I need a custom user model in Django with only one field to authenticate. Because the users of my website will not have an email or password. They will be logged in with only one string (like token generated immediately). If the string matches with the another string/token defined by my system, the user should be logged in.
How could it be possible?
Thanks
Related
I'm working on small project with Django framework. And as I can implement usage of authentication mechanism, that I can find a solution how to use information about logged user with model I define.
In example. I have model that will store information about QSL cards, and I want to have option that depends on which user is logged, his/her QSL cars will be shown from database.
I search here and in docs.djangoproject.com but without success.
Thanks in advance for any tips or links.
If you try,
user = request.user
Variable user will have currently logged in user object. You can use this user to filter some models objects where user is foreign key. For e.g posts = Post.objects.filter(user=request.user). If you want to get any specific user information, for e.g username. You can try username = request.user.username
I have a RestAPI created with the Django rest framework.
I need to create authentication for the API that will allow access on a predefined by the admin user name and password.
IS it possible with DRF?
Also, I want that every object created will be assigned to the user (which I guess includes using some kind of decorator in the view?)
DRF already ships with BasicAuthentication, which has the user send their username + password with each request. That sounds like what you want. (If it isn't, you can write your own Authentication class.)
To automagically assign created objects to the authenticated user, use CurrentUserDefault on the relevant User field.
I'm using django 1.9.7 and django-allauth to handle my user authentication.
I have a contact form that includes several Fields (including the users email address) which are saved as a model in the backend, from there I am using a ModelForm to display the fields. So far so good.
Now there should be a checkbox, which when checked should add two fields (password, password confirm) and instantly create an account with the email and password provided.
For this I would probably manually create a user object from the view that receives the contact information, but since its security relevant I'm wondering if there is an easy way to call a allauth method from python that creates the user (or even provides the form).
How would I go about this?
Update: So i found the adapter has a method called save_user() which would populate the information and save the new user.I could then add the two password fields to the form and just pass the form in there.
My issue that it would skip all the username and password cleaning, the email confirmation or the auto login after sign up.
You should be able to use the new_user() method in the default adapter. refer here https://github.com/pennersr/django-allauth/blob/master/allauth/socialaccount/adapter.py
I would like to force the user to change their password on first login. Can I do this with the default django authentication system?
In short, yes.
You need to know which users need to change their password. If you don't want to use a custom User model, I would recommend having another model to store the users that need to change their password. You would add the users to this table upon user registration/creation.
Then you could write a very simple middleware to check the current logged user (place it after AuthenticationMiddleware in your settings.py). If the user is flagged as requiring a password change, you could force a HttpResponse (in the middleware) to a custom view with a PasswordChangeForm (which comes out of the box in Django, in django.contrib.auth.forms.PasswordChangeForm), after which you could remove the flag to the user, and redirect them to the home page.
I have been asked to introduce an unusual case and I'm wondering how others would go about it.
I have users in my Django application. The model is a standard user model, authentication. etc. Each one of of these site users can add their own contacts to the system. However my new requirement is to allow their contacts to set a password (if they want to to) so that they can login to their status page (belonging to that user).
So my question is how would you do this? I already have the contact table (which belongs to one user), I'm thinking of adding in a password (optional) field, but then I'm unsure how to handle the authentication for this as they are not my users but members of my users (if that make sense).
One way would be to create another user model for contacts inheriting from AbstractBaseUser. And then creating custom auth backend that would look in both models to login user. Finaly you would have to distinguish between standard user and contact user before every action.
That is if contact user and standard user differ significantly in your application.
Or you could just create custom user in your application, that would contain is_contact attribute. This would be used for both types of users. You would set that as AUTH_USER_MODEL in settings and check before every action for the is_contact attribute to determine the outcome. You could return 403 for the contact user if he tries to access what he's not suppose to.
Or if you use permissions in your application, you could set the contact user's persmissions only to view statuses of the users that added him as a contact and nothing else.