Re: My Own Auth Backend
Up
2010/1/18 Olivier Détour :
> Thanks for this link, I saw it Saturday.
> But the problem is the same, I have to login to use template like that:
>
> {% if user.is_authenticated %}
> lol
> {% else %}
> not lol
> {% endif %}
>
> and my view.py is somethink like that:
>
> username = request.POST['user']
> password = request.POST['password']
> user = authenticate(username=username, password=password)
> if user is not None:
> login(request, user)
>
> Do I have to overload login method to use it like that ?
>
>
> On Mon, Jan 18, 2010 at 9:32 AM, nostradamnit wrote:
>> Olivier,
>>
>> Look at this -
>> http://stackoverflow.com/questions/1057149/django-users-and-authentication-from-external-source
>>
>> I imagine your problem comes from the fact that django.contrib.auth
>> User is tied to the DB
>>
>> Sam
>>
>> On Jan 18, 12:09 am, Olivier Détour wrote:
>>> up
>>>
>>> 2010/1/16 Détour Olivier :
>>>
>>>
>>>
>>> > Hi,
>>> > I would create my own auth backend. I tried to understand and trace
>>> > source code.
>>> > I want to create an internal DB with SHA1 and username.
>>> > But I cannot login, Django says me I do not set DB ENGINE. I would not
>>> > use something like MySQL or any DB Engine.
>>>
>>> > Here is my source code:
>>> > mybackend.py:
>>>
>>> > from django.contrib.auth.models import User
>>> > from django.contrib.auth.backends import RemoteUserBackend
>>>
>>> > class MyUser (User):
>>> > def save (self):
>>> > """saving to DB disabled"""
>>> > pass
>>>
>>> > objects = None # we cannot really use this w/o local DB
>>> > username = "" # and all the other properties likewise.
>>> > # They're defined as model.CharField or similar,
>>> > # and we can't allow that
>>>
>>> > def get_group_permissions (self):
>>> > """If you don't make your own permissions module,
>>> > the default also will use the DB. Throw it away"""
>>> > return [] # likewise with the other permission defs
>>>
>>> > def get_and_delete_messages (self):
>>> > """Messages are stored in the DB. Darn!"""
>>> > return []
>>>
>>> > class WWWBackend (RemoteUserBackend):
>>> > # Create a User object if not already in the database?
>>> > create_unknown_user = False
>>>
>>> > def get_user (self, user_id):
>>> > user = somehow_create_an_instance_of(MyUser, user_id)
>>> > return user
>>>
>>> > def authenticate (self, username=None, password=None):
>>> > if username == "lol" and password == "lol":
>>> > user = MyUser(username=username, password=password)
>>> > return user
>>> > return None
>>>
>>> > my view.py:
>>>
>>> > from django import forms
>>> > from django.core.context_processors import csrf
>>> > from django.template import RequestContext, loader
>>> > from django.http import HttpResponse, HttpResponseRedirect
>>> > from django.contrib.auth import authenticate, login
>>>
>>> > #! Form Upload Object
>>> > class LoginForm (forms.Form):
>>> > user = forms.CharField(widget = forms.TextInput)
>>> > password = forms.CharField(widget = forms.PasswordInput)
>>>
>>> > def index(request):
>>> > if request.method == 'POST':
>>> > form = LoginForm(request.POST)
>>> > if form.is_valid():
>>> > # FIXME: Check if file is good.
>>> > #handle_uploaded_torrent(request.FILES['file'])
>>> > username = request.POST['user']
>>> > password = request.POST['password']
>>> > user = authenticate(username=username, password=password)
>>> > if user is not None:
>>> > login(request, user)
>>>
>>> > return HttpResponseRedirect('/')
>>> > else:
>>> > form = LoginForm()
>>>
>>> > t = loader.get_template('template/index.html')
>>> > c = RequestContext(request, {
>>> > 'login_form': form,
>>> > })
>>> > return HttpResponse(t.render(c))
>>>
>>> > Thanks for reponses,
>>> > Regards,
>>>
>>> --
>>> Olivier Détour
>>> Sent from Reserved, ***
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Django users" group.
>> To post to this group, send email to django-us...@googlegroups.com.
>> To unsubscribe from this group, send email to
>> django-users+unsubscr...@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/django-users?hl=en.
>>
>>
>>
>>
>
>
>
> --
> Olivier Détour
>
--
Olivier Détour
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
Re: My Own Auth Backend
Thanks for this link, I saw it Saturday.
But the problem is the same, I have to login to use template like that:
{% if user.is_authenticated %}
lol
{% else %}
not lol
{% endif %}
and my view.py is somethink like that:
username = request.POST['user']
password = request.POST['password']
user = authenticate(username=username, password=password)
if user is not None:
login(request, user)
Do I have to overload login method to use it like that ?
