running at http://dj.sitename.com using a PostgreSQL database with few (only the Drupal app's staff) users, who need to be able to login to this Django app using their existing Drupal credentials.
The workflow would be something like this:
Staff users are manually created with identical usernames in each of the applications.
A staff user goes to dj.sitename.com and inputs the same username and password of their account that was created at sitename.com, and clicks submit. Django checks the username and password against the users table in the Drupal MySQL database and compares it with the details in the Django users table. If they match, the user is logged in.
When a staff user is already logged into the Drupal app and visits the Django app at dj.sitename.com, they are automatically logged in, and vice-versa.
When a staff user logs out from the Django app, they are logged out from Drupal, too, and vice-versa.
When a user changes their password in either Drupal or Django applications, it is automatically changed in both systems.
What is the simplest way to accomplish this?
You can use the Services module to expose Drupal user login as a HTTP service, which can then be used by your custom Django authentication backend. On successful login, the service will return you the Drupal user object. This object include the roles of the user, so you can use it to validate of the user has access to your application.
I had a similar request and I've detailed my solution in this howto. Both Drupal and Django run on the same server so I can use both TCP to share data between the two platforms and drush to do Drupal operations in Django.
Every login/logout has two steps:
Login: Django login -> (auto) Drupal login
Logout: Drupal logout -> (auto) Django logout
The turn point in the analysis of mine was to generate and use the one-time login after the Django login using Drush. Then, I use that generated url as a destination url of a login success in Django and alter or suppressing the password recovery message to avoid one more click.
from subprocess import check_output
output = check_output(["drush", "-r", settings.DRUPAL_SITE_PATH, "-l", settings.DRUPAL_SITE_NAME, "user-login", drupal_id])
Where drupal_id is the drupal uid of the just logged in django user. I have to keep a field for drupal uid in the django database. Via Drush you can even create an user when it's the first time you login successfully.
To logout you have to logout from Drupal and then logout from Django. You can do it via Rules, calling a django logout path after the event User has logged out is triggered.
What you're describing is single sign-on. You can look into phpSimpleSAML and enable SAML on both Drupal and your Django based app. Drupal has a module available here: https://drupal.org/project/simplesamlphp_auth
I'm guessing some type of SAML module/plugin exists for Django already.
Related
I've got a Django site with authentication handled by Auth0 (following this quickstart guide). The issue I have is that users logged in don't have access to Django Admin section:
How can I assign certain Auth0-authenticated users the privileges to login Admin? Somehow link them with current Django-based users perhaps?
You need to use Auth0 roles, or extra data.
The flow works like this:
Log into Auth0 and add in roles or extra data to your user
Create a Django backend in your authentication pipeline to read in the roles/extra data infomration
Have your backend will check this role information and add set "is_staff" to True for the user
I am using Django for a site, and have a remote auth backend setup. Is there a way In which I can create a new user and give them permissions before they login to the site? I know I can add users through the admin page or directly through the database, but since I do not know the new users password, I am not sure if the system will see them as the same user
I have tried using the admin page, but it says I need to enter a password
I would like to be able to add users to the system before they logon, and give them permissions, so that when they logon they are not redirected to my unauthorized page. Is this possible?
As I understand from your question, You can create the user by using the
python manage.py createsuperuser
which will create the superuser and later on you can edit on this user and can give your permissions.
I have created a tool for my colleagues and i have integrated SSO with this django application as well.
Now the way i'm planning to authenticate users are like the following.
SSO page is sending the logged in user ID in cookie.
If the logged in user have an account in django users, i'll check for a match and i should authenticate the user.
The challenge i'm facing here is while creating users i have to provide password and i don't want to validate user password again.
Is there a way i can disable the password while we add the user in to django admin itself?
I'm using Django 1.11 with python 3.4.
Let me know your thoughts.
I'm currently using django-auth-ldap to authenticate with LDAP, and I've looked through all the docs for the library, it doesn't mention what happens to the django database when the database we are authenticating against removes the user.
I know we can do a check when we authenticate to make sure if the user is removed, but how do I clean up the user since a user will be created if it's successfully authenticated. Do I just do it like I'd normally do with Django user object?
Thank you!
I'm writing a web2py app to manage events and other activities which require users's information, such as id and names for certificates, on the other side there's a drupal site that already has the registered users.
I would like the share the drupal users to my web2py app so i don't have to register users again in my app.
Already thought in jainrain and tools alike but the info i need is already in the drupal db
To authenticate against the another web server that supports basic authentication is possible using basic auth module. Just add following to your model file after auth initialization and replace a proper http address to your Drupal ...
from gluon.contrib.login_methods.basic_auth import basic_auth
auth.settings.login_methods.append(
basic_auth('https://basic.example.com'))
For details see this section from documentation:
Other login methods and login forms