django-authentication

问题 I'm writing an application in Django 1.11. myapp/urls.py pattern looks like from django.conf.urls import url, include from django.contrib import admin from django.contrib.auth.views import LoginView urlpatterns = [ url(r'^login/$', LoginView.as_view(), {'redirect_authenticated_user': True}), url('^', include('django.contrib.auth.urls')), url('^', include('pages.urls')), url(r'^pages/', include('pages.urls')), url(r'^search/', include('search.urls')), url(r'^admin/', admin.site.urls), ] I want

问题 I am using Django user_passes_test decorator to check the User Permission. @user_passes_test(lambda u: has_add_permission(u, "project")) def create_project(request): ...... I am calling a callback function has_add_permission which takes two arguments User and a String. I would like to pass the request object along with it is that possible? Also, can anyone please tell me how are we able to access the User object inside the decorator directly. 回答1: No, you cannot pass request to user_passes

问题 I'm working on a project using Python(3.6) and Django(2.0) in which I need to verify the user's email on registration. Here's what I have tried: App to users named as users forms.py class SignUpForm(UserCreationForm): first_name = forms.CharField(max_length=30, required=False, help_text='Optional.') last_name = forms.CharField(max_length=30, required=False, help_text='Optional.') email = forms.EmailField(max_length=254, help_text='Required. Inform a valid email address.') class Meta: model =

问题 How can auth can be configured or modified to disallow user sessions if the user's IP is not the same IP that he logged in with ? I really try to protect my Django site from XSS as much as I can. But I never can be sure that I covered all the bases. If worst comes to worst and someone is able to put some XSS in my site, at least this could prevent him from hijacking existing user sessions.. 回答1: In your User model class create an IP field that stores the IP address of the request. original_ip

问题 Let's say my app is like a forum, but that each post has a group of people which may see it. SecretPost(Model): can_see = myapp.main.models.GroupOfUsers() I want to write a view which restricts users' access to these posts, and I'd prefer to use decorators, since that's how I've been handling access control everywhere else. SecretPostView(DetailView): """Can only be seen by members of its group""" @method_decorator(part_of_its_group) def dispatch(self, request, *args, **kwargs): return super

问题 I see that similar to this has been asked before but I would like to know if there was a simpler way to achieve this. Also followed this blog post. A sample Model is given below. class Post (models.Model): name = models.CharField(max_length=1000, help_text="required, name of the post") description = models.TextField(blank=True) created_datetime = models.DateTimeField(auto_now_add=True, editable=False) modified_datetime = models.DateTimeField(auto_now=True, editable=False) custom_hashed_url =

问题 I use UserCreationForm to create new users. from django.contrib.auth.forms import UserCreationForm class RegistrationForm(UserCreationForm): class Meta: model = User fields = ['username', 'first_name', 'last_name', 'email', 'is_active'] UserCreationForm automatically adds two fields ( Password1 and Password2 ). If the password is too short then it raises an error, telling that. Or if it is too simple or common. It is done via django.contrib.auth.password_validation . I wonder if I can

问题 I'm using Django 2.0 and Django RESET Framework to write REST API for my application. I have configured following authentication methods REST_FRAMEWORK = { 'DEFAULT_AUTHENTICATION_CLASSES': ( 'rest_framework.authentication.TokenAuthentication', 'rest_framework.authentication.BasicAuthentication', 'rest_framework.authentication.SessionAuthentication', ), } As of now, It allows all authenticated users to access web api view. What I want is to allow few users (probably superadmin users) to be

问题 My custom user model: class MyUser(AbstractBaseUser): username = models.CharField(unique=True,max_length=30) email = models.EmailField(unique=True,max_length=75) is_staff = models.IntegerField(default=False) is_active = models.IntegerField(default=False) date_joined = models.DateTimeField(default=None) # Use default usermanager objects = UserManager() USERNAME_FIELD = 'email' Is there a way to specify multiple USERNAME_FIELD ? Something like ['email','username'] so that users can login via

问题 I am working on the migration of one website with php to Django framework. There is used to a specific hash passwords algorithm, so I had to write: #settings.py PASSWORD_HASHERS = ( 'django.contrib.auth.hashers.PBKDF2PasswordHasher', 'project.hashers.SHA1ProjPasswordHasher', # that's mine 'django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher', ... ) and: #hashers.py import hashlib from django.contrib.auth.hashers import (BasePasswordHasher, mask_hash) from django.utils.datastructures import