I'm using Django to develop the backend of my mobile app. I noticed some app have an 'one tap registration" functionality. User can just tap a button and a user id is generated for him, he can upload his data to his account already. Later when he has time, he can update info like username, password or email.
I'm wondering how can I do this with Django, I check django-user-accounts or the native Django.contrib.auth, but it seems they always require username or email at first.
If you are planning on using django.contrib.auth, you can write your own custom user model in Django 1.5. The example listed in the docs would work for your use-case.
You don't need to extend AbstractBaseUser, but if you do, it expects a USERNAME_FIELD value. Alternatively you can use any kind of model you want, but without a USERNAME_FIELD convenient methods like login() and logout() and authenticate() may break.
Related
Currently I implemented a login routine for the website I am working on, according to This Tutorial.
Also I am not authenticating the user with djangos own system, because I am using authentication against the LDAP of my company (django-auth-ldap).
Currently I am using a general user to login to the database, which has universal access to all data, which also gives full access to any user logging in to the website.
To avoid that I would like to know how I can connect to the database as the individual user, who just logged in to the website.
Thanks in advance and sorry for bad english
Restricting user access to functionality and authenticating with the DB are handled separately in Django. You might be able to read the privileges of your users from the DB and map them to Django permissions but this is non-trivial (about Permissions see https://docs.djangoproject.com/en/2.1/topics/auth/default/#permissions-and-authorization).
In a UI/UX that has functionalities restricted depending on authorization, the frontend and backend need to be aware that permissions need to be checked and missing authorization needs to be communicated in some way or other to the user.
Example:
Users in group A are allowed to delete X. They see the "delete" button and there might also be an AJAX call that can delete X.
Users in group B are not allowed to delete X. They do not see the delete button and the AJAX call that can delete X needs to check for that permission and/or user group membership.
If you are only using a DB level authorization layer than - how would you know if the "delete" button should be displayed and for what to check in the AJAX call?
hi!
If I'm getting your problem correctly, the user you are creating is a Super User every time right?
Well if you are using Django auth.User model, you can just make User_object.is_super to False and then restrict the access of users though if-else in view! (User_object is the object of the auth.User model)
Does that made any sense?
//BTW, a side-note, a mistake I made while making my first custom user model: make sure to store your passwords hashed using Django hashes and salts!
I've created a custom user model (AbstractBaseUser) so that user could login into my website.
The problem is that I want to keep using Django's default user and authentication system for the admin so that staff could easily log in and manage stuff.
I saw a lot of tutorials but all of the instruct to change the setting AUTH_USER_MODEL, but if I change that I won't be able to keep using Django's default user.
Is there any solution for this?
Thanks in advance.
I have never implemented this myself, but to point you in the right direction, it may be worth having a read through this:
https://docs.djangoproject.com/en/1.10/topics/auth/customizing/#authentication-backends
By the sounds of things you may be able to write an authentication backend for your front end user model, that you can run in tandem with Django's authentication system.
If you could get this to work, I would imagine that you would then have to make sure that the front end user model, once authenticated, can not access the admin part of the site.
For me the million dollar question here is, why do you want to keep the front end and backend users on separate models? They both have the same job, to authenticate the user?
I've created several projects in the past where there are front end users and admin users. Out of the box, without any modification you set the user attribute is_staff=False for front end users and is_staff=True for the admin users; that determines whether or not a user can access the admin part of the site, and I've never had any issues with this approach.
If the front end user (or backend user) desires additional functionality, the simplest solution would be to extend the user model:
https://docs.djangoproject.com/en/1.10/topics/auth/customizing/#extending-the-existing-user-model
Alternatively you could user your could create a custom user model and use this for both.
If you're willing to provide more details, perhaps I could help further, but unless there's a strong reason for having separate user models, I'd just stick with the one and configure and extend as you need.
I hope this helps.
I have simple form for create new user in Django.
