Have anyone used these 2 django apps together? I want to know how well these 2 gel together along with Django's User Authentication system.
When I mean Django's User Authentication System, I mean I should be able to use decorators like #login_required or grant permission to specific views (or functions in views.py) based on who the user is.
There shouldn`t be any problems there. Django-Socialauth adda new auth backends, and it should works fine with permissions and decorators. And Django resistration just register a user on site, so unless you remove standard auth backend, it will work fine too.
Related
I am evaluating if Firebase authentication to see if it works well with Django/Djangae. Here comes some context
require email/password authentication, able to additional field like job title, and basic things like reset password email.
use Djanage framework (Django that uses datastore as data storage), app engine.
really good to make use built-in authentication tool provided by Django, like session, require-loggin, etc.
Drop-in authentication seems to be a candidate. Does it work with Django authentication, like permission, group, etc.
Thanks for advance.
Firebase authentication only supports login/signup, reset password or email.
but for that you need firebase admin credentials.
For other field you need local model. There is no problem with using django, but also no existing integration I'm aware of, so you'd have to hook it up yourself.
if you want auth-system like firebase and other functionality than you can use social-django-restframework. you can integrate all login system with your django app and control user with inbuilt user model.
I am building a forum website and it requires user functionality, however I think the built in User model is only for the admin site, which is for internal use.
I was wondering if there is a Django package for this purpose? Or have I understood the built in package wrong, that it CAN be used in this case?
django's built in User authentication system IS built for these purposes. Django's admin authentication is nothing different than normal user authentication, it is just a question of permissions.
quotes from docs:
Django comes with a user authentication system. It handles user
accounts, groups, permissions and cookie-based user sessions.
next step for you to read: DOCS
I have got an Django application that uses the RemoteUserBackend in combination with Apache and mod_auth_kerb to authenticate against Kerberos.
However, this has some drawbacks:
There is no proper logout without closing the browser tab. You may click "Logout" in your Django application, but I would expect to be asked for my credentials when I try to log in again - the latter is not the case. (Side note: It is quite possible for my application that two users want to log in one after another, which increases the lack of comfort and may be problematic when one users performs actions with the other user's rights.)
The application is currently tailored to the Apache/RemoteUser solution, so it does provide no flexibility to switch over to other authentication methods, e.g. authentication against the Django database. The possibility to use alternative authentication methods would also ease the development of the application.
That said, I would like to use a form-based authentication (username/password). This would move the control for the authentication to Django, so login/logout should work properly then. Also, this form could be used as well with different authentication backends, without a need to modify the GUI.
How can this be done? Is there already a solution to this or a project that adresses my issue? Most implementations I saw like the ones in the answers here just use Apache or an LDAP authentication, but not Kerberos.
Related, but unanswered question: Django user logout with remote authentication
Sorry this is delayed. I am the author of the above recommended Kerberos + Django post (roguelynn.com).
For your first issue, take a look at kobo: https://fedorahosted.org/kobo/ - it uses Kerberos + RemoteUserBackend + Apache with Django, but implements a logout mechanism (in kobo/django/xmlrpc/auth.py: https://git.fedorahosted.org/cgit/kobo.git/tree/kobo/django/xmlrpc/auth.py).
http://www.roguelynn.com/words/django-custom-user-models/
That blog post explains quite nicely how to use Kerberos as a Django 1.5 backend authenticator. Hot off the presses as of May 15th. She's got a bunch of nice kerberos examples.
For posterity's sake just in case the blog goes away someday, the author stores her blog posts as static files in her github repo.
https://github.com/econchick/roguelynn/blob/master/_posts/
What would be the best approach to implement functionality that can be added or removed depending on the users preferences? What i am trying to do is to have a standard set of apps/functionality for all registered users and allow users to add any extra apps they would like from a list of the ones provided. As stated in the question this is django specific question. However, any information on how this is achieved in any other language will be very helpful. I'm sure there is a lot of information out there since it's very similar to adding apps on facebook.
Don't get confused between django apps (used to split up projects into parts with similar purpose) and a facebook app which is more like a program/widget.
Are you trying to create a platform that allows developers to create apps, or will you be creating all the apps?
Django has a built in permissions model that works with the built in django authentication. https://docs.djangoproject.com/en/dev/topics/auth/#methods, you can create a new permission for each app. Assign that permission to users that are allowed to interact with your app. And check for the permission before allowing a user to use the app.
There are also apps that allow for object level permissions.
I've recently started learning/using django; I'm trying to figure out a way to have two separate authentications systems for administrators and users. Rather than create a whole new auth system, I'd like to leverage django's built-in functionality (i.e. session management, #login_required decorator, etc.).
Specifically, I want to have two separate login tables - one for admins, one for users. The admin login table should be the default table that django generates with its default fields (ie. id, username, email, is_staff, etc.). The user table, on the other hand, I want to have only 5 fields - id, email, password, first_name, last_name. Furthermore, I want to use django built-in session management for both login tables and the #login_required decorator for their respective views. Lastly, I want two separate and distinct login forms for admins and users.
Anyone have any suggestions on how I can achieve my goal or know of any articles/examples that could help me along?
If I understand your question correctly (and perhaps I don't), I think you're asking how to create a separate login form for non-admin users, while still using the standard Django authentication mechanisms, User model, etc. This is supported natively by Django through views in django.contrib.auth.views.
You want to start with django.contrib.auth.views.login. Add a line to your urlconf like so:
(r'^/login/$', 'django.contrib.auth.views.login', {'template_name': 'myapp/login.html'})
The login generic view accepts the template_name parameter, which is the path to your custom login template (there is a generic one you can use as well, provided by django.contrib.auth).
Full documentation on the login, logout, password_change, and other generic views are available in the Django Authentication Docs.
You could potentially write one or more custom authentication backends. This is documented here. I have written a custom backend to authenticate against an LDAP server, for example.
Modify things slightly so that users have a category prefix on their username? You haven't given us much info on what you want to do, it's possible that your needs might be met by using the sites framework, or simply two separate django installs.
If what you're trying to do is make the user login page and the admin login page separate, just use the built in framework as detailed in the docs to create a "user" login page and leave the admin one alone. If you're worried that users will somehow start editing admin login stuff, don't be, they won't unless you let them.