I have a web application that is currently written in rather messy PHP with a messy database that I'm in the process of migrating to Django. I have set it up in my project as a legacy database and have generated models using inspectdb, so I think I can fairly easily write a script to translate old database to new, but I'm not sure how to tackle the user side.
Originally the app had some sort of Facebook integration, but this broke a few years ago when Facebook changed their side. The current users table has Facebook IDs for some users, but no other Facebook data (some users have also set email addresses and local passwords too).
I have a basic install of django-allauth with the Facebook integration set up and working, so can I import all of the users somehow? Those with the local alternative login-credentials (whether with a Facebook ID or not) are probably more important than the ones that only have a Facebook ID, so should I just use the standard Django create user methods and let users re-enable their own Facebook integration at a later time?
Related
I have been working on a program in python that I want to make available to paid subscribers via REST. I'm currently thinking of having the frontend made in Wordpress and then host the backend somewhere else.
In wordpress there are a bunch of plugins to handle paid subscribers and so on and everything seems great but my concern is how do I verify this on the backend that is hosted somewhere else?
If I use Django, is there any way I can make some kind of call to the Wordpress server(?) and verify that the user that is trying to fetch items are an paid subscriber?
I made a Diagram to kind of show what I mean. Basically B should only answer back with items if the caller A is a paid subscriber.
I've read that it is possible to generate an API key that will be needed in order to fetch data from the API, I've also read ways of hiding this call from the frontend to the backend from the user by using some kind of relay on wordpress. Might be wrong here.
Is there any preferred way of doing this?
Is Django REST & Wordpress suitable options to do this?
You can do that using the Django REST framework(DRF) which is used for such purpose for making the rest API's.
As per your query i would suggest you to the DRF to read the data from wordpress database and perform the validation on top of it.
Here are some links that you can use for reference :-
https://pythonrepo.com/repo/istrategylabs-django-wordpress-python-third-party-apis-wrappers
https://www.ianlewis.org/en/administer-wordpress-django-admin
In programming almost anything is possible. However, since wordpress is built in php I would not say that it would be possible to work directly with it. But, (MAYBE) you can connect the wordpress database to django for READ only and create an api.
How I would do it if I had this task:
Connect Django to an existing db (your wordpress db):
Django itself teaches you how to connect with a legacy database from its documentation.
Django comes with a utility called inspectdb that can create models by
introspecting an existing database. You can view the output by running
this command:
$ python manage.py inspectdb
Save this as a file by using standard Unix output redirection:
$ python manage.py inspectdb > models.py
**This feature is meant as a shortcut, not as definitive model generation.**
Since you created the models you can create your endpoints:
Create you serializers and viewsets from the models that was auto-generated by django from your wordpress db.
Display the data you need such as the user data you need to fetch ex:paid_subscriber = True or paid_subscriber = 1. Certainly it will be there.
I think the only issue you will have is to connect with the wordpress database. After you have done this in django nothing can stop you to create endpoints with django-rest-framework displaying the data it has.
I recently started developing a Desktop python application and I would like to know how more expert people would handle this issue.
I used to develop (about 5-10 years ago) web applications in the past using PHP + MySQL and there, since the code/program is located on the server where the user doesn't have access (except the web page), I could simply store the user/group permissions in the database in a table say users, users_groups, users_permissions, and so on. I would then check at every page load if the user had the right to access that page / update that record in the database.
With a desktop application where the user has access to the executable (which can relatively easy be decompiled to source code, being written in Python) the approach will likely be quite different.
Since MySQL has forked into MariaDB and is not so actively developed anymore, PostgreSQL looked promising to start. I thought about creating different users on PostgreSQL level and letting PostgreSQL handle the permissions (instad of my application handling them directly).
However, this only allows tuning of the permissions down to the table level. A user will be allowed to create/delete/update records in a table, however no further control is available. AFAIK you cannot tell "let this user only update his own records" or "this user can only delete the records from this group", or "users from group X can only update their own records while users from group Y can update everybody's records".
