I'm currently developing 2 different sites at the same time: one of them is a heavily customized django-admin interface, and the other a "stand-alone" website that will share it's database with the previous one .
Even though they are related, I'd like my users not to loosely identify between the two sites : they are both able to be independant of the other.
However, a problem arises when someone is logged in the "admin" site : when they go to the other website, they are automatically logged. Won't happen the other way unless I allow it though, as the admin site requires special permissions in the User model.
I already created an UserProfile that can differentiate an user of one of the sites or of the both.
So, knowing all this, how can I make sure that the customers of the admin site don't get to be authenticated when in the other web site (without, of course, logging them out from the first one) ?
Thanks !
EDIT : To format it better, here is what I got , summed up :
One admin application / site Both running
One related application / site on same server,
sharing settings and urls.py
If some is logged in admin, I want to require them to create a new session to log on [related site] : this, without logging them off the admin site.
What changes should I do to this configuration to achieve this ?
Put different SESSION_COOKIE_DOMAIN and SESSION_COOKIE_NAME for each appication. Hope this solve your issue.
SESSION_COOKIE_DOMAIN = 'site1.com' #site2.com for other
SESSION_COOKIE_NAME = 'sid1' #sid2 for other
Related
I'm trying to activate social logins in my Django web application, which comes from open source software in this GitHub repository (so I didn't write it); and am running into this well-known issue:
DoesNotExist: SocialApp matching query does not exist.
The base settings file is located here. I do not modify that file at all. Instead, I import (inherit) it at the top of my deploy.py settings file, and make overrides and customization there.
Specifically related to this issue, here are the relevant overrides and additions that I made in deploy.py to enable Google and Twitter social authentication, both of which result in the same error:
INSTALLED_APPS.remove('allauth.socialaccount.providers.persona') # Remove
INSTALLED_APPS.append('allauth.socialaccount.providers.google') # Add
INSTALLED_APPS.append('allauth.socialaccount.providers.twitter') # Add
_GOOGLE = {
'SCOPE': ['email', 'https://www.googleapis.com/auth/userinfo.profile'],
'AUTH_PARAMS': {'access_type': 'online'},
'PROVIDER_KEY': get_env("GOOGLE_PROVIDER_KEY"), # Stored in secrets.env
'PROVIDER_SECRET_KEY': get_env("GOOGLE_PROVIDER_SECRET_KEY"), # Stored in secrets.env
}
SOCIALACCOUNT_PROVIDERS['google'] = _GOOGLE # This isn't enabled in biostar.settings.base
_TWITTER = {
'SCOPE': ['email'],
'AUTH_PARAMS': {'access_type': 'online'},
'PROVIDER_KEY': get_env("TWITTER_PROVIDER_KEY"), # Stored in secrets.env
'PROVIDER_SECRET_KEY': get_env("TWITTER_PROVIDER_SECRET_KEY"), # Stored in secrets.env
}
SOCIALACCOUNT_PROVIDERS['twitter'] = _TWITTER
I show two provider examples here -- Twitter and Google -- to show the pattern of what I am doing, and to show that the issue isn't provider-specific; though let's try to focus on just Twitter to keep things simple.
Now according to this document -- which comes from a close fork of the above project -- in addition to what I implemented above (programmatically), it is necessary to also set up the same Social Accounts and the Keys/Secret-keys for them in the Social Apps section of the Django Admin panel. (Note that that fork was worked on by more-or-less the same team; so this requirement likely applies to the original upstream implementation, as well). The relevant part of that document instructs the following:
After restoring, you need to re-enter social login info.
Unfortunately, even though this information is required to be in the config
environment that initializes biostar, it also requires it
(redundantly) to be in the database as well. So go to the Django Admin panel
and click on Social Apps and then go through each app and fill in the
appropriate values.
So I went ahead and did that, too.
No matter what I try (different providers, different keys, django panel additions, no django panel additions, etc), I get the aforementioned exception, as though I'm missing a step.
Incidentally, I tried both key-pairs for Twitter (because I always forget which pair to use; so tried both Consumer Key (API Key) + Consumer Secret (API Secret) and Access Token + Access Token Secret, though it's really the former from what I read online). Just mentioning this for completeness.
What am I missing? Any ideas?
Thank you in advance! :)
EDIT-1: Here is a full paste of the exception: https://pastebin.com/0UBAfAtu
I was getting the same error again and again and solve with this ..
The reason we get this error SITE_ID = 1
When "SocialApp matching query does not exist" occurs,
this ID needs to be replaced.
SITE_ID = 1
hope for anyone else facing this issue will get help for this.
Following below steps will resolve this issue:
Go to your database table named django_site.
Look at the id number of the site mentioned as a chosen site in the Social Applications.
Now configure SITE_ID to id number in setting.py of the Django project.
I had a similar problem and as people have said, you need to know the SITE_ID!
You have to make sure that on the Django admin dashboard, you have added your social application under SOCIAL ACCOUNTS.
When you're creating the social application, make sure that have listed the right websites for "chosen sites". If you're on local development, paste your computer IP in there. There will be a new SITE_ID associated with each "Chosen site" that you add to your application. Make sure you're using the right one that's associated to your IP. Personally, after adding my IP, I then just played and incremented my SITE_ID variable until it worked.
Posting this in case someone in a similar situation in the future lands on this page.