Also I want that request (from user) forward to the administrator's email, and just admin can enable that account. User has to wait respond from admin. If admin enable that account, user is going to be able to use account!
Create the user with is_active = False, Then you can easily filter those user on django admin panel.
Or you can use django signal such as post_save signal to send an email to administrator's email, email can be included with an activation link which is unique for activating the user.
You can create a separate model to keep inactivated user and for each record generate an random-hashed key. You can use that random-hashed key (token) in activation link that you sending to administrator's email.
There is already some application that let you to handle registration, for example django-registration. But your case it little bit tricky. Because you want to admin be able to activate those users. So I suggest you to look at django-registration source code. It's so clear and easy to understand. Just read the code and you will get the point.
I found the django-registration app, but it seems to complex for what I am trying to do. I want users to simply enter their e-mail (username) + a password and automatically be registered. No activations or confirmations. Hacker News style. Does anyone know what the simplest way to implement this would be? Is there something pre-existing out there that you know of (I couldn't find anything), should I somehow modify django-registration, or build this on my own?
Login/Authentication
To make Django authenticate using email/password instead of username/password, you will need to add to your settings.py:
AUTHENTICATION_BACKENDS = ('myproject.myauthenticationbackend')
This authentication backend needs to be able to authenticate a user based on email/password. A good email authentication backend can be found here: http://djangosnippets.org/snippets/74/
User Registration
Normally, your registration form will ask user for the email and password. However, Django's auth User model requires every user have a username. One way to handle adding a username is - upon saving of the registration modelForm, generate a random username (since we're not using it anyways).
You will need to check manually that the email the user has entered is already registered in your system.
I've also written a blog post about it a while back and has more complete notes on email authentication. It also includes a sample email/password registration form:
http://www.xairon.net/2011/05/django-email-only-authentication/
I don't know any app which is doing that but it seems quite simple. I don't think it is necessary to modify and use django-registration in this case.
Create a form that will ask for email and password and then create the corresponding user. The username may be generated from a slug of the email address.
Look at the following snippet for allowing to authenticate with an email address. http://djangosnippets.org/snippets/74/
I've recently started learning/using django; I'm trying to figure out a way to have two separate authentications systems for administrators and users. Rather than create a whole new auth system, I'd like to leverage django's built-in functionality (i.e. session management, #login_required decorator, etc.).
Specifically, I want to have two separate login tables - one for admins, one for users. The admin login table should be the default table that django generates with its default fields (ie. id, username, email, is_staff, etc.). The user table, on the other hand, I want to have only 5 fields - id, email, password, first_name, last_name. Furthermore, I want to use django built-in session management for both login tables and the #login_required decorator for their respective views. Lastly, I want two separate and distinct login forms for admins and users.
Anyone have any suggestions on how I can achieve my goal or know of any articles/examples that could help me along?
If I understand your question correctly (and perhaps I don't), I think you're asking how to create a separate login form for non-admin users, while still using the standard Django authentication mechanisms, User model, etc. This is supported natively by Django through views in django.contrib.auth.views.
You want to start with django.contrib.auth.views.login. Add a line to your urlconf like so:
(r'^/login/$', 'django.contrib.auth.views.login', {'template_name': 'myapp/login.html'})
The login generic view accepts the template_name parameter, which is the path to your custom login template (there is a generic one you can use as well, provided by django.contrib.auth).
Full documentation on the login, logout, password_change, and other generic views are available in the Django Authentication Docs.
You could potentially write one or more custom authentication backends. This is documented here. I have written a custom backend to authenticate against an LDAP server, for example.
Modify things slightly so that users have a category prefix on their username? You haven't given us much info on what you want to do, it's possible that your needs might be met by using the sites framework, or simply two separate django installs.
If what you're trying to do is make the user login page and the admin login page separate, just use the built in framework as detailed in the docs to create a "user" login page and leave the admin one alone. If you're worried that users will somehow start editing admin login stuff, don't be, they won't unless you let them.