So I have Users (from django.contrib.auth.models import User) and UserProfiles. in my UserProfile view there is an edit link. This edit link allows a User to change their User settings. In the password section of the form I see help text that says:
"Use '[algo]$[salt]$[hexdigest]' or use the change password form."
The "change password form" is actually a link to http://127.0.0.1:8000/user/1/user_edit/password/, when I click the link I get an error message saying:
ViewDoesNotExist at /user/1/user_edit/password/
Could not import testdb.views.django.contrib.auth.views. Error was: No module named django.contrib.auth.views
I've been following the documentation: https://docs.djangoproject.com/en/dev/topics/auth/
What am I doing wrong? I hear that this should use djangos templates, do I need to copy those over to my apps template folder? if so, where are they?
URLS.PY
from django.conf.urls.defaults import patterns, include, url
from django.contrib import admin
admin.autodiscover()
urlpatterns = patterns('testdb.views',
url(r'^$', 'index'),
url(r'^^user/(?P<user_id>\d+)/$', 'user_detail'),
url(r'^user/(?P<user_id>\d+)/user_edit/$', 'user_edit'),
url(r'^user/(?P<user_id>\d+)/user_edit/password/$', 'django.contrib.auth.views.password_change', {'template_name': 'password_change_form'}),
)
You have a wrong URL pattern defined: Django tries to find testdb.views.django.contrib.auth.views as you define the password_change view inside patterns('testdb.views',.
Add a second pattern:
urlpatterns += patterns('django.contrib.auth.views',
url(r'^user/(?P<user_id>\d+)/user_edit/password/$', 'password_change')
)
That should resolve your issue.
cfedermann has a solution to your issue, but I'm confused as to why you've defined the password_change URL in the first place. This functionality is built-in to the admin, and - like all the other admin pages - the URL is defined already by the admin code itself.
Related
I'm a newbie to Django and I know this probably has been asked alot of times.
So basically what's happening is when I try to create a new project and whenever I'm trying to run my server, by default it's opening http://127.0.0.1:8000/catalog/ and not http://127.0.0.1:8000/.
Even if I run the server with my other projects, I'm facing the same error.
I followed this django basics tutorial on https://developer.mozilla.org/en-US/docs/Learn/Server-side/Django/skeleton_website
Idk but somehow I think it's default address is set to http://127.0.0.1:8000/catalog/.
Here's the link to the repo for the project:
https://github.com/Fanceh/django-404-error
Here's my project's urls.py:
from django.contrib import admin
from django.urls import path, include
from testuapp import urls
urlpatterns = [
path('admin/', admin.site.urls),
path('',include("testuapp.urls"))
]
Here's the code in my testuapp urls.py:
from django.urls import path
from . import views
urlpatterns = [
path('', views.testu),
]
Here's my webapp's views.py file:
from django.shortcuts import render
# Create your views here.
def testu(request):
render(request, 'Greetings!')
Is there any way I can change it?
Regards
From the tutorial link it mentions the redirect.
Any request for the root URL, will redirect you to /catalog.
Screenshot from the tutorial below.
HTH
so i assume you are below url pattern structure in your testuapp project.
urlpatterns = [
path('catalog',include("views.catalog"))
]
views.calalog is the name of the method in your view file.
Ok I think I figured it out, it's just the chrome cache. I cleared it and bam it's working!
I am a beginner in django (django 1.7 python 2.7).
I am trying to add no captcha recaptcha onto my django reset password form.
I am trying to use this recaptcha djano plugin.
I have followed the instructions and added the necessay settings:
Installed django-recaptcha to the Python path.
Added captcha to the INSTALLED_APPS setting.
Added the following to my settings.py file:
RECAPTCHA_PUBLIC_KEY = '76wtgdfsjhsydt7r5FFGFhgsdfytd656sad75fgh' # fake - for the purpose of this post.
RECAPTCHA_PRIVATE_KEY = '98dfg6df7g56df6gdfgdfg65JHJH656565GFGFGs' # fake - for the purpose of this post.
NOCAPTCHA = True
The instructions then advise to add the captcha to the form, like so:
from django import forms
from captcha.fields import ReCaptchaField
class FormWithCaptcha(forms.Form):
captcha = ReCaptchaField()
How do I access the built in reset password form? As a beginner, I suspect that I have to customise the built in reset password form, but how do I do that? I am not even sure where the built in reset password form is. An example of how to customise the build in reset password form or a push to a tutorial would be handy.
I have searched SO & google, but could not find anything suitable.
You want to customise the PasswordReset view. By default, it uses the PasswordResetForm, which you can customize.
# in e.g. myapp/forms.py
from django.contrib.auth.forms import PasswordResetForm
class CaptchaPasswordResetForm(PasswordResetForm):
captcha = ReCaptchaField()
...