I'm a LAMP developer and i've just started learning/writing code in python/django ... i like it so far but i have problem with couple of pre-built in apps/components and i like to write them from scratch on my own .
most notably admin section AND authentication/registration
i have lots of reason for that but mostly because my native language is not english and the END USER doesn't speak any.i dont like the way admin looks and represents the data , i like to use ajax for most of my forms , i need lots of extra functionality in admin which django doesn't offer out of box and i don't like to hack into it and ...
so with that in mind i'm going to ask my questions
1 - how should i structure my admin section ?
admin section basically has the same apps as the user section but with different functions so ,
should i add those functions in the same view as user functions ?
can i make like 2 views in a app ! or a sub directory containing admin view in each app ?
or create a directory in the root and copy all the apps there for admin ? ( the last resort would be split them in 2 different websites with the same app and put them in 2 host on the same server )
basically 2 websites (1 for admins / 1 for users) using 1 database
2 - auth/registration , i want to write my own code for handling these mostly becuz i dont want my admins and users to be stored in the same table(in database) also they have different columns and different data needs to be stored on registration
i've seen django contrib.auth in action it seems nice and easy , but can i easily modify it to have 2 different sets of login/register form working with 2 different tables?
if not i have to write my own code , so i have this sub-questions ( i like to know answer to these anyway)
2-1 i need to check if users is logged and if so read it from database on every view , how can i make a function run before every other functions in any view ?
something like
from .models import user
def currentUser(request):
thisUser = user.objects.get(id= request.session.get('user_id') )
can i run currentUser function on every reques and make thisUser available like a global variable to every other function/variable ( i guess i can somehow attach it to request which is passed on to every other functions in views ) or should i switch to use classes for views and solve this by inheritance/constructor function
2-2 the basic mechanic of authentication on other technologies (im a LAMP developer) is to store logged user id in a session and in each httprequest check that session to see if contains user id if so he/she is logged and would be red from database and if not user is not logged ... is there anything different in python/django that i should know or it's the same here ?
2-3 if i create 2 different app that work with the same table(database) for example auth app for registration and login , user app for editing user information and other stuff
what is the right/preferred way to create models ? should i define them in 1 app like user app
user/models.py
class user(models.Model):
username = models.CharField(max_length=20)
name = models.CharField(max_length=100)
and include them on the auth views ?
auth/views.py
from .models import user
def login():
loggedUser = user.objects.get(username=request.POST['username'])
if so does authapp needs a model at all ?
There are a lot of Django admin plugins that exist. Some might do everything you need or only require minor modification. If you still want to write your own from scratch I suggest you study a few of them to get ideas. Check out this page for a good list.
As for the specific things you want to accomplish those are more specific questions than "what is best" format. I suggest you try to implement it and open a new question when you run into trouble.
I will help you with the first question by saying I have never been a fan of two sites for frontend/admin and even Django admin agrees by name spacing everything under the url /admin so routes don't collide.
Also the second, use the Django auth and simply extend it to do what you want. It ties into a lot more than you think. Admin/user accounts in the same table is not inherently a risk, separating actually requires more code which is where risk is introduced.
The last thing you want to do when adopting a framework is to immediately start throwing away huge parts of it. Try to get it to do what you want, then customize. I am sure you will find the framework to be malleable to your needs.
Disclaimer: I asked the question also at Google+, but I'm not sure how active the community there is
I'm struggling with Django CMS' permissions, and the documentation remains unclear for me.
I have the following requirements:
All CMS pages should be available only for authenticated users
Editing shall only be allowed to staff
Some pages should be only visible to a certain group
I don't find the way to achieve this. Could you point me to the right combination of settings?
Here are some more specific questions:
How does the "Login required" in the page permissions form relate to the other permissions you can set on the page?
If once set a view restriction for "this and all children", how can I remove it on a child page?
Why does CMS_PUBLIC_FOR not have a value for "Authenticated users"?
Is there a way to just restrict viewing of all CMS pages to authenticated users without restricting by a specific group?
Would be great if anyone had some hints.
Thanks!
I found a solution myself now:
First I wrote a custom middleware that redirects all requests to Django CMS pages to the login. Then, I removed the “can view pages” permission from all groups and all global permissions for non-staff.
Finally I removed all view restrictions on the page root and set them only on the particular pages which should be restricted.
If you are interested about some more findings in Django CMS' permissions: I blogged some thoughts about it here: http://blog.webrunners.de/2015/09/08/django-cms-permission-pitfalls/
I got subdomains setup via django-subdomains and the django sites framework but I got problem and that is that I don't know how I can link Users to have access to only a certain subdomain. For example user1 from company1 only has acces to company1.arandomdomain.com
Found the answer here How to get unique users across multiple Django sites powered by the "sites" framework?
In short you have to write your own authentication backend to check for they condition you need to check. See docs here https://docs.djangoproject.com/en/1.7/topics/auth/customizing/#writing-an-authentication-backend
In my case I had to check first if the user is an admin so he/she can go and otherwise I had to check the userprofile which is linked a site and match that to the current site.
I'm supposed to build some Django apps, that allow you to administer multiple sites through one backend. The contrib.sites framework is quite perfect for my purposes. I can run multiple instances of manage.py with different settings for each site; but how should django's admin deal with different settings for different sites, eg. if they have different sets of languages, a different (default) language? So there are some problem s to face if you have to work on objects coming from different sites in one admin...
I think settings.ADMIN_FOR is supposed to be quite helpful for cases like this, but theres hardly any documentation about it and I think it's not really used in the actual Django version (?).
So any ideas/solutions are welcome and much appreciated!
Thanks a lot...
There is an old blog post by James Bennet which might be helpful:
Create a new Site object in your admin for each domain, and put the id of that Site into its settings file as SITE_ID so Django knows which site in the database corresponds to this settings file.
In the settings file for your original site (the one with id 1), add the other sites’ settings files to the ADMIN_FOR setting, to let Django know that this one instance of the admin application will handle all of the sites.
As documented ADMIN_FOR (for which i can not post link) should be a tuple of settings modules much like INSTALED_APPS is a tuple of django app modules.
Note that blog post is from 2006 so it uses a bit outdated API.