I have two sites say foo.com and bar.com and are both Django based. Primary registration occurs on foo.com (I'd like the main user db to be here) and I'd like for three things to happen:
1) User that logs in to foo.com is automatically able to access bar.com without logging in again
2) User that logs in to bar.com directly is authenticated against foo.com user db.
3) There is no need for a user to register at bar.com directly.
How can I achieve this? If it greatly simplifies things I can make bar.com a subdomain of foo.com (eg. bar.foo.com) but they must be separate sites.
It depends on your requirements. If you're able to, the simple solution is to simply host both sites on one Django instance. In other words, your Django project hosts both sites but you have a url rewrite rule that maps foo.com to http://localhost/foo/ and bar.com to http://localhost/bar/. Django's auth system will "just work" under this scenario. Rewrite rules can of course also apply to subdomains; I've built a system that hosts hundreds of subdomains using this technique.
If this isn't an option, sharing databases between your Django instances and setting SESSION_COOKIE_DOMAIN, as mentioned by others, should work.
Your 3rd requirement could easily be solved by sharing the same database between the two sites (therefore having the same Users table.
The 1st requirement is tricky because of cross domain issues (the session cookie will not be shared).
What you are really looking for is a Single Sign On (SSO). You might consider django-openid.
I had a very similar problem but OpenID was not a viable solution for me. With the advent of multiple databases in django >1.2, it is now pretty easy to share session and login data across sites. This blog post does a great job of explaining how to get it set up. Hopefully others find this as useful as I did.
I think what you are looking for is the SESSION_COOKIE_DOMAIN setting. You would set it like this:
SESSION_COOKIE_DOMAIN = 'foo.com'
See http://docs.djangoproject.com/en/dev/topics/http/sessions/#session-cookie-domain for more information on that. This does assume that both applications are using the same session storage backend.
Related
Let's say I'm building a Django driven site that hosts web shops, let's call it webshop.com. I want it to work like this:
A shop named Foo would like a webshop. They register at webshop.com and the subdomain foo.webshop.com is created, as well as the database foo_DB. The owners of Foo enter their products using an admin interface at foo.webshop.com/admin. Customers can then buy the products from foo.webshop.com.
The the shop Bar has the webshop bar.webshop.com - completely unrelated to the other webshops hosted at webshop.com. And so on. webshop.com should be able to host 100's of stores.
The question is: how should I go about doing this with Django?
At first I was thinking that I should have one settings.py file, one virtual server and one database for each webshop. However I fear that it can be generated too much overhead from running all those instances.
Any pointers or thoughts is greatly appreciated!
Perhaps you could usedjango-sudomains https://github.com/tkaemming/django-subdomains/
It is a middleware which creates a subdomain property for each request.
Since the functionality for each site is the same you could then just query for products based on sudomain requested. You could also assign users a subdomain.
All views would be the same except they would take into account this subdomain. This approach could work easy with 1 shared database where each model has a field that points to the subdomain or a shared database with subdomains being the database naem. https://docs.djangoproject.com/en/dev/topics/db/multi-db/#manually-selecting-a-database-for-a-queryset
I've built half a dozen applications that work like this (though none in python, but it's really irrelevant in this case).
Serve everything from the same virtual host. Get the server name with urlparse Once you have the string you want to match, do a lookup in a master database for the database details which match your customer database (ie the hostname, username, password, etc.). Make sure you sanitize that value before querying on it.
I do think your best bet is separating your customers databases. Not only does this ensure that one database problem doesn't bring down all your customer sites, it also allows you to put them on different servers.
I would like to have one users system (preferrably Django's) to rule both Django and Wordpress.
The use case is that Django is an application embedded inside a wordpress installation (via iframe or something similar). In order to use the Django, users must be authenticated, authentication in WordPress is not mandatory, but recommended (for posting comments and stuff like that).
In order to ease the usage of the site, I would like the same sign-up to apply for both the Django app and the WordPress installation. Sign-up might occur either via OAuth / FB authentication (lots of Django solutions for this), or via dedicated site users. While the signup process is most important, it would be nice if certain user fields would remain synced between the two worlds.
My thoughts on the matter:
Maybe there's an out-of-the-box solution (couldn't find any)
Create a full-fledged django app for syncing the two user models (wp_users and django's users) via one of the following options:
A master(django)-slave(wp) solution, where each change in Django changes info in the wp_users and other related tables and vice-versa (via Django periodically checking the DB or creating a WP plugin). Can be implemented either by putting both django and wp on the same (MySQL) db, using XML-RPC or some other anomination I didn't think of.
Same as above, but let WP be the master instead of Django (seems harder).
An external system to rule both models - maybe make OAuth / some other external authentication mandatory, and somehow sync the two models using this?
Has anyone encountered this situation before?
Any suggestions will be appreciated.
You should really try to work out some approach, revising your work when encountering problems afterwards.
Nevertheless imo Wordpress is kind of bordered. I wouldn't recommend making changes to both frameworks, but fixate on Django.
For example you could create a WordpressUser(User) and create a python script a crobjob, celery task or whatever you'll need to syncronize your databases. Meaning to say you should keep things strictly separated unless you have very good reasons not to (I can't think of any).
I am thinking of a configuration where I have one master website at:
www.masterdomain.com
and N satelite domains where I can access the satelite domains as follows:
www.masterdomain.com/some_url/satetlite1.html
www.masterdomain.com/some_url/satetlite2.html
...
www.masterdomain.com/some_url/satetliteN.html
Is this possible?
The sites Framework may interest you.
Django comes with an optional “sites” framework. It’s a hook for associating objects and functionality to particular Web sites, and it’s a holding place for the domain names and “verbose” names of your Django-powered sites.
Use it if your single Django installation powers more than one site and you need to differentiate between those sites in some way.
Also there are a couple of good blog post about that matter, e.g. this one:
http://www.huyng.com/archives/franchising-running-multiple-sites-from-one-django-codebase-2/394/
In production server I can't login to my website.
I know that it is some bug of Django with MD5 crypt or something like that, but unfortunately I don't remember what I should do. I am searching the answer since half day, but I can't find this website where was explained this problem.
DO you know how I can do sessions working.
In answer to this bit the comments
Sorry, but problems is otherwise. I
am using subdomains like pl.domain and
uk.domain and domain. User is only
logged in one subdomain, but I want
make it logged in all website. Is it
possible? – Thomas
you need to allow cross-domain sessions that don't just refer to a subdomain. By default, Django will give you different sessions for bar.example.com and foo.example.com.
In your settings.py set SESSION_COOKIE_DOMAIN to .domain.tld (don't forget the leading dot!) and you'll be sorted.
I'm in a bit of a dilemma at the moment regarding Django's admin backend. The default authentication system allows already logged-in users that have staff privileges to access the admin site, however it just lets them straight in.
This doesn't feel “right” to me, and I'm wondering if it would be difficult to at least require a re-authentication of that same session in order to get into the backend.
Preferably though, it'd be good if the frontend sessions could be separated from the backend ones (though still using the same user objects), this would allow a clean separation of both parts of the site. Would this perhaps require two separate authentication backends? Would something like this be difficult to achieve?
Here's an idea: run the admin app on a different domain to the frontend. The cookies won't be valid in the other domain, so the user will have to log in again. All you'd need would be a separate Apache vhost and a basic settings.py that just has contrib.admin in INSTALLED_APPS.
You could probably implement a middleware that asks for authentication when accessing the admin site from a referer not in the admin site. It could log the person out and make them log back in, but even that wouldn't be necessary. Just require another password entry, and redirect them if it fails. It might involve setting a session variable, is_admin_authenticated or something.