I was using the Django version 3, but then upgraded it to Django version 4(django==4.0.6).
After logging to admin panel of Django project, it said that CSRF token is invalid.
I found this link in Django documentation and tried to put such variable in settings.py:
ALLOWED_ORIGINS = ['https://*', 'http://*']
But it didn't help. What am I doing wrong?
ALLOWED_ORIGINS is not related to CSRF token. To fix problems related to your issue, you must specify the following setting for the project in production mode to settings.py module:
CSRF_TRUSTED_ORIGINS = [
'https://subdomain.example.com',
'https://*.blob.com',
...
]
For reading more information related to this topic you can read CSRF_TRUSTED_ORIGINS in django documentation.
Related
I am currently working on implementing Duo Two-Factor Authentication into my django project. Currently it looks like django-duo-auth is the best package for this. I installed the package and went through the basic instructions on their README:
https://github.com/Elemnir/django-duo-auth/blob/master/README.rst
However this has caused my project to continuously redirect to a nonexistent subdirectory of 'duo' which is what I named the path. For example my app is loaded in XX.XX.XX.XX:YYYY Going to that url auto redirects the page to:
http://XX.XX.XX.XX:YYYY/duo/login/?next=/
Or, XX.XX.XX.XX:YYYY/admin auto redirects to:
http://XX.XX.XX.XX:YYYY/duo/login/?next=/admin
This simply will lead to django's generic base.html that duo_auth_form.html extends
Here are some snippets of relevant code, though it doesn't differ to much from the package's README suggestions
/urls.py
urlpatterns = [
...
path('admin/', admin.site.urls),
path('duo/', include('duo_auth.urls')),
]
/settings.py
INSTALLED_APPS = [
...
'duo_auth',
]
MIDDLEWARE = [
...
'duo_auth.middleware.DuoAuthMiddleware',
]
DUO_CONFIG = {
'DEFAULT': {
'HOST': '<api-host-url>',
'IKEY': '<integration_key>',
'AKEY': '<app_secret_key>',
'SKEY': '<secret_key>',
'FIRST_STAGE_BACKENDS': [
'django.contrib.auth.backends.ModelBackend',
]
}
}
The only difference anywhere from the read me is a slight redirection in the sample do_auth_form.html
where I extend to a subdirectory of my templates i.e. {% extends "dir\base.html" %} at the top of the file.
It appears like this package is fairly new and there isn't a lot of forums for issues so I figured it would be best to ask here. Any help would be appreciated!
I believe this is actually the django-duo-auth package working as intended. The way the middleware works is that after adding it to your project, any authenticated user who was authenticated using one of the FIRST_STAGE_BACKENDS will be checked to see if they've been authenticated with Duo as well, if not, they'll be redirected to the Duo login page at duo/login/ and prompted to complete a Duo authentication, similar to how Django's built-in #login_required decorator redirects an anonymous user to accounts/login/ to log in.
If you have users you don't want to force a second factor for, I would recommend creating a subclass of the ModelBackend that only authenticates for those users. Similar to the approach described in this issue, but inverting the logic:
https://github.com/Elemnir/django-duo-auth/issues/1
I have been trying to setup password reset functionality in DRF using django-rest-auth. Earlier I was getting error TemplateDoesNotExist:registration/password_reset_email.html which I resolved by adding the following code
serializer.py
from rest_auth.serializers import PasswordResetSerializer
from allauth.account.forms import ResetPasswordForm
class PasswordSerializer(PasswordResetSerializer):
password_reset_form_class = ResetPasswordForm
settings.py
REST_AUTH_SERIALIZERS = {
'PASSWORD_RESET_SERIALIZER': 'api.serializers.PasswordSerializer',
}
However, Now I am getting into another issue - "NoReverseMatch: Reverse for 'account_reset_password_from_key' not found. 'account_reset_password_from_key' is not a valid view function or pattern name.". And haven't found any solution or workaround for this.
Any help would be appreciated.
