I have a Django app, where there are 2 usage cases where I can be able to login a user without a password Want to
link contains the one-time key that I validate, and then I want to login the user without using credentials.
# Takes exceptions unless I call the user. 1 Authenticate Auth.login (request, user) How do I get it?
You can write back your own authentication backend which handles your two usage cases. See the documentation on writing and using a custom auth backend:
Edit: It seems that there may be some misconception about how it might be difficult to write your own AUTH backend From Docs:
An authentication backend is a class that implements two methods: get_user (user_id) and authenticate (** credentials).
That's right. This is any class that performs two functions which returns user objects.
The get_user method takes user_id - which is the username, database id or whatever - and gives a user object.
... The credentials being certified should be checked, and if the credentials are valid, then the user object that matches the credentials should be returned. If they are not legitimate, then no one should refund it.
OP has already said that there are one-time keys in the links that they confirm (and probably are associated with the user who wants to log in) . In other words, they have already written business logic for backend, it will only need to be converted into APprontate Class.
Custom authentication backend can be very similar to the object-level permissions of many amazing things in the JJEGO 1.2, but they do not have to be so complicated that they stack apart so that you have the default model in your token based authentication Backend or OpenID or Facebook but in the end an auth backend is class with just two methods and I do not think how you can do that overkill L can.
Comments
Post a Comment