Login

Tag "authentication"

Snippet List

Login Required Middleware

Sometimes it's a real pain to use the `@login_required` decorator all over the views of a complicated site. This middleware requires login on every page by default and supports a list of regular expression to figure out the exceptions. This way you don't have to worry about forgetting to decorate a view. This snippet requires `LOGIN_URL` to be set in settings.py, and optionally allows you fill out `LOGIN_EXEMPT_URLS`, a tuple of regular expressions (similar to urls.py) that lists your exceptions. Example: `` LOGIN_EXEMPT_URLS = ( r'^about\.html$', r'^legal/', # allow the entire /legal/* subsection ) ``

  • middleware
  • authentication
Read More

Enforce site wide login

This is based on a snippet contributed by zbyte64 ( RequireLoginMiddleware) but turned on its head. RequireLoginMiddleware enforces authentication for a subset of urls defined in settings.py. This middleware requires authentication for all urls except those defined in settings.py. The aim is to globally enforce site wide authentication without having to decorate individual views. To use, add the class to MIDDLEWARE_CLASSES and then define the urls you don't need authentication for. These go in a tuple called PUBLIC_URLS in settings.py. For example:- PUBLIC_URLS = ( r'project/application/login/', r'project/application/signup/', ) By default, authentication is not required for any urls served statically by Django. If you want to subject these to the same validation, add an entry to settings.py called SERVE_STATIC_TO_PUBLIC with a value of True.

  • middleware
  • authentication
  • login
Read More

StrictAuthentication - Auto log-out inactive users

This dead-simple piece of middleware adds a terrific security feature to django authentication. Currently, users who's accounts are de-activated still may have a cookie and a login session. This middleware destroys that session on their next request. Simply add this class into a middleware.py and add it to your settings.

  • middleware
  • authentication
  • security
  • sessions
Read More

Require login by url

An example of using it in your settings.py: MIDDLEWARE_CLASSES = ( 'django.middleware.common.CommonMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.middleware.doc.XViewMiddleware', 'util.loginmiddleware.RequireLoginMiddleware', ) LOGIN_REQUIRED_URLS = ( r'/payment/(.*)$', r'/accounts/home/(.*)$', r'/accounts/edit-account/(.*)$', ) In a nutshell this requires the user to login for any url that matches against whats listing in LOGIN_REQUIRED_URLS. The system will redirect to [LOGIN_URL](http://www.djangoproject.com/documentation/settings/#login-url)

  • middleware
  • authentication
  • url
  • login
  • auth
Read More

phpbb (2.x) authentication backend

This class not only checks an old-style phpbb 2.x password, when the user successfully logs in, it rehashes the (correct) password in the newstyle hash and saves it. Eradicating the old, quite unsafe stored md5 password.

  • authentication
  • backend
  • phpbb
Read More

Using Google Apps Premium infrastructure for user management

To create a lower entry barrier to logging into our intranet I created a very simple backend using Google Apps Premium provisioning API (http://code.google.com/apis/apps/gdata_provisioning_api_v2.0_reference.html). This enables controlling access for your users based on their status in your Google Apps instance. *(NOTE! Since the provisioning API is only available in the Premium version of Google Apps you first need to upgrade if you haven't done so already)* Requirements: You need Google Data libraries for python. They can be downloaded from http://code.google.com/p/gdata-python-client/downloads/list Google Apps Premium -- User used by the script must have admin rights

  • authentication
  • login
  • auth
  • google
  • google-apps
  • auth-backend
Read More

Authentication Against Active Directory (LDAP) over SSL

I had some trouble getting other peoples code to work for AD support, so I wrote my own which authenticates against LDAP and will also use SSL and cert if required. It will also verify that an autheticated user has specific group membership before authorizing. This will also debug to a file, which is really helpful when trying to figure out problems. One thing that really got me when getting python-ldap to work was that you must have "ldap.set_option(ldap.OPT_REFERRALS,0)" set or any ldap search will not work. Also, this will add group permissions to a user.

  • authentication
  • ssl
  • ldap
  • active-directory
Read More

SimpleMachines forum authentication backend

Authentication backend for Simple Machines Forum user database. Needs one setting in `settings.py`: SMF_PREFIX = 'smf' This is prefix of SMF tables. This shippet assumes that they are in the same database. There is one more optional setting: SMF_GROUP = 1 If set, will allow only users from group with given id. May be used to allow access to admin page only for moderators.

  • authentication
  • backend
  • smf
Read More

Authenticate against a Windows domain controller

To activate, store this file as `mysite/winauth.py` and use in settings.conf: AUTHENTICATION_BACKENDS = ('mysite.winauth.DomainControllerAuthBackend',) Needs [pywin32 extensions](http://sourceforge.net/projects/pywin32/) installed (and obviously only runs on Windows).

  • authentication
  • domain
  • windows
  • controller
  • pdc
Read More

nginx x-accel-redirect protection of static files

This snippet requires nginx as your front end server (for serving static files) and any django enabled server as a backend that only gets the dynamic requests (I use apache with mod_python). If you have no idea what I'm talking about, you probably won't need this snippet. I previously tried something [similar](http://www.djangosnippets.org/snippets/62/) just using mod_python, but this was too unstable for my needs (the PythonAuthenHandler seems to be called multiple times for no apparent reason). The patch from that snippet was also used as a base for [this ticket](http://code.djangoproject.com/ticket/3583). This is part of an authentication mechanism I use for protecting static files. Nginx has the so called x-accel-redirect feature, that tells nginx to serve an internal (read 'protected') file if the backend response has the ['X-Accel-Redirect'] header set. No other headers are touched, but by deleting all relevant headers in the default django response, nginx will create those headers for us. The usage is pretty simple: * set up nginx as a proxy for apache + mod_python + django (google for this if you don't know how) * configure nginx as shown in the code snippet (for testing leave out the internal part to see if the files are accessible) * configure your urls.py to point to the validation view * make your sites hrefs point to the view instead of the file directly (those real urls will be completely hidden from your visitors) * Done!

  • authentication
  • nginx
Read More

Sessions and authentication without cookies

[The Session documentation](http://www.djangoproject.com/documentation/sessions/) rightly warns of the dangers of putting a session ID into a query string. Sometimes, however, you have to do it - perhaps your client has mandated support for browsers with cookies disabled, or perhaps (as in my case) you're just dealing with a slightly broken client browser. This middleware pulls a session ID out of the query string an inserts it into the cookies collection. You'll need to include it in your MIDDLEWARE_CLASSES tuple in settings.py, *before* the SessionMiddleware. *Please* read my [full blog post](http://www.stereoplex.com/two-voices/cookieless-django-sessions-and-authentication-without-cookies) about for the dangers of doing this, and for full instructions and examples.

  • middleware
  • cookie
  • session
  • authentication
  • string
  • query
  • cookieless
  • querystring
Read More

view by view basic authentication decorator

A simple decorator that requires a user to be logged in. If they are not logged in the request is examined for a 'authorization' header. If the header is present it is tested for basic authentication and the user is logged in with the provided credentials. If the header is not present a http 401 is sent back to the requestor to provide credentials. The purpose of this is that in several django projects I have needed several specific views that need to support basic authentication, yet the web site as a whole used django's provided authentication. The uses for this are for urls that are access programmatically such as by rss feed readers, yet the view requires a user to be logged in. Many rss readers support supplying the authentication credentials via http basic auth (and they do NOT support a redirect to a form where they post a username/password.) Use is simple: ` @logged_in_or_basicauth def your_view: ... ` You can provide the name of the realm to ask for authentication within.

  • basic
  • authentication
  • decorator
Read More

50 snippets posted so far.