I have a set of expectations I'm trying to achieve. I want a sign up, login, and forget password page. I also want to have social sign in using Twitter, Facebook, or Google. Another thing I want is to send a confirmation email to the user validating their account.
I know I can do this with Django allauth, but allauth comes with extra features that I don't need. For example, I don't need the password reset and change email pages. I want to remove these pages and their corresponding functionality, but I'm afraid I might break the code if I do this.
I was thinking about two solutions. One solution would be to go through the allauth templates and change some of the code to fit my specifications, but I feel like it would be very tedious because a lot of things might break if I remove some funcionality.
The second solution I was thinking of doing was building on top of auth and using a custom User model and building custom login, sign up, and reset pages. Adding the required functionality and everything. I could also build the models to provide social login by copying allauth's templates. I am just debating on what would be the best possible choice to do this. I would be happy if anyone can point me in the right direction.
Related
I want to create a project in Python, Django. So I will be the admin. I will allow employer to create their system that allows their employee to login. How would I do so? I cant find any documentation on it. Employer will have to create employee account.
I'm assuming that you're already somewhat familiar with Django, and know how to set the system up so that you can create users in the admin page as a superuser. If this is not the case, you would benefit from working through a couple of tutorials on YouTube or one of the courses on Udemy.
A couple of options you have, based on what I think you're trying to do:
You grant the employer staff/admin permissions and allow them to access the Django Admin page so that they can create additional users at will. This would be the easiest way, but could also be the most risky if they do not know what they're doing.
Create custom permissions groups: documentation. If you don't want individual users to create their own accounts, you would need to set up views to allow those with the proper permissions to do it on their behalf.
There are several other options, but a lot of it is going to depend on how/where you plan to deploy your system and how complex you want the whole thing to be. Depending on the content, you might to look into DjangoCMS, which could offer you everything you're looking for out of the box.
If you can be a bit more specific about A) how you plan to deploy, B) what type of content the site will serve, C) where you plan to deploy it, and D) how Django-savvy the employer will be, it would be easier to provide you with a more comprehensive answer.
I've created a custom user model (AbstractBaseUser) so that user could login into my website.
The problem is that I want to keep using Django's default user and authentication system for the admin so that staff could easily log in and manage stuff.
I saw a lot of tutorials but all of the instruct to change the setting AUTH_USER_MODEL, but if I change that I won't be able to keep using Django's default user.
Is there any solution for this?
Thanks in advance.
I have never implemented this myself, but to point you in the right direction, it may be worth having a read through this:
https://docs.djangoproject.com/en/1.10/topics/auth/customizing/#authentication-backends
By the sounds of things you may be able to write an authentication backend for your front end user model, that you can run in tandem with Django's authentication system.
If you could get this to work, I would imagine that you would then have to make sure that the front end user model, once authenticated, can not access the admin part of the site.
For me the million dollar question here is, why do you want to keep the front end and backend users on separate models? They both have the same job, to authenticate the user?
I've created several projects in the past where there are front end users and admin users. Out of the box, without any modification you set the user attribute is_staff=False for front end users and is_staff=True for the admin users; that determines whether or not a user can access the admin part of the site, and I've never had any issues with this approach.
If the front end user (or backend user) desires additional functionality, the simplest solution would be to extend the user model:
https://docs.djangoproject.com/en/1.10/topics/auth/customizing/#extending-the-existing-user-model
Alternatively you could user your could create a custom user model and use this for both.
If you're willing to provide more details, perhaps I could help further, but unless there's a strong reason for having separate user models, I'd just stick with the one and configure and extend as you need.
I hope this helps.
I want to make a django site which has no profile authentication or signing in. Anonymous users will be able to make a form that will be potentially open to anyone else on the site.
I'd like to do two things:
Somehow limit access to this form to certain people, without on site profiles. Maybe passwords/encryption keys distributed by email? Or secret one-time links using random URL's to make finding them/crawling them difficult, only accessible to those who know about them?
A way that the user who created the form can delete the form. Again, perhaps email a secret password upon creation to whoever created the form, which can let them delete the form?
Are there any Django plug-ins I should look into, or does anyone have tips about how I should go about this? I'm interested in the shareasecret site, and aspects of security in one time links without profile authentication, however, I'm not sure of best practices and ways to go about this sort of thing.
There is no best practice nor a plugin for this use case. It is a common-or-garden, simple use case which should not demand that much of code and logic that you look for some plugin or best practice. Just draw the picture you imagine, sit and write your code. if you have any exact problems in your code, then ask a question.
Given the specific site you're trying to recreate has an api, it would appear that the details aren't matched against the user, but the post itself. so simply make a model that has the two things that it requires
Query Params
SECRET_KEY: the unique key for this secret.
passphrase (if required): the passphrase is required only if the secret was create with one.
So either I'd suggest use the same method yourself, or just use their api.
So I have lots of forms that aren't attached to models, like a search form. I don't want people to be able to access these without first verifying their account through an email. How is the best way to limit their ability to do this? Is it through custom permissions? If so, how do I go about this? Thank you so much!
You have several ways to do it:
UI level: when the search field is focused you can say through an alert or other mechanism to notify users you are not allowed to search.
Server level: assuming your user is logged in or has an account you can verify the user in the search request and return a response where you state you cannot search without confirming your email.
Don't let them use the site after registering unless they confirm their email. You can see doing searches as data display and if you don't block that either you confuse users. Why can I see all articles but can't search?
I would go for 3. and let them use the site. They can confirm it afterwards when they try to do something which modifies the DB (aka they try to post something, then from a psychological standpoint there is a block between them and their objective and they will be more willing to confirm in order to achieve their objective)
I am looking for a generic Tell a Friend application in django which will allow my website users to invite and tell about website features to one's mail or social networking friends by sending invitation email to join the website....
Any suggestion will help...
Thanks in advance...
This isn't Django, but you might consider a remotely-hosted application like ShareThis.
Otherwise, you could make use of this code, and add parameters (such as name and email address) into the URL where possible / necessary. In any case, I'm not aware of a Django-specific solution that integrates with the CMS out of the box - you might have to do it yourself, at least partly.
There's a reusable app at github called django-tellafriend.
Haven't used it myself. In the essence however it shouldn't be to hard to roll your own app for this if you have special requirements. Basically you need a form and send out an email if it's valid. If you want to keep track of the you can store the information using a simple model.
Connecting to social networks might be a little trickier, but there are also a few django apps for this like django-facebook and django-social-auth.