On Mon, Jan 18, 2010 at 9:32 AM, nostradamnit wrote:
> Olivier,
>
> Look at this -
> http://stackoverflow.com/questions/1057149/django-users-and-authentication-from-external-source
>
> I imagine your problem comes from the fact that django.contrib.auth
> User is tied to the DB
>
> Sam
>
> On Jan 18, 12:09 am, Olivier Détour wrote:
>> up
>>
>> 2010/1/16 Détour Olivier :
>>
>>
>>
>> > Hi,
>> > I would create my own auth backend. I tried to understand and trace
>> > source code.
>> > I want to create an internal DB with SHA1 and username.
>> > But I cannot login, Django says me I do not set DB ENGINE. I would not
>> > use something like MySQL or any DB Engine.
>>
>> > Here is my source code:
>> > mybackend.py:
>>
>> > from django.contrib.auth.models import User
>> > from django.contrib.auth.backends import RemoteUserBackend
>>
>> > class MyUser (User):
>> > def save (self):
>> > """saving to DB disabled"""
>> > pass
>>
>> > objects = None # we cannot really use this w/o local DB
>> > username = "" # and all the other properties likewise.
>> > # They're defined as model.CharField or similar,
>> > # and we can't allow that
>>
>> > def get_group_permissions (self):
>> > """If you don't make your own permissions module,
>> > the default also will use the DB. Throw it away"""
>> > return [] # likewise with the other permission defs
>>
>> > def get_and_delete_messages (self):
>> > """Messages are stored in the DB. Darn!"""
>> > return []
>>
>> > class WWWBackend (RemoteUserBackend):
>> > # Create a User object if not already in the database?
>> > create_unknown_user = False
>>
>> > def get_user (self, user_id):
>> > user = somehow_create_an_instance_of(MyUser, user_id)
>> > return user
>>
>> > def authenticate (self, username=None, password=None):
>> > if username == "lol" and password == "lol":
>> > user = MyUser(username=username, password=password)
>> > return user
>> > return None
>>
>> > my view.py:
>>
>> > from django import forms
>> > from django.core.context_processors import csrf
>> > from django.template import RequestContext, loader
>> > from django.http import HttpResponse, HttpResponseRedirect
>> > from django.contrib.auth import authenticate, login
>>
>> > #! Form Upload Object
>> > class LoginForm (forms.Form):
>> > user = forms.CharField(widget = forms.TextInput)
>> > password = forms.CharField(widget = forms.PasswordInput)
>>
>> > def index(request):
>> > if request.method == 'POST':
>> > form = LoginForm(request.POST)
>> > if form.is_valid():
>> > # FIXME: Check if file is good.
>> > #handle_uploaded_torrent(request.FILES['file'])
>> > username = request.POST['user']
>> > password = request.POST['password']
>> > user = authenticate(username=username, password=password)
>> > if user is not None:
>> > login(request, user)
>>
>> > return HttpResponseRedirect('/')
>> > else:
>> > form = LoginForm()
>>
>> > t = loader.get_template('template/index.html')
>> > c = RequestContext(request, {
>> > 'login_form': form,
>> > })
>> > return HttpResponse(t.render(c))
>>
>> > Thanks for reponses,
>> > Regards,
>>
>> --
>> Olivier Détour
>> Sent from Reserved, ***
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To post to this group, send email to django-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> django-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/django-users?hl=en.
>
>
>
>
--
Olivier Détour
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
Re: My Own Auth Backend
Olivier,
Look at this -
http://stackoverflow.com/questions/1057149/django-users-and-authentication-from-external-source
I imagine your problem comes from the fact that django.contrib.auth
User is tied to the DB
Sam
On Jan 18, 12:09 am, Olivier Détour wrote:
> up
>
> 2010/1/16 Détour Olivier :
>
>
>
> > Hi,
> > I would create my own auth backend. I tried to understand and trace
> > source code.
> > I want to create an internal DB with SHA1 and username.
> > But I cannot login, Django says me I do not set DB ENGINE. I would not
> > use something like MySQL or any DB Engine.
>
> > Here is my source code:
> > mybackend.py:
>
> > from django.contrib.auth.models import User
> > from django.contrib.auth.backends import RemoteUserBackend
>
> > class MyUser (User):
> > def save (self):
> > """saving to DB disabled"""
> > pass
>
> > objects = None # we cannot really use this w/o local DB
> > username = "" # and all the other properties likewise.
