Force user authentication in URL dispatcher of Django - python

I would like to restrict a specific path to authenticated users in urls.py. I know how to do it in views.py, the problem is that this is a module which I have installed using pip, so I do not handle it in my views, and I do not want to modify the source code of this module.
...
path('thispath/', include('module.urls')),
...
May I force an authentication in urls.py ? Or should do it in views.py as usual (or using decorators):
request.user.is_authenticated

I have found a solution. It should be done using decorators, but as it is an include, the default login_required decorator does not work.
So, one solution could be with django-decorator-include
from django.contrib.auth.decorators import login_required
from decorator_include import decorator_include
...
path('thispath/', decorator_include(login_required,'module.urls')),
...

Related

How to check user is authorised or not in urls.py?

I'm using a library for creating several calls in the front end but I have a problem. The library does not have authenticated user control, which is a severe problem, and also I cannot change the library for some reason.
Is there a way to control the user login in urls.py?
urls.py
from drf_auto_endpoint.router import router
...
path('api/v1/', include(router.urls)),
If you want to check if user is_authenticated or not in urls.py, you can use login_required function:
from django.contrib.auth.decorators import login_required
path('api/v1/', login_required(include(router.urls))),
You can see some examples in here

Django/Django Rest Framework - Disable CSRF

Im looking for a simple way to disable all the CSRF validation to can test my API in Postman.
Till now I have tried add #decorator csrf_exempt without success.
I also tried create a disable.py file inside the app, but didn't work also.
Also I want desactivate for all requests, so some way to dont have to add the decorator everywhere. This a project that I just got, is already in Production, but I want to start to write Tests first in Postman, later TestCases.
All my views are using a "api_generics.CRUDGeneric",
the declaration of that class is:
class CRUDGeneric(mixins.CreateModelMixin, mixins.ListModelMixin, mixins.RetrieveModelMixin,
mixins.DestroyModelMixin, mixins.UpdateModelMixin, viewsets.GenericViewSet):
thanks is advice
#62009030 you should be able to do what #smarber mentioned.. This could also work.. It is a traversed way to add csrf_exempt
from django.conf.urls import patterns, url
from django.views.decorators.csrf import csrf_exempt
import views
urlpatterns = patterns('',
url('^asimpleurl/$', csrf_exempt(views.CRUDGeneric.as_view())),
...
)
This could be a work around for your problem..

Django / From redirect_to to RedirectView

Since you know, we can't use from django.views.generic.simple import redirect_to in Django 1.5. However we were using this kind of functions in our views.py:
return redirect_to(request, '/auth/login/')
I want to migrate from 1.4 to 1.5 but I couldn't figure out how to use RedirectView in views.py with request and url argument.
You can use redirect instead
Now you can simply change the redirect_to to
return redirect('/auth/login')
You can use Class based views or RedirectView
RedirectView helps you to redirect your url which works as like redirect_to. Both are applied in urls.py. But I couldn't find any solution to redirect from views.py.
Source: "No module named simpleā€ error in Django

login_required doesn't work when redirecting

I have a function in my view which has a decorator login_required. When the user is not authenticated redirects me automatically to
babylon/?next=prot/ats2
but it should be:
babylon/prot/?next=prot/ats2
since babylon/prot is the root from my project (it is set up like that in my apache config).
LOGIN_URL seems not to apply for this problem.
How can I solve this?
Thanks in advance
As of Django 1.5, you can LOGIN_URL can be the name of the url pattern. So if you have a url pattern named 'login', you should be able to do:
LOGIN_URL = 'login'
If you're using Django 1.4, you can use reverse_lazy
from django.core.urlresolvers import reverse_lazy
LOGIN_URL = reverse_lazy('login')
If that doesn't work, you're probably going to have to update your question to include the relevant part of your apache config.
From Django documentation:
from django.contrib.auth.decorators import login_required
def my_view(request):
# ...
my_view = login_required(redirect_field_name='redirect_to')(my_view)
Or you can also use:
settings.py
LOGIN_URL = '/where/'
In documentation we can read that:
LOGIN_URL
Default: '/accounts/login/'
The URL where requests are redirected for login, especially when using the login_required() decorator.
I have no idea what it is not working.

Customized views with django-registration

I need to make a very simple modification -- require that certain views only show up when a user is not authenticated -- to django-registration default views. For example, if I am logged in, I don't want users to be able to visit the /register page again.
So, I think the idea here is that I want to subclass the register view from django-registration. This is just where I'm not sure how to proceed. Is this the right direction? Should I test the user's authentication status here? Tips and advice welcomed!
Edit
I think this is the right track here: Django: Redirect logged in users from login page
Edit 2
Solution:
Create another app, for example, custom_registration, and write a view like this (mine uses a custom form as well):
from registration.views import register
from custom_registration.forms import EduRegistrationForm
def register_test(request, success_url=None,
form_class=EduRegistrationForm, profile_callback=None,
template_name='registration/registration_form.html',
extra_context=None):
if request.user.is_authenticated():
return HttpResponseRedirect('/')
else:
return register(request, success_url, form_class, profile_callback, template_name, extra_context)
I had to use the same function parameters, but otherwise just include the test, and if we pass it, continue to the main function.
Don't forget to put this in your URLConf either (again, this includes some stuff about my custom form as well):
top-level URLConf
(r'^accounts/', include('custom_registration.urls')),
(r'^accounts/', include('registration.urls')),
custom_registration.views
from django.conf.urls.defaults import *
from custom_registration.views import register_test
from custom_registration.forms import EduRegistrationForm
urlpatterns = patterns('',
url(r'^register/$', register_test, {'form_class': EduRegistrationForm}, name='registration.views.register'),
)
As far as I remember django-registration is using function-based views, so you can not really subclass them. The approach I usually follow is "overwriting" the original views (without modifying the django-registration app of course). This works like this:
Create another app (you could call it custom_registration or whatever you want)
This app need to contain another urls.py and in your case another views.py
Copy the original register view code to your new views.py and modify it, add a pattern to your urls.py to point to this view (use the same url pattern as in django-registration for this view)
Put an include to your projects urls.py of your new app urls.py before your are including the original django-registration app. This could look like this for example:
urlpatterns = patterns('',
...
url(r'^accounts/', include('custom_registration.urls')),
url(r'^accounts/', include('registration.backends.default.urls')),
...
)
This simply works since the first matching url pattern for /accounts/register will point to your new app, so it will never try to call the one from the original app.

Categories

Resources