On Tue, Mar 24, 2009 at 1:55 PM, benjamin.wins...@googlemail.com <
benjamin.wins...@googlemail.com> wrote:
>
> Hello
>
> I have created a more robust login mechanism for my site, using
> username and password but then also other information, specific to
> each user. My main login works fine, but I want to kill the admin
> login page so that it can't be accessed (any users logging into the
> main site who qualify as user.is_admin will have access to the admin
> site still). I still have the original authentication backend in place
> - this is to partially authenticate users - and then I have a custom
> one to do the rest of the authentication. If users can access the
> default admin login, they can bypass the second stage of
> authentication.
>
> I can't just redirect /admin to another url, since the admin app uses
> this once authentication has occurred. I want to make sure no-one can
> reach the default (less secure) login page.
>
> Please, someone in the know let me know how to fix this.
>
>
You can monkey-patch / manual-decorate / whatever-you-want-to-name-it the
admin url dispatcher. In your auth system __init__.py
from django.contrib.admin import sites
def auth_decorate(admin_root)
def new_root(self, request, url):
"Catch request to test if properly authenticated"
# stuff....
if auth_ok:
# continue transparently
return admin_root(self, request, url)
else:
# call FBI?
return why_are_you_hacking_me()
return new_root
sites.root = auth_decorate(sites.root)
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