Then in your urls.py, import your form, and use the form_class to specify the form.
from django.contrib.auth import views as auth_views
from django.urls import path
from web.forms import CaptchaPasswordResetForm
urlpatterns = [
path("accounts/password_reset/", auth_views.PasswordResetView.as_view(form_class=CaptchaPasswordResetForm)),
]
For Django < 1.11, you need to customise the URL pattern for the password_reset view, and set password_reset_form to
from django.contrib.auth import views as auth_views
from myapp.forms import CaptchaPasswordResetForm
urlpatterns = [
...
url(
r'^password_reset/',
auth_views.password_reset,
{'password_reset_form': CaptchaPasswordResetForm},
)
]
For more information about including password reset views in your urls, see the docs.
I only want to allow people to sign up or log in with their social account. I have the social sign up and log in working, but I cant figure out how to disable the local sign up.
I've read the docs and this sounds close to what I want
ACCOUNT_FORMS (={})
Used to override forms, for example: {‘login’: ‘myapp.forms.LoginForm’}
It seems like I can make a new sign up form and only include the social log in link, but I was hoping there is any easier way that I'm overlooking. I'm still new to this all so I tend to miss the obvious a lot still.
I also tried changing the code below to False, but that disabled social sign up as well.
allauth.account.adapter.py
def is_open_for_signup(self, request):
"""
Checks whether or not the site is open for signups.
Next to simply returning True/False you can also intervene the
regular flow by raising an ImmediateHttpResponse
"""
return True
Change templates and urlpatterns
You would have to change both the templates (login, signup, etc.) and urlpatterns provided by allauth by default, which relate to the classic signup/login flow using email.
Changing/reducing the available routes via the urlpatterns ensures that only the routes are available that should be there. HTTP error 404 is then shown for any attempt to hack into existing allauth default functionality (related to email) if you do it right.
Changing the templates can ensure that the user interface does not provide what is related to email-based authentication.
No easy option available
Unfortunately, as of today there is no easy switch or setting to simply disable email-based signup and authentication with django-allauth. More details may be on GitHub in future, see:
Issue #1227 ("Social only: disable all local account handling by means of a simple setting")
Issue #345 ("How to disable form login/signup?")
Sample: urls.py
An urls.py like this will work with the current django-allauth (v0.30.0) on Django 1.10:
from django.conf.urls import include, url
from allauth.account.views import confirm_email, login, logout
from allauth.compat import importlib
from allauth.socialaccount import providers
providers_urlpatterns = []
for provider in providers.registry.get_list():
prov_mod = importlib.import_module(provider.get_package() + '.urls')
providers_urlpatterns += getattr(prov_mod, 'urlpatterns', [])
urlpatterns = [
url(r'^auth/', include(providers_urlpatterns)),
url(r'^confirm-email/(?P<key>[-:\w]+)/$', confirm_email, name='account_confirm_email'),
url(r'^login/$', login, name='account_login'),
url(r'^logout/$', logout, name='account_logout'),
url(r'^signup/$', login, name='account_signup'), # disable email signup
]
The solution wasn't what I originally thought. The much easier way to do this, instead of changing the forms, was to change the template and just remove any other options in that template.
My page now correctly only shows social auth and I am happy.
If anyone has a better or more secure answer I'd be open to it. Being new still, I don't know if this is the best solution, but for now it seems great and will mark as answered.
Ok, here is the thing. If you are not using any social account to link to your users, then it's very simple to finish the task you described by simply only include urls you need. However, if you need to use social account to link your users, then you have to include all urls because most third party application will not certify the request from your app. they only accept request from allauth.
from django.urls import path, re_path
from allauth.account import views as accountviews
urlpatterns = [
path('admin/', admin.site.urls),
# remember to comment out the following line since it will
# include all urls from allauth lib
# path('accounts/', include('allauth.urls'))
]
# assume you only want singup page and login page from allauth
urlpatterns += [path("acc/signup/", accountviews.signup, name="account_signup"),
path("acc/login/", accountviews.login, name="account_login")
]
For an extra little bit of security I want to change the default django admin url to the custom one, e.g. change mysite.com/admin/ to mysite.com/mysecretadmin/ so that admin is completely unaccessible via default url.
I tried some solutions from the internet, for example I changed urls.py like this:
from django.conf.urls import patterns, url, include
from django.contrib import admin
admin.autodiscover()
urlpatterns = patterns('api.views',
...,
...,
url(r'^secret-admin-url/', include(admin.site.urls)),
)
Nothing worked for me, sadly. Does anyone know the solution? I use django 1.5.4.
