I have two django applications that are deployed at two different sub-domains, for example:
data.mysite.com
i.mysite.com
Both sites use the same django authentication framework and such, setting a cookie called sessionid. I can read the cookie from the current site using:
def my_view(request):
# suppose this view is within the i.mysite.com application
i_session_id = request.COOKIES['sessionid']
data_session_id = ? # how to get this?
But then how could I grab the cookies from the
If you want to have a shared authentication between your 2 subdomains then you need to set your session on .mysite.com domain. Then when you request to data.mysite.com will include this cookie, same for i.mysite.com domain. So, in settings.py:
SESSION_COOKIE_DOMAIN=".mysite.com"
Related
I try to create an Django app which will work for multiple domains with single app instance.
For example:
there are three domains: group1.com, group2.com, group3.com
each domain has restricted content available after login
user1 is associated with group1.com and group2.com
when user1 log in to group1.com and try to enter group2.com, he will be automatically log in into the group2.com
there is URL, e.g. DOMAIN_NAME/posts/ which will show all content for user which is logged in from all domains which are associated with this user (in this case, for user1 there should be all "posts" from group1.com and group2.com)
when user1 enter group3.com, he's not logged in
I used Django Site framework to associate user with domains - content restriction for user in specific domains works fine.
Additionally, I used SESSION_COOKIE_DOMAIN parameter in settings.py for "share" cookie between domains and, unfortunately, it only works for subdomains. For example, after set:
SESSION_COOKIE_DOMAIN = '.group.com'
and after I wrote simple middleware, I'm able to meet the requirements that I wrote above but only for subdomains, like 'one.group.com', 'two.group.com', 'three.group.com'.
I was looking for solution for handle that, but I haven't found an answer for newest Django 3.x framework.
Is there any way to handle that like I explained?
I think "django-hosts" package for you.
Firstly, you should give permission some domain.
ALLOWED_HOSTS = [example1.com,example2.com,example3.com]
And than, you can use django-hosts
from django_hosts import patterns, host
host_patterns = patterns('path.to',
host(r'api', 'api.urls', name='api'),
host(r'beta', 'beta.urls', name='beta'),
)
You can see more information -> https://github.com/jazzband/django-hosts
I know question sounds strange, I will explain it here.
I have two Django servers which share the same DB. One is a light front/back server and the order one takes the heavy computing part. They share the same database.
I am currently securing the web, and I have a couple of views in the light server requiring user login:
#login_required()
#permission_required('auth.can_upload', login_url='/accounts/login/')
This works nicely in the light server since the user is authenticated (request.user returns a valid user in the views).
The problem comes when I have to send the uploaded data to the other server since it is protected as I showed earlier, I do not know how to pass it the user that is already logged (user is valid since servers share the DB).
# send an upload request using requests
s = requests.Session()
r1 = s.get(upload_process_url)
csrf_token = r1.cookies['csrftoken']
a = s.post(upload_process_url, files=request.FILES,
data={'csrfmiddlewaretoken': csrf_token},
headers=dict(Referer=upload_process_url))
I cannot ask every time the user and password or save them. The thing is I want to pass the user that is already logged in a request.
The user was logged using the default django accounts/login page and authentication.
Any clues and what could I try? I think this problem cannot be as difficult as it looks to me. I just want to send an authenticated request. If I remove the decorators everything works nicely with this code
Thanks a lot
Have a look at REMOTE_USER authentication:
This document describes how to make use of external authentication sources (where the Web server sets the REMOTE_USER environment variable) in your Django applications. This type of authentication solution is typically seen on intranet sites, with single sign-on solutions such as IIS and Integrated Windows Authentication or Apache and mod_authnz_ldap, CAS, Cosign, WebAuth, mod_auth_sspi, etc.
Basically your "light" server does the authentication as it already does. When you are doing a request to your "heavy" server, you should set a Auth-User header containing the username of your user. Django will then automatically authenticates the corresponding user.
By default, Django will read an environment variable set by an authentication server. But we can make it work with a HTTP header instead:
# middlewares.py
from django.contrib.auth.middleware import RemoteUserMiddleware
class CustomHeaderMiddleware(RemoteUserMiddleware):
header = 'HTTP_AUTH_USER'
# settings.py
MIDDLEWARE = [
'...',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'my_project.middlewares.CustomHeaderMiddleware',
'...',
]
Then, you can do something like this then in your request (assuming you have your Django user at hand):
s = requests.Session()
r1 = s.get(upload_process_url)
a = s.post(
upload_process_url,
files=request.FILES,
headers={
'Auth-User': user.username,
},
)
Since you're not doing a request from a browser, you can avoid the CSRF protection by marking the called "heavy" view with #csrf_exempt decorator (as you found yourself).
Be careful though that your "heavy" server should not be accessible directly on the internet and always behind a proxy/VPN accessible only by your "light" server.
I have installed Python Social Auth. I use it to associate user site account with his social media accounts.
Facebook connect link is:
Connect
Redirection works but how to know if social media association is successful?
If an exception is catch, I can display get_messages() function. It's perfect!
But any return if it's successful.
I have tried to custom a pipeline but I have not access to request variable to set message like it: messages.success(request, "Successful message!')
You do have access to request in your custom pipeline:
The pipeline functions will get quite a lot of arguments, ranging from the backend in use, different model instances, server requests and provider responses.
You can read more about it here.
and you can get access to request object like this:
def custom_pipeline(strategy, *args, *kwargs):
request = strategy.request
and do whatever you wanted with messages.
There is an option
SOCIAL_AUTH_LOGIN_ERROR_URL = '/error/'
in python social auth settings which redirects to the url you mention in above setting.
This way you will know whether the connect is success or not.
Hope this is helpful.
I have a Django site that pulls up email groups from Google Apps using the provisioning API. I have something like:
import gdata.apps.groups.client
client = gdata.apps.groups.client.GroupsProvisioningClient(domain="example.com")
client.ClientLogin('email', 'password', source='apps')
The login takes a while, so I asynched the retrievals with ajax calls. It is the login call that takes up most of the time and it needs to be done for multiple views. Eg: one view renders the list of available groups and another view renders members of a selected group.
I'm wondering if there's a way in Django to kinda persist such a client object so that it would be available in multiple views?
If you made the GroupsProvisioningClient instance a module level global, and have utility function to get it, like:
CLIENT = GroupsProvisioningClient(domain="example.com")
def get_gapps_client():
if not CLIENT.is_authenticated() # made up function!
CLIENT = CLIENT.ClientLogin('email', 'password', source='apps')
return CLIENT
I am building an app for making API calls to websites like (FB, LinkedIn, etc.) I need to use OAuth to authorize my application to request data on behalf of the user. I am stuck with a problem of storing the instance of my website interface library (LinkedIn) across views. I used request.session - with file back end.
Below is the code http://pastebin.com/QTgqSr7W
Am I doing something wrong? can see the value being set in login() but I cannot see the same value in token(). Is this wrong to expect? Any workaround for passing the value of the api instance?
Thanks and Regards,
Atul.
hmm, i think its because you are saving the entire api python instance, i dont think that sessions support that kind of data, why not just redirect user to auth url without saving something in session, then in callback view, you instantiate the linkedin.LinkedIn class like so
from django.conf import settings
key = settings.KEY
secret = settings.SECRET
return_url = settings.CALLBACK
# You make the api connection here, so its not tied to any function
api = linkedin.LinkedIn(key, secret, return_url)
def login(request):
if api.request_token():
auth_url = api.get_authorize_url()
return HttpResponseRedirect(auth_url)
#below is the view that will get called with the oauth oken.
def token(request, param):
#do stuff with the api.