I am trying to setup python-social-auth to authenticate users from Vk. I have a standard setup as written in docs with normal pipeline. The problem is that when user tries to log in:
'social.pipeline.social_auth.social_user',
always returns admin user. Basically, any user which tries to log in is associated with admin account. Any ideas why it happens and where to look at?!
Ok. I have found the answer. The problem was that I had already social auth association between UID and user which was recorded in DB. After removing the wrong association everything was working like a charm. Thanks to all who tried to help!
Related
Is there a way to set up the django authentication model where, instead of a password, users put in their email address, and then are emailed a link that they click on to login with? If so, are there any tutorials on how to set this up?
Yes, there is.
You'll either need to hope there is already a module out for this, otherwise you will have to write your own way of authenticating.
I'll give a rough estimate of how it's gonna work.
First, you will need to create a class inheriting from AbstractBaseUser
Set the username field to email, still include password fields. They are required.
Then, you will need to create a manager for that custom base user.
the user manager must have two methods: create_user() and create_superuser()
Then, in a view, have user enter their email address, and then generate a token with Django's default_token_generator, and send that token via e-mail to the user.
Create a view which accepts the token, and logs the user in.
I highly advise you to take the docs as your guide. This might get relatively complicated.
More info on the Django Docs
Side note: This will not be as secure as email and password validation. If a user's email gets hacked, the hackers will instantly know not only which site they can target, but also get a free pass to access.
Alternatively; check out Django AllAuth, they provide lots of ways to authenticate, including with Gmail or Facebook. There are some great tutorials online, but you'll have to do some googling. ;)
I am building a django application in which user will be able to sign up or sign in only via their EBay account, no email/username or password required. I couldn't find any authentication library for EBay though there are many for google, facebook, twitter etc.
So I got the EBay part working. EBay basically returns (on consent of user) Email and a IEFS token which is unique to that user and wont change. I want to use those two fields only to create a authenticate user across whole application. I don't want username, emails, firstname, lastname or password that ships with django User model. The documentation is quite big and I am confused where to start, any proper suggestion will be big help. Thank you.
Here is a bit of insight, the code is yours to make :
You can extend the user model from Django and decide which field to use, you could for example create a Ebay ID field Abstract User
Once this is done you want to add the ebay ID to an user, just create an account with email and ID, the user won't need any more info
Finally allow user to connect only by email, either by overriding custom login from Django or using a package like Django Allauth
Please note that unless your site is accessible only by Ebay users, allowing user to connect with email/password is recommended.
It is perfectly doable, just make good use of the documentation
I am trying to authenticate my django application written in python with okta IDP. I have almost configured everything at SP side and IDP side too. Now I need to pass a custom variable from IDP which assert SP that user is a publisher,editor or admin and further save this to the django format database (in auth_user_groups table). Anyone have tried doing this, or anyone has idea about this?
I am able to get the custom variable values by attributes mappings from IDP. But this allows me to save the custom attributes only on the user table. please let me know if i have not made myself clear here about my question.
Once again I have a privilege to answer my own question. So hear is the solution.
Django has a user profile module which is to be turned on by giving the module location in the settings.py
i.e -
"AUTH_PROFILE_MODULE = appTitle.UserProfile"
The UserProfile needs to be specified in modules.py specifying the required structure of user profile u need for your app.
Now doing sync -db django creates the Database table for your user profile and further on the same user profile pysaml adds the value (CustomAttribute) which come on the saml Assertion.
more explanations on this can be found on django documentations too.
If any one still faces any issue please let me know.
I need to authorise a user on my Django powered site, but...
The user is not part of the Django user system (user table). However, I would it to behave like they have an active session just like they had logged like as a normal user.
Is this possible with Django, does Django support this sort of scenario?
I'm looking to be pointed in the right direction as I'm struggling to find information.
Well how are you going to authenticate the user if they are not in Django user system?
If there is another table or some other way you want to authenticate a user, you can write a custom authentication backend and plug it in. See django documentation on this.
Looks like django-lazysignup does exactly what you are looking for.
I'm looking at the API for authentication
https://docs.djangoproject.com/en/1.3/topics/auth/
I can't seem to find information on simple user registration form that would send confirmation email as it is the usual way on web sites.
I guess I could do this:
1) Display a form
2) User enters info and submits
3) Save user as inactive, with a confirmation code
4) Send a link with confirmation code
5) User clicks a confirmation link and becomes active
It doesn't seem that difficult but I have a feeling this might be done already, and also there are quite a few edge cases that would need to be considered.
It's not built into Django. There is a reusable app called django-allauth, which will fit your needs.
An app called django-registration used to be recommended, but that is now unmaintained and out of date.
Editor note: django-registration is not unmaintained as of December 2016.
While django-registration used to be the registration system du jour, it has been abandoned by the maintainer and doesn't work on Django 1.6 without patching.
Try maybe django-allauth - I would have used it if I had known about it when I was looking. (As it turned out, I found this question first and used django-registration, wasting a lot of time.)
EDIT 10/2016: Looks like django-registration is maintained again. It's on GitHub now: https://github.com/ubernostrum/django-registration
You can do this:
Define a function to activate the user (i. e. def
activate(request))
Configure in the url.py the route to that function (i.e /activate/)
Create a form to register user
Create the post function to create the user
When you create the user set field 'is_active' to 0.
In the same function send the email with a link inside, this link must have the target as the configured route