In python, I want to send a request to a url which will return some information to me. If I try to access the url from the browser, a popup box appears and asks for a username and password. But after that I need to login again with another username and password. I have a username and password for these url and I don't know how to make python automatically complete these fields to access the URL. Can anyone help me to solve this problem?
Related
I'm trying to configure Django app with a user authentication model(django-allauth).
It almost works well but when a user tries to change his password, a problem occurs.
Let's say when a user want to change his password, he goes to Password reset page
Example
http://3.129.xx.xxx/accounts/password/reset/
He put his Email address on the form and submit, then he recieve a "Password Reset E-mail" with a link to reset the password.
Example
https://u22207100.ct.sendgrid.net/ls/click?upn=EGpFlOkd4a3JZnFjHjqKqsCiiinSf51vqFvV.....
Cliking above link, the user redirected to
http://3.129.xx.xxx/accounts/password/reset/key/1-set-password/
But that page has only links "Sign In" and "Sign Up".
It does not have any form to put new password the user want to set.
Change password page's image
In this situation, the user can not change password.
should I set something to allauth system??
I just mentioned the above settings in this question but still if more code is required then tell me I'll update my question with that information. Thank you
On project I use django-rest-auth for user registration and authentication. Also i added code for facebook login:
from allauth.socialaccount.providers.facebook.views import FacebookOAuth2Adapter
from rest_auth.registration.views import SocialLoginView
class FacebookOAuth2AdapterFixed(FacebookOAuth2Adapter):
def __init__(self):
pass
class FacebookLogin(SocialLoginView):
adapter_class = FacebookOAuth2Adapter
And in my project urls.py I add
url(r'^rest-auth/facebook/$', FacebookLogin.as_view(), name='fb_login'),
But on url localhost:8000/rest-auth/facebook I see form with 2 parameters: Access token(already have) and code.
My question is next: Can I login via facebook without this code, and if not, how can I get this code without frontend? How can I check work user authentication/registration or not?
PS: SocialApp created, facebook app created, app id and app secret added to social app.
Only one of "Access Token" or "Code" field is required. (I have not tested the Code field but the Access Token field works, with the Code field left blank)
To use Access Token, after the user performs the "Login to Facebook" step on the client side using Facebook javascript SDK, you will receive a response from Facebook which includes "accessToken" for accessing data on Facebook. Simply paste this accessToken into the "Access Token" field and it will automatically login and/or create the user's account from data retrieved from Facebook.
Obviously you can then perform the same process by posting the access token to the form all in javascript.
In the field of Access Token, Pass the User Access Token that you will get from Facebook developer dashboard(generate and debug), code field you can leave as blank. It will create user in your application and will return JWT token with user details.
I'm having an issue when trying to get the information of the user that is logged in in Django. My Login service looks like this:
username = request.data['username']
password = request.data['password']
user = authenticate(username=username, password=password)
if user is not None:
if user.is_active:
login(request, user)
It's currently working properly at least when using Django Rest Framework
(It even appears at the top right the user that is logged in).
I'm trying to bring the profile of the user that is logged in so I developed a profile service which tries to get the user logged in which is working perfectly when using Django Rest Framework.
The issue comes when I try to call the same endpoint from a JS client. I think it might be an issue with setting something in the header after the Django login is executed. Currently, I am not doing anything in my JS client but to call to the login endpoint which is returning properly. Should I set a cookie or something in the header of each request so Django knows which user am I? If so, how should it be that ?
Thanks in advance
Should I set a cookie or something in the header of each request so Django knows which user am I? If so, how should it be that ?
You definitively need the session cookie to be passed.
By default, it'll be sessionid
I would like to know how do I protected a page with just a passcode using the django web framework . Example, I send a link to an user and in that link there is a message. When the user open the page a passcode field would appear and then when the user type the right passcode, the message will appear. I don't want the user to type an username and password. I just want then to type a 4 digit code.
Create a service that returns messages when you send the code via post. This is mostly javascript except for the service that would be handled in your django view.
Check link -> get html + js -> send post with the code -> get the message.
I'm trying to integrate Mozilla Persona (browserid) into a Pyramid application. The login process is:
user can login on any page by clicking on the login button
a popup then shows a login form
when the users enters correct login/password, an ajax call is made by the popup to a Pyramid view that checks users credentials, and calls Pyramid remember function if the check succeeded
the browserid javascript code then reloads the current page
Now I want to handle the case of a new user subscribing to the web app and present a new view asking for a few more details (desired username, etc).
Since the "remember" function is called by an ajax call from the popup, I cannot redirect the user the the "/newuser" page.
So every view needs to redirect new users to the "/newuser" url whenever the remembered browserid has no corresponding user in the database.
Is there a way to intercept user requests before calling a view to call the "new_user" view instead? Or maybe my authentication approach is fundamentally incorrect and I should rely on another approach?
One way to do this would be to create an exception that should be raised when the user is created, and use this exception as the context of a view that would redirect to the new page.
class NewUser(Exception):
pass
#view_config(context=NewUser)
def new_user_exception(request):
return HTTPFound(request.route_path('new_user'))
Make sure the exception is raised during the first request after the first login (after having created the user object, for example), and the user will be redirected to the right page.
You could also put the code for the welcome page directly in new_user_exception, but without redirection, this page would have the url asked by the user, whatever it was.
Another solution would be to tweak how the persona part is done. For that, I'm going to guess you are using pyramid_persona (I'm the writer :) ). If not, what I'm saying will still apply, and will be even simpler to do.
What you could do is :
Change the login view so that it includes in the response a boolean saying whether this is the first login or not.
Change the javascript to check this boolean, reload the page if it's not the first time, and redirect to the welcome page if it.
The code for the login view can use pyramid_persona's login view like this :
from pyramid_persona.views import login
#view_config(route_name='login')
def new_login(request):
response = login(request)
if response.status == 200: #the login worked
# tweak the response
return response
EDIT : There's now a part about this in pyramid_persona's documentation : Do extra work or verification at login.