Refer to the section 'Hooking AdminSite instances into your URLconf' in the url
below
https://docs.djangoproject.com/en/dev/ref/contrib/admin/#hooking-adminsite-to-urlconf
For those who find this question in recent times. Based on the Django 3.1 docs:
register the default AdminSite instance django.contrib.admin.site at the URL /admin/:
# main project urls.py
from django.contrib import admin
from django.urls import path
urlpatterns = [
path("admin/", admin.site.urls),
]
you can simply change the admin/ url to anything you wish:
urlpatterns = [
path("my_custom_url/", admin.site.urls),
]
If you do not want to use the default page /admin you can add a secret key to admin. So in urls.py
urlpatterns = [
path('admin_eTiOmEthelInEwathbace/', admin.site.urls,),
]
If in your template you have a link
Admin
then this will reference to the above site with url: http://127.0.0.1:8000/admin_eTiOmEthelInEwathbace/
Now you do not want to publish this secret_key, therefore get it from an environment variable with for example decouple, so urls.py then becomes
from decouple import config
SECRET_ADMIN = config('SECRET_ADMIN')
urlpatterns = [
path(f'admin_{SECRET_ADMIN}/', admin.site.urls,),
]
If you want to prevent brute force or dictionary attack and your admin login page not accessible for unauthorized user,normal user. please follow this step:
First install django admin honeypot and signal
pip install django-admin-honeypot(inastall in settings.py)
pip install django-honeypot-signals(inastall in settings.py)
override this .txt file(because future tag is deprecated):
templates/honeypot_signals/notification.txt:
{% load i18n %}
{% blocktrans with site_name=site.name %}
{% endblocktrans %}
Invalid login attempt from your duplicate ADMIN panel..
• Review entry at http://{{ site.domain }}{% url "admin:admin_honeypot_loginattempt_change" object.id %}
Username: {{ object.username }}
IP: {{ object.ip_address }}
Timestamp: {{ object.timestamp }}
django-admin-honeypot make a fake admin login page and django honeypot signal send email to admin with credentials if any person try to access your fake admin login page.
How to access main admin login page?:
pip install django-decorator-include
Your main urls.py:
from django.contrib import admin
from django.urls import path
from django.urls.conf import include
from . import settings
from decorator_include import decorator_include
from django.contrib.auth.decorators import login_required, user_passes_test
from django.core.exceptions import PermissionDenied
from django.core.mail.message import EmailMessage
from datetime import datetime
from django.views.generic.base import RedirectView
def only_user():
def check(user):
if user.is_authenticated and user.is_superuser or user.is_staff:
return True
time = datetime.now()
message = f'----------------------------------\nName: {user.username}\nEmail: {user.email}\nTime: {time}.\n----------------------------------\n • {user.username} is not a staff user or admin.For some security reasons..Please block this user from your admin panel(Blacklist).'
email = EmailMessage(
f'📛📛📛Alert!! {user.username} is try to accessing your admin panel!!',
message,
settings.EMAIL_HOST_USER,
[settings.EMAIL_HOST_USER],
)
email.fail_silently = False
email.send()
raise PermissionDenied
return user_passes_test(check)
urlpatterns = [
path('', include('product.urls')),
#This is all fake admin urls...
path('admin/', include('admin_honeypot.urls',
namespace='admin_honeypot')),
path('site/admin/',RedirectView.as_view(url='/admin')),
path('user/admin/',RedirectView.as_view(url='/admin')),
path('secure/admin/',RedirectView.as_view(url='/admin')),
path('mysite/admin/',RedirectView.as_view(url='/admin')),
path('admin/secure',RedirectView.as_view(url='/admin')),
path('real/admin/',RedirectView.as_view(url='/admin')),
#This is real admin login page url
path('custom_url/',
decorator_include([login_required, only_user()],
admin.site.urls)),
]
For this way you can not access directly your admin login page.. first you need to login your website and then accessible your admin panel..
How to protect website's login page from the attackers?:
- Use django defender (https://django-defender.readthedocs.io/en/latest/)
---------------------OR-------------------------
- Use google hidden(ReCaptchaV2Invisible) recaptcha field
(https://pypi.org/project/django-recaptcha/)
If any unauthorized users terrible activity detected.You block their IP address or username by using this django package:
pip install django-blacklist
Read docs : django-blacklist
•sorry for my English
When I syncdb and runserver everything works correctly in Django, but when I try to visit the webpage that it is on http://127.0.0.1:8000/ it returns a 404 error.
Page not found (404)
Request Method: GET
Request URL: http://127.0.0.1:8000/
Using the URLconf defined in MyBlog.urls, Django tried these URL patterns, in this order:
^admin/
The current URL, , didn't match any of these.
The strange part is that when I visit /admin on the page it works fine. I dont understand what is failing here. Any help would be awesome!
You need an URL route to the homepage. The urlpatterns variable in MyBlog.urls should have a tuple pair like (r'^$', app.views.show_homepage), where show_homepage is a function defined in views.py. For more info about the URL dispatcher, you can read about it here: https://docs.djangoproject.com/en/dev/topics/http/urls/
Check out chapter 3 of Django's Writing your first Django app tutorial.
In short, you need to specify (in urls.py) which code Django should run for particular URLs; there are no default URLs defined (you'll see a line including the admin URLs in urls.py).
Edit your urls.py so it looks something like
from django.conf.urls import patterns, include, url
from django.views.generic import TemplateView
from django.contrib import admin
admin.autodiscover()
urlpatterns = patterns('',
url(r'^$', TemplateView.as_view(template_name="home.html"),
)
(you'll also need to create home.html in one of the directories specified in TEMPLATE_DIRS)