Dont require passwords on user creation form - django-forms

Because I am using windows authentication for my site, When an admin is creating users through the admin site, I would like the password fields in the UserCreationForm to be to be optional, or better yet, to not be there at all.
I have tried setting self.fields['password1'].required = False and likewise for 'password2'. I have also seen some people using set_unusable_password() But I am not sure where I am supposed to put it (right now I have it in my proxy user model, in the init method.
class DomainUser(User):
class Meta:
proxy = True
def __init__(self, *args, **kwargs):
self.set_unusable_password()
super().__init__(*args, **kwargs)
I need the password fields in the add user form of the admin site to be optional, not Mandatory

Related

DRF - making api available only to known clients

I have a DRF api which does not have any authentication system (because the concept of a user is meaningless there). And yet I want to make the api be restricted only to known clients. In other words, I want to come up with an api-to-api authentication rather than user-to-api authentication. Is that possible in DRF ? And are there any ready-to-use libs out there ?
You can use a permission class for it. Define a permission class that inherited from permissions.BasePermission
from rest_framework import permissions
class SamplePermission(permissions.BasePermission):
def has_permission(self, request, view):
return request.META.get('HTTP_YOUR_KEY','') in ['some_key']
and define it inside your view as permission_classes
class SampleViewSet(views.APIView):
...
permission_classes = [SamplePermission]
I can't say this is the best way but you can use it with this.

Authentication and authorize, djangorestframework

I have a problem with django rest framework token-based authentication. I can create user, but his password not hash, then I wrote implementation of method create in my serializer. This didn't worked. Only root can receive token and his password is hashed. Even user receive a Token. Code here:
https://github.com/XxXAsmoXxX/DjangoBlogAuthorization and authentication in folder restapi, folder with settings tasks
From http://www.django-rest-framework.org/api-guide/serializers/ ...
I am using a create function like this in my serializer. It sets the password hashed if you were using django User model.
def create(self, validated_data):
user = User(
email=validated_data['email'],
username=validated_data['username']
)
user.set_password(validated_data['password'])
user.save()
return user

rails role based access using cancan

There is no user and roles table. I have a tabless model for users and roles. user information is set in the application controller with the values from the environmental variables, for this one I have hard coded the value. The role information comes from the service.
#Application controller setting the user object
