I am porting my website from raw php to Django. I have used inspectdb to create models for the existing database. The problem that has come is that earlier I was registering the users and saving their passwords as a md5 hash md5($pass) and Django does not support this md5 version.
Is there a way I can support my legacy database of user and for new users make use of the powerful Django user model that supports user profile?
See the documentation on authentication backends and writing an authentication backend.
Related
I'm building an API REST using Django and MongoDB with django-rest-framework-mongoengine package from https://github.com/umutbozkurt/django-rest-framework-mongoengine
How can I use Django Rest Framework API TokenAuthentication if this package does not use Django's built in ORM ?
I solve it by handling TokenAuthentication or any other type of DRF auth using Django's build in ORM with MySQL database (Just to handle API authentication). I use MongoDB as my primary system database. So yes, i'm using two databases, one for auth API and the other for transactions.
Don't know if this is the best way to achieve this but it works.
I hope this helps to anyone who's trying or thinking to work with this architecture :)
I'm trying to migrate for Spree Commerce to Magento 1.8 and I have a problem with user passwords. Can I get any NFO from you guys how I can achieve this goal. How passwords are encrypted (bCrypt, MD5 etc.)? Is it possible to decrypt it with PHP and save it while migrating Spree user data to Magento.
Regards,
The most popular user management extension for Spree is spree_auth_devise, which is build on the popular Devise project. By default, Devise uses bcrypt to digest passwords. It is not possibly to decrypt a digested password.
If you with to maintain user accounts during your migration, you will have to modify Magento to use the same algorithm that devise uses to verify passwords.
For more information you should look at the Devise source:
https://github.com/plataformatec/devise/blob/master/lib/devise/models/database_authenticatable.rb
I am building a tool, in django, for a client's web site.
The tool I am building requires users to be signed in to an existing account.
User-authentication is handled by legacy software on another vendor's servers.
I can contact the programmer who wrote the legacy software (I am unsure of their development environment), but I am not sure what to ask for -- what hooks, api, rpc, etc. do I want?
Is there a design pattern for this type of situation? And what features of django should I use or extend to make this as straightforward as possible? REMOTE_USER sounds like the right thing, but I am not sure how I would use it in this case.
I'd recommend using jquery requests. You can send the username and password (encrypted, of course) to the remote site and get back a cookie/session key.
If you have access to the database, I'd also recommend doing that. For example, if the remote host is using MySQL, ask to have a view created for your user and then you can authenticate directly. With this approach, however, you may have to set up a MySQL connection outside of settings.py.
Two approaches:
1) API: If they have released their API, it would be much more simpler, you authenticate user using their API.
2) Expose Database: If they don't have API, they should must give their access to their database so that you can go in and authenticate. But while doing this keep in mind several things: Django authenticate() won't work, because by default authenticate method authenticates again auth_user table. You can of course manually authenticate using your own logic but that would be problem too: you have to create your own sessions and stuffs. So your option is to use custom user models (only available from Django 1.5) in Django.
I am sure other may have better solution than this.
I have a Django installation with userena and django_facebook working pretty fine. Can I somewhat make my authentication work from another database (one database for authentication and another for everything else)? The problem is that the project I'm working on requires the same authentication across different Django installations on servers with one entire server for the databases. Should I make a database router that handles all the apps or is there a better solution?
Authentication backends are what you are looking for. Django documentation: https://docs.djangoproject.com/en/dev/topics/auth/#other-authentication-sources
Simple database routers solved the problem with regular Django authentication and Userena authentication. I'm guessing it will be the same with Facebook as they are chained together. The only downfall is that the user for the admin panel is the same across all sites.
I have a Django web app that I would like to use in a single-sign-on solution for a number of remote apps that use Apache authentication.
I can see how to authenticate Apache from a local Django instance and an old Apache module for doing basic queries off postgresql (but without the syntax support to phrase queries with joins to check Django group permissions)
Any suggestions?
I would like to avoid having to switch to using a directory service in the short term (e.g. ActiveDirectory, LDAP) if possible.
.M.
EDIT: Also found mod_auth_external
The following should work for you.
http://www.openfusion.com.au/labs/mod_auth_tkt/
You can use the apache module to hit a specific view in your Django app to generate a ticket for valid users. Then all the other applications can do basic authentication against Django via a URL.
This gives you SSO using the Django user database for legacy apps using HTTP basic authentication.