> > # They're defined as model.CharField or similar,
> > # and we can't allow that
>
> > def get_group_permissions (self):
> > """If you don't make your own permissions module,
> > the default also will use the DB. Throw it away"""
> > return [] # likewise with the other permission defs
>
> > def get_and_delete_messages (self):
> > """Messages are stored in the DB. Darn!"""
> > return []
>
> > class WWWBackend (RemoteUserBackend):
> > # Create a User object if not already in the database?
> > create_unknown_user = False
>
> > def get_user (self, user_id):
> > user = somehow_create_an_instance_of(MyUser, user_id)
> > return user
>
> > def authenticate (self, username=None, password=None):
> > if username == "lol" and password == "lol":
> > user = MyUser(username=username, password=password)
> > return user
> > return None
>
> > my view.py:
>
> > from django import forms
> > from django.core.context_processors import csrf
> > from django.template import RequestContext, loader
> > from django.http import HttpResponse, HttpResponseRedirect
> > from django.contrib.auth import authenticate, login
>
> > #! Form Upload Object
> > class LoginForm (forms.Form):
> > user = forms.CharField(widget = forms.TextInput)
> > password = forms.CharField(widget = forms.PasswordInput)
>
> > def index(request):
> > if request.method == 'POST':
> > form = LoginForm(request.POST)
> > if form.is_valid():
> > # FIXME: Check if file is good.
> > #handle_uploaded_torrent(request.FILES['file'])
> > username = request.POST['user']
> > password = request.POST['password']
> > user = authenticate(username=username, password=password)
> > if user is not None:
> > login(request, user)
>
> > return HttpResponseRedirect('/')
> > else:
> > form = LoginForm()
>
> > t = loader.get_template('template/index.html')
> > c = RequestContext(request, {
> > 'login_form': form,
> > })
> > return HttpResponse(t.render(c))
>
> > Thanks for reponses,
> > Regards,
>
> --
> Olivier Détour
> Sent from Reserved, ***
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
Re: My Own Auth Backend
up
2010/1/16 Détour Olivier :
> Hi,
> I would create my own auth backend. I tried to understand and trace
> source code.
> I want to create an internal DB with SHA1 and username.
> But I cannot login, Django says me I do not set DB ENGINE. I would not
> use something like MySQL or any DB Engine.
>
> Here is my source code:
> mybackend.py:
>
>
> from django.contrib.auth.models import User
> from django.contrib.auth.backends import RemoteUserBackend
>
>
> class MyUser (User):
> def save (self):
> """saving to DB disabled"""
> pass
>
> objects = None # we cannot really use this w/o local DB
> username = "" # and all the other properties likewise.
> # They're defined as model.CharField or similar,
> # and we can't allow that
>
> def get_group_permissions (self):
> """If you don't make your own permissions module,
> the default also will use the DB. Throw it away"""
> return [] # likewise with the other permission defs
>
> def get_and_delete_messages (self):
> """Messages are stored in the DB. Darn!"""
> return []
>
> class WWWBackend (RemoteUserBackend):
> # Create a User object if not already in the database?
> create_unknown_user = False
>
> def get_user (self, user_id):
> user = somehow_create_an_instance_of(MyUser, user_id)
> return user
>
> def authenticate (self, username=None, password=None):
> if username == "lol" and password == "lol":
> user = MyUser(username=username, password=password)
> return user
> return None
>
> my view.py:
>
> from django import forms
> from django.core.context_processors import csrf
> from django.template import RequestContext, loader
> from django.http import HttpResponse, HttpResponseRedirect
> from django.contrib.auth import authenticate, login
>
> #! Form Upload Object
> class LoginForm (forms.Form):
> user = forms.CharField(widget = forms.TextInput)
> password = forms.CharField(widget = forms.PasswordInput)
>
> def index(request):
> if request.method == 'POST':
> form = LoginForm(request.POST)
> if form.is_valid():
> # FIXME: Check if file is good.
