I am in process to setting up a new django project and I want to use the provided apps django-registration and django-profile. I installed both of them with easy-install and managed to get the django-registration working fine. My next step would be to connect the django-profile app to the working branch. The django-registration offers a service, that redirects to a URL, which is defined in the settings.py-variable LOGIN_REDIRECT_URL. My guess was, that I can simply paste a url of the django-profile app to connect both. (e.g. '/profiles/').
My settings.py-variable AUTH_PROFILE_MODULE is set on 'registration.User', (trying to use the django-registration model!).
But I get a
SiteProfileNotAvailable at /profiles/
No exception supplied
error.
I tried to follow these steps:
https://bitbucket.org/ubernostrum/django-registration/src/tip/docs/index.rst
https://bitbucket.org/ubernostrum/django-profiles/src/tip/docs/overview.txt
But i am not sure, if I done everything properly, namely this paragraph from overview.txt
For default use, create a profile model for your site and specify the
AUTH_PROFILE_MODULE setting appropriately. Then add profiles
to your INSTALLED_APPS setting, create the appropriate templates
and set up the URLs. For convenience in linking to profiles, your
profile model should define a get_absolute_url() method which
routes to the view profiles.views.profile_detail, passing the
username.
So my questions are:
Is that a well known error?
Is it the right way to set 'registration.User' as AUTH_PROFILE_MODULE?
What is ment by "should define a get_absolute_url() method which
routes to the view profiles.views.profile_detail, passing the
username." in the overview.txt?
django-registration is hard to use thanks to the type of documentation and lack of templates. Many Django developers now use django-social-auth instead:
https://github.com/omab/django-social-auth
http://django-social-auth.readthedocs.org/en/latest/index.html
You can see how Kenneth Love integrated it into the Django Packages code base here:
https://github.com/opencomparison/opencomparison/blob/master/apps/profiles/views.py#L83
https://github.com/opencomparison/opencomparison/blob/master/settings.py#L277
Related
I've disabled authentication for Django admin panel as described here.
I would like to go further and completely skip django.contrib.auth migrations like users or groups tables.
I've tried to remove django.contrib.auth from INSTALLED_APP and then I got error like below:
RuntimeError: Model class django.contrib.auth.models.Permission doesn't declare an explicit app_label and isn't in an application in INSTALLED_APPS.
Is there any way to use Django admin panel without migrating django.contrib.auth migrations?
Short answer : No
Long answer : From a security standpoint there is absolutely no reason to ever do that, you will make your database open to everyone, with personal information.
Fortunately Django is smart enough to not let anyone do that and the requirements for the administration requires the auth middleware and the django.contrib.auth dependencies.
Again, you should not do that, you could tweak the Django framework and that could work, but you will need to write a lot of boilerplate and most package won't work.
If you want to update your authentication backend Django make it pretty easy to do so : https://docs.djangoproject.com/en/4.1/topics/auth/customizing/
But be aware that would still need at least one auth backend for the admin to work.
django admin (django.contrib.admin) is tightly coupled with django.contrib.auth.
I didn't find a way to use use admin panel without auth app.
Nevertheless,
I've found a solution, which met my expectations.
I've set has_permission attribute of admin.site to True, as described here.
Next, I've unregistered Group and User models from admin panel as described here.
It's not clean solution, since django.contrib.auth migrations are still run, but normal user will not notice.
I have defined multiple sites as the documentation of the Site Framework suggested.
I understand that if I would run mulitple instances of my application with each of them having a different settings file (different SITE_ID), Django would always know which Site to use.
What I was trying to do is to run a single instance, where multiple sites are available, and the right Site should be chosen depending on the current url of the site.
The Sites documentation states:
The SITE_ID setting specifies the database ID of the Site object
associated with that particular settings file. If the setting is
omitted, the get_current_site() function will try to get the current site by comparing the domain with the host name from the
request.get_host() method.
So I tried to remove the SITE_ID from my settings.py and was hoping that Django would check the domain to find the current Site as stated above, howewer this fails with the following exception:
You're using the Django "sites framework" without having set the SITE_ID setting. Create a site in your database and set the SITE_ID setting or pass a request to Site.objects.get_current() to fix this error.
So it seems like although the documentation suggests otherwise, this setting is not ommitable
I understand that using the Sites Framework like this would lead to problems when there is no Request object available to find the current Site, but this should not be a problem in the context of my application.
