django-authentication

I have a Django app which has a single-account model. We are converting this to be multi-account, so almost every model will have a ForeignKey(Account) . What is the easiest way to make sure that each Account (each account is in its own subdomain) can only access its own data? We have a middleware that populates the subdomain, and the current account on each request. We can do this the hard way, by adding a filter(...., account = request.account) in all of our views. This is not desirable as, filter(...., account = request.account) will be added to all of the queries, making this non-dry,

In my application I need to authenticate users via my REST API. So I have a form with user/pass fields, and after submitting it, I'd like to proceed directly to the 'next' page. So apparently I need to submit my form via AJAX, as I don't want to be redirected to the API page. But how then the RemoteUserMiddleware will know that my user should be authenticated if the request will be processed by javascript ? To my understanding of the system architecture you have currently looks something like the following: -------------- ------------------- ------------------- | client web | ----------> |

I'm using Django with django-allauth for social authentication. I have authentication up and running, but can anyone give simple examples of how to: show the name and avatar of a logged-in user add some information to a user's account? For example, on the home page, I've got {% if user.is_authenticated %} <li><a href="{% url account_logout %}?next=/">Logout</a></li> {% endif %} That's showing the Logout link correctly, but how would I add the user's name and avatar? Something like (pseudocode): <p>You're logged in with {{ user.account_provider? }} as {{ user }}.</p> <img src="{{ user.avatar

I created my own view for login. However if a user goes directly to /admin it brings them to the admin login page and doesn't use my custom view. How can I make it redirect to the login view used for everything not /admin? From http://djangosnippets.org/snippets/2127/ —wrap the admin login page with login_required . For example, in urls.py : from django.contrib.auth.decorators import login_required from django.contrib import admin admin.autodiscover() admin.site.login = login_required(admin.site.login) You probably already have the middle two lines and maybe even the first line; adding that

I wanted to add more fields to the standard Django UserCreationForm so I went ahead and subclassed it inside of my app's forms.py file and ended up with this: class CustomUserCreationForm(UserCreationForm): email = forms.EmailField(label = "Email") first_name = forms.CharField(label = "First name") last_name = forms.CharField(label = "Last name") class Meta: model = User fields = ("first_name", "last_name", "username",) def save(self, commit=True): user = super(CustomUserCreationForm, self).save(commit=False) user.first_name = first_name user.last_name = last_name user.email = self.cleaned

I'm using Django's authentication, and in the login.html template, the following statement is generating an error: {% url 'django.contrib.auth.views.login' %} TemplateSyntaxError at /login Caught NoReverseMatch while rendering: Reverse for ''django.contrib.auth.views.login'' with arguments '()' and keyword arguments '{}' not found. This url is defined in my urls.py: (r'^login$', 'django.contrib.auth.views.login') I have installed the auth system: INSTALLED_APPS = ( 'django.contrib.auth', ... ) Any ideas? Dominic Rodger As of Django 1.10: As of Django 1.10, it is no longer possible to use the

The example provides a snippet for an application level view, but what if I have lots of different (and some non-application) entries in my "urls.py" file, including templates? How can I apply this login_required decorator to each of them? (r'^foo/(?P<slug>[-\w]+)/$', 'bugs.views.bug_detail'), (r'^$', 'django.views.generic.simple.direct_to_template', {'template':'homepage.html'}), Dropped this into a middleware.py file in my project root (taken from http://onecreativeblog.com/post/59051248/django-login-required-middleware ) from django.http import HttpResponseRedirect from django.conf import

I've found 3 row-level permission solutions for Django 1.2+ django-object-permissions django-guardian django-authority Could someone tell if there is any recommended more than the others, what are their main differences, etc.? I'll start this by saying we use none of these for object level permission - we use our own custom method and I really wish we hadn't. If you can avoid object level permissions at all, do so, they are a pain to organise. This is how I evaluate the 3 apps you've mentioned. Active Development: django-guardian (1 week ago) django-object-permissions (1 year ago) django