So, finally I got the password reset functionality working. Here is how it goes -
We just need one URL in our urls.py -
urlpatterns = [
url(r'^account/', include('allauth.urls')),
url(r'^rest-auth/', include('rest_auth.urls')),
# This is the only URL required for BASIC password reset functionality.
# This URL creates the confirmation link which is sent via e-mail. All of the rest
# password reset features get their reverse lookup via django-allauth and django-rest-auth.
url(r'^password-reset/confirm/(?P<uidb64>[0-9A-Za-z_\-]+)/(?P<token>[0-9A-Za-z]{1,13}-[0-9A-Za-z]{1,20})/$', TemplateView.as_view(), name='password_reset_confirm'),
url(r'^rest-auth/registration/account-confirm-email/(?P<key>[-:\w]+)/$', allauthemailconfirmation,
name="account_confirm_email"),
url(r'^rest-auth/registration/', include('rest_auth.registration.urls'), name='account_signup'),
]
Using this URL configuration raised TemplateDoesNotExist at /api/rest-auth/password/reset/ error first. After a lot of debugging, I found that the issue was raised for the template - registration/password_reset_email.html which resides under the Django Admin's template directory. This happened due to another Django app that I was using and it had disabled the django admin app.
So, adding 'django.contrib.admin' under INSTALLED_APPS and removing the serializers resolved the issue.
I hope this resolves issue for others as well.
PS: Debugger is your best friend. ;)
I have fully created a Django website with python-social-auth for facebook authentication and have hosted it on heroku(free version). The problem however is,that my Facebook authentication,which was working perfectly locally,is not working and it throws an error as follows:-
Given URL is not allowed by the Application configuration: One or more of the given URLs is not allowed by the App's settings. It must match the Website URL or Canvas URL, or the domain must be a subdomain of one of the App's domains.
I have configured my facebook settings , wherein the site url is the one hosted on heroku (https://quiet-hamlet-3248.herokuapp.com/). Also,I haven't changed my API keys/secret.
Any help would be appreciated.
So I just figured it out.
As mentioned here , one needs to update his settings file to include the line SOCIAL_AUTH_REDIRECT_IS_HTTPS = True
This is because heroku fails to pass the headers required to identify the app.
I'm trying to set up auto documentation generation using tastypie swagger, as documented here. However, Django doesn't seem to be a fan of the following line in my setup:
TASTYPIE_SWAGGER_API_MODULE = 'mainsite.urls.api'
as evidenced by this error when I try to hit /api/doc:
ImproperlyConfigured at /api/doc/
mainsite.urls is not a valid python path
I am working off of a Django 1.4 project I found online to introduce myself to some of the technologies. The Django structure looks like this:
project_directory
src
urls.py
manage.py
settings.py
etc...
app
models.py
views.py
api.py
etc...
Any ideas?
You're not supposed to cut and paste 'mainsite.urls.api'. You're supposed to replace it with your tastypie api that you created according to the tastypie docs.
Specifically, see here:
http://django-tastypie.readthedocs.org/en/latest/tutorial.html#adding-to-the-api
If you blindly copied the tastypie setup instructions, you should have something like:
TASTYPIE_SWAGGER_API_MODULE = 'urls.v1_api'
I had this error with the current (March 2016) version of tastypie-swagger. The setting for me that worked was this:
from tastypie.api import Api
v1_api = Api(api_name='v1')
v1_api.register(MyResource())
urlpatterns = [
...
url(r'^api/', include(v1_api.urls)),
url(r'api/v1/doc/',
include('tastypie_swagger.urls', namespace='api_tastypie_swagger'),
kwargs={"tastypie_api_module": v1_api, "namespace": "api_tastypie_swagger"}
),
]
so tastypie_api_module is v1_api without quotes
hey guys, im trying to internationalize my site, so i have the django cms multilingual middleware class in my settings.py , when viewed from brasil, the url changes to
www.ashtangayogavideo.com/pt/ash/homepage/ resulting in a 404, because my site is in www.ashtangayogavideo.com/ash/en/homepage, how can i configure the middleware, or settings.py, so that the language code is added after the /ash/ ? .
Sounds like you need to modify your urls.py, not your settings or middleware.