Is there any way to logout from all devices where I have logged in as admin in Django admin panel?
The site has already been deployed to heroku server
you can manually delete all sessions you have in your database.
from django.contrib.sessions.models import Session
Session.objects.delete()
There is no such option, one idea is to delete that user and recreate super user.
Change superuser password.
Related
I created a mock user profile in Django admin in the admin/auth/user
view and assigned the user with all permissions (active, staff status, superuser status). In admin/<app_name>/user I gave the user all authorization permissions. This user was created to test different permissions set for them on the admin panel. I have verified that this user model was created.
In the Django admin panel with the mock user, when I hit view site and enter the home view of the django application, the post request to the home page returns a different user as opposed to the current admin. Why is the HTTP request rendering a different user instead of the admin user? In the following example, my Admin site welcomes the mock user I created (Test), but when I click 'View Site' the user is different from the 'Test' user. I only have 2 users created for the Django app.
Is there a way to add/enable log entries for all crud action in all models by any user?
from django.contrib.admin.models import LogEntry
#this seems to exempt from logentry actions by non-admin users
return LogEntry.objects.all()
DRF-TRACKING APP
If you're working with the Django rest framework, drf-tracking gives a straight solution.
Lets say I have a user abc logged in to my django system. Now when I see my profile or any action that requires authentication I can do it.
And now from my database I deleted the user abc and tried to access the view that requires authentication or some validation then it goes in infinite redirect loop.
But when I logout the deleted user by /account/logount and access the view its fine.
How can I logout even after the user is deleted.
How can I delete the authentication after user is deleted ?
If you are using the default of django sessions you can go and delete the session from the database. These are stored in the django_session table.
Edit:
There is a django admin command to clear all expired sessions if you don't want to modify your database more. https://docs.djangoproject.com/en/1.8/ref/django-admin/#django-admin-clearsessions
Edit 2:
You can also delete the session cookie in the browser by opening the developer tools and going to the cookie storage and finding the session cookie and deleting it there.
After you delete your user in your code call
from django.contrib.auth import logout
logout(request)
I have install Django admin & created some active user & group by admin page.
I need to do login form & views, which will check if user is valid or not do task in the basis of permission.
I have tried following steps.(for reference)
Copied admin login.html for testing & paste it foo_project/templates/registration/login.html
Added in urls.py
from django.contrib.auth.views import login
url(r'^login/', login),
Now by running 127.0.0.1:8080/login
When I am entering valid user-name & password its trying to open /accounts/profile/ & it's not found in urls.py. And if I am entering invalid username or password its doing nothing.
So I simple need to link a page if login successful(user created by admin) & check which type of permission & group he is.Admin created auth_user table in my db.sqlite3
I am new to Django & using version 1.6.
I read document & tried built-in login() in views.py. Got unsuccess.
Is there any built-in for above need. Please describe in depth if possible.
In settings.py create this entry:
LOGIN_REDIRECT_URL = "your_redirect_url"
The user will be redirected to this page after login. Then on the url you will create which will respond to "your_redirect_url" (and should be defined somewhere in your urls.py), you can check the permissions, or groups. For more help about checking permissions, groups, you can find it here.
The login_required decorator can be really useful on implementing your view for your "redirect_url", because you don't want anonymous users accessing to this part of the site, right?
There is an edit page on my GAE app only the admin can log in. It works well on GAE server. But on the local dev machine, when I go to
http://localhost:9080/editpage
it says
Current logged in user test#example.com is not authorized to view this page.
How can I change test#example.com to my admin account?
I use python.
You can go directly to /_ah/login and change who you're logged in as. (Or to log out, or to change user/admin-status.)
You have already logged-in as test#example user, clear browser data and try again.
In the login page, check the checkbox "Sign in as Administrator" to login as admin.