My understanding as how to handle this kind of issue would be to put some kind of middleware application between the user and the database, located on the server, such as:
Desktop application <-----> Server-side application permissions handler <-----> Database
Where server-side permission handler could be as simple as adding a "WHERE user=..." to each query as well as much more advanced stuff (first check user permissions stored in the database, based on that decide if letting user execute the query or reject it). I think this is a common problem for all desktop applications and would therefore expect that such a server-side application already exist. Am I missing something obvious or maybe PostgreSQL allows for more detailed fine-tuning?
Thank you for all your help ;)
Your intuition is right. It is never a good idea having a client access directly a database. Take a look a Django https://www.djangoproject.com and https://www.django-rest-framework.org
This would be the the basis for your server side. You would handle here business logic, authentication, authorization. The client should basically present the data within the UI and delegate all the decision making to the server.
Here you can find a step by step tutorial about how to implement a REST api with user authentication in Django. https://wsvincent.com/django-rest-framework-authentication-tutorial/
One of my projects I have developed backend API using Django REST Framework and mobile app using React Native. I have done the following things:
When the users log in I store their username in local (mobile) database.
When users post data I send the username to server reading from local database along with the POST data.
I check whether the user is logged in or not using the username and then process the request.
My question is: am I doing it in the right way? If no then what are the right procedures to do this kind of authentication checking?
How are you authenticating your users? It sounds like your using sessions authentication which is fine as long as both ends are on the same doamin. Then you just use the request.user object as you normal would in a non-api setting. I would recommend using Django-rest-framework-Jwt https://github.com/GetBlimp/django-rest-framework-jwt Json Web Tokens do not require you to store a bunch of information in sessions on your server keeping things faster.
Here is a good example of implementing jwt if your interested https://www.techiediaries.com/django-rest-framework-jwt-tutorial/
Background info
I'm currently in the process of making a system that tracks work sessions, and the shifts done by people in those sessions. It will consist of a discord bot for alerts and responses to invites, a python app for initiating these sessions & invites, and eventually a rails web app for everything. Users will log on with their google accounts. MySQL database currently stores all the data.
Question
I want to make it so my python script (and eventually web app) users can log on using their Google accounts. What's the simplest use of OAuth2 to just get the user's email? The SQL database has their email and it would be nice to just have some simple call to the Google API that returns the email of the user, so I can cross-reference that with my user table to find which user is logging on.
Also...
This isn't just me being lazy and wanting someone else to give me the code for this project, I've actually done Google authentication before with accessing spreadsheets shared with users, however in this example I feel as though it could be simplified as I don't need access to any of the user's Google account, just which email they used to sign in, and I can't find a way myself.
I'm writing a Django app that uses django-allauth for Facebook integration, and uses django-tastypie for a backend for an iOS app. The iOS app will use the native Facebook iOS SDK. I'd like to be able to sign up and verify both Facebook and non-Facebook users from the iOS app, in addition to the website.
The issue is that django-allauth doesn't seem to have an API that can be accessed externally. The only clean way to plugin to allauth's functionality seems to be via Django template tags. Is there a way I can expose this functionality to be used with tastypie?
Django-allauth is all open source, so I've tried to parse through the code. My initial idea is to authenticate users on the iOS side using the native Facebook SDK, and then manually fill in information for SocialAccount, SocialToken, and add the SocialAccount to SocialApp (those are all django-allauth models). However, that seems to be quite a hacky solution. I'd love a way to cleanly create all those models given a Facebook ID, or something similar.
Update:
There's been some discussion concerning this issue on the GitHub. Basically, there's no built-in functionality yet. I'm going to whip up a custom solution that only deals with Facebook (because that's all I'm using in my application). I'll post what I did here later if it works.
Quick look into django-allauth shows that they are using SocialAccount model to hold data on specific method of authentication and type of social account.
You need to create an API endpoint based on SocialAccount model. You need to pass there variables like: account type (facebook, local, twitter etc), additional auth variables needed by social auth providers. Then, in your code you can create SocialAccount model instances, feed with data received from API endpoint call and trigger corresponding auth call via django-allauth. Finally you should return result of your auth call.
I don't see a big reason to use django-allauth for local/facebook auth only, with some small effort you can have whole range of social auth providers.
I used requests library to deal with facebook API and it works great, I think no social login plugin for Django works for others but the author, if you want to do something seriously.
PS. I used django-rest-framework to build the rest backend for mobile apps, also including local account login and social site login.