开发者

django authentication without a password

问答 作者:

I'm using the default authentication system with django, but I've added on an OpenID library, where I can authenticate users via OpenID. What I'd like to do is log them in, but it seems using the default django auth system, I need their password to authenticate the user. Is there a way to get around this without actually using their password?

I'd like to do something like this...

user = ... # queried the user based on the OpenID response
u开发者_如何学Goser = authenticate(user) # function actually requires a username and password
login(user)

I sooner just leave off the authenticate function, but it attaches a backend field, which is required by login.

It's straightforward to write a custom authentication backend for this. If you create yourapp/auth_backend.py with the following contents:

from django.contrib.auth.backends import ModelBackend
from django.contrib.auth.models import User


class PasswordlessAuthBackend(ModelBackend):
    """Log in to Django without providing a password.

    """
    def authenticate(self, username=None):
        try:
            return User.objects.get(username=username)
        except User.DoesNotExist:
            return None

    def get_user(self, user_id):
        try:
            return User.objects.get(pk=user_id)
        except User.DoesNotExist:
            return None

Then add to your settings.py:

AUTHENTICATION_BACKENDS = (
    # ... your other backends
    'yourapp.auth_backend.PasswordlessAuthBackend',
)

In your view, you can now call authenticate without a password:

user = authenticate(username=user.username)
login(request, user)

This is a bit of a hack but if you don't want to rewrite a bunch of stuff remove the authenticate 

user.backend = 'django.contrib.auth.backends.ModelBackend'
login(request, user)

user would be your User object

In order to do authenticate without password, in your settings.py:

AUTHENTICATION_BACKENDS = [
# auth_backend.py implementing Class YourAuth inside yourapp folder
    'yourapp.auth_backend.YourAuth', 
# Default authentication of Django
    'django.contrib.auth.backends.ModelBackend',
]

In your auth_backend.py:

NOTE: If you have custom model for your app then import from .models CustomUser

from .models import User 
from django.conf import settings

# requires to define two functions authenticate and get_user

class YourAuth:  

    def authenticate(self, request, username=None):
        try:
            user = User.objects.get(username=username)
            return user
        except User.DoesNotExist:
            return None
        
    def get_user(self, user_id):
        try:
            return User.objects.get(pk=user_id)
        except User.DoesNotExist:
            return None

In your Views for custom login request:

# Your Logic to login user
userName = authenticate(request, username=uid)
login(request, userName)

For further reference, use the django documentation here.

You can easily fix this by creating your own authentication backend and adding it to the AUTHENTICATION_BACKENDS setting.

There are some OpenID backends available already, so with a bit of searching you could save yourself the trouble of writing one.

继续阅读:authenticationdjangoopenid

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9