Is it possible to use the Sites Framework without hard-coding the SITE_ID in the settings file by just checking the current domain of the application?
I am using Django Version 1.9.9 with Python 3.4.3
The best solution is to simply add the Sites framework middleware:
'django.contrib.sites.middleware.CurrentSiteMiddleware'
This automatically passes a request object to Site.objects.get_current() on every request.
To "check the current domain" you need to have a request - as clearly mentionned in the error message :
or pass a request to Site.objects.get_current()
Else how would the code know the "current domain" ?
I have begun to implement authentication throughout my applications in Django and have done this quite successfully with the Django login_required decorator.
However, I notice that this will always reroute to the deafault login URL: /accounts/... which is non-existent for me. I have been doing all my authentication through /admin/...
I imagine that the two are for different purposes (one for the admin users and allow access to the admin console) however, I cannot find any views for the accounts version (vs. admin). My questions are thus as follows:
What is the difference between /accounts/... and /admin/... if they use the same user models?
Are these /accounts/... views built in/templateable? How does one turn them on? Or do I need to create each manually?
Unfortunately I have found the documentation on this topic to be rather confusing and as such any help would be greatly appreciated.
If you are not logged in, Django uses the LOGIN_URL to decide which url to redirect to. By default, this is set to '/accounts/login/'.
If you use a different login url, then you should update your LOGIN_URL setting.
The disadvantage of using the Django admin to log in users, is that non-staff members will not be able to log in using the Django admin.
Django comes with authentication views, including a login view. If you want to allow non-staff members to log in, you should enable it.
The '/accounts/' is just a url that out of best practices most people when handling authentication. There are no built in templates for accounts. the '/accounts/' is just a default placed.
To change the url to fit your applications url, go to your settings.py file and you can add a LOGIN_URL variable to specify which location for the authentication to redirect to. In your case it will look like this.
LOGIN_URL = '/admin'
This will redirect all unauthenticated requests to '/admin'
I have got an Django application that uses the RemoteUserBackend in combination with Apache and mod_auth_kerb to authenticate against Kerberos.
However, this has some drawbacks:
There is no proper logout without closing the browser tab. You may click "Logout" in your Django application, but I would expect to be asked for my credentials when I try to log in again - the latter is not the case. (Side note: It is quite possible for my application that two users want to log in one after another, which increases the lack of comfort and may be problematic when one users performs actions with the other user's rights.)
The application is currently tailored to the Apache/RemoteUser solution, so it does provide no flexibility to switch over to other authentication methods, e.g. authentication against the Django database. The possibility to use alternative authentication methods would also ease the development of the application.
That said, I would like to use a form-based authentication (username/password). This would move the control for the authentication to Django, so login/logout should work properly then. Also, this form could be used as well with different authentication backends, without a need to modify the GUI.
How can this be done? Is there already a solution to this or a project that adresses my issue? Most implementations I saw like the ones in the answers here just use Apache or an LDAP authentication, but not Kerberos.
Related, but unanswered question: Django user logout with remote authentication
Sorry this is delayed. I am the author of the above recommended Kerberos + Django post (roguelynn.com).
For your first issue, take a look at kobo: https://fedorahosted.org/kobo/ - it uses Kerberos + RemoteUserBackend + Apache with Django, but implements a logout mechanism (in kobo/django/xmlrpc/auth.py: https://git.fedorahosted.org/cgit/kobo.git/tree/kobo/django/xmlrpc/auth.py).
http://www.roguelynn.com/words/django-custom-user-models/
That blog post explains quite nicely how to use Kerberos as a Django 1.5 backend authenticator. Hot off the presses as of May 15th. She's got a bunch of nice kerberos examples.
For posterity's sake just in case the blog goes away someday, the author stores her blog posts as static files in her github repo.
https://github.com/econchick/roguelynn/blob/master/_posts/
I have to change the Django's authentication backend (the default is django.contrib.auth.AuthenticationBackend) to one of my own. The problem is that since Django stores the authentication backend for a requested user in the session, it throws errors to me when I try to use the new backend. The option is to delete all the session information. Is there a better way to do this? Or else, what is the most preferred way?
Look at the Pinax project's account auth_backends , there it replaces with own one. I think Pinax code helps you while changing Django's authentication backend.