> #handle_uploaded_torrent(request.FILES['file'])
> username = request.POST['user']
> password = request.POST['password']
> user = authenticate(username=username, password=password)
> if user is not None:
> login(request, user)
>
> return HttpResponseRedirect('/')
> else:
> form = LoginForm()
>
> t = loader.get_template('template/index.html')
> c = RequestContext(request, {
> 'login_form': form,
> })
> return HttpResponse(t.render(c))
>
>
> Thanks for reponses,
> Regards,
--
Olivier Détour
Sent from Reserved, ***
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
Re: My own auth backend
Grigory Fateyev wrote: > If I undastand, your MIDDLEWARE code checks any permissions through any > view, right? You and Andrew use different approaches. Your backend is checking a password against a foreign database and then creates a new Django user corresponding to that account. You don't need a special middleware because your backend works (or rather it should) under the built-in middleware in django.contrib.auth. Andrew (as far as I understand) does not rely on a auth's middleware and uses his own to check user's credentials and instantiate request.user totally working around the built-in infrastructure with backends and such... Getting back to the original problem, it's worth to stick some exceptions around the code to see what real values do vars and params have. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~--~~~~--~~--~--~---
Re: My own auth backend
Thanks, Andrew, for reply!But, can not figure out what backend do you use for authentication? Custom sql. It used also by RADIUS server (this is a reason for creating custom authentication backend instead of using one from Django)-- Andrew DegtiariovDA-RIPE --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~--~~~~--~~--~--~---
Re: My own auth backend
Hello Andrew Degtiariov! On Sun, 12 Nov 2006 19:29:55 +0200 you wrote: > > > Try to write my own backend authenticate function, but users from > > > anothe table can not login. What can it be? Any suggestions? > > > > I hope somebody use custom backend authentication? Please, do not > > ignore my letters. :) > > I have used middleware for this purposes. It is last in > MIDDLEWARE_CLASSES list (in settings.py) and executed any time for > any URL of my project. Thanks, Andrew, for reply! But, can not figure out what backend do you use for authentication? -- Всего наилучшего! Григорий greg [at] anastasia [dot] ru Письмо отправлено: 2006/11/14 14:57 --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~--~~~~--~~--~--~---
Re: My own auth backend
Hello Andrew Degtiariov! On Tue, 14 Nov 2006 14:13:15 +0200 you wrote: > > But, can not figure out what backend do you use for authentication? > > > > Custom sql. It used also by RADIUS server (this is a reason for > creating custom authentication backend instead of using one from > Django) If I undastand, your MIDDLEWARE code checks any permissions through any view, right? My problem is, users from phpbb_users table can't login. My backend can't authenticate user, but what the problem? -- Всего наилучшего! Григорий greg [at] anastasia [dot] ru Письмо отправлено: 2006/11/14 15:54 --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~--~~~~--~~--~--~---
Re: My own auth backend
> Try to write my own backend authenticate function, but users from> anothe table can not login. What can it be? Any suggestions?
I hope somebody use custom backend authentication? Please, do notignore my letters. :) I have used middleware for this purposes. It is last in MIDDLEWARE_CLASSES list (in settings.py
) and executed any time for any URL of my project.Each function in view may have auth atttribute with an list of permission test functions, and 99% of functions in views.py have ones.For example:view.auth
= [check_is_admin, check_is_manager]My AuthMiddleware (I'm used some code from djando 0.91 distribution as base when start implementing this) executed each function in list and check if one returned True. Otherwise it redirected to login page. It would be better to use decorators, but I feel too lazy to rewrite all code :-)
Here my middleware/auth.py:from django.http import HttpResponseRedirectfrom django.core.exceptions import ObjectDoesNotExistimport refrom myinet.settings import ROOT_URLfrom myinet.users.models
import User, SESSION_KEYfrom myinet.libs import debugLOGIN_URL = ROOT_URL + '/users/login/'LOGIN_URL = re.sub('/+', '/', LOGIN_URL)def get_muser(request): muser = User() if not hasattr(request, 'user'):
try: user_id = request.session[SESSION_KEY] if not user_id: raise ValueError muser = User.objects.filter(pk=user_id).exclude(disabled__exact=True).get()
except (AttributeError, KeyError, ValueError, ObjectDoesNotExist), e: muser = User() return muserclass AuthMiddleware(object): def process_view(self, request, view_func, view_args, view_kwargs):
from myinet.users.views import login # Refresh muser attribute of request object request.__class__.muser = get_muser(request) if id(view_func) == id(login): # Do not break login process
return None acls = getattr(view_func, 'auth', None) # Function does not have permissions - assume it world accessable if acls is None: return None for check_func in acls:
if check_func(request.__class__.muser, **view_kwargs): return None new_url = LOGIN_URL + '?url=' + request.path return HttpResponseRedirect(new_url)--
Andrew DegtiariovDA-RIPE
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~--~~~~--~~--~--~---
Re: My own auth backend
Hello Grigory Fateyev! On Fri, 10 Nov 2006 19:59:32 +0300 you wrote: > Try to write my own backend authenticate function, but users from > anothe table can not login. What can it be? Any suggestions? I hope somebody use custom backend authentication? Please, do not ignore my letters. :) Thanks. -- Всего наилучшего! Григорий greg [at] anastasia [dot] ru Письмо отправлено: 2006/11/11 17:26 --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~--~~~~--~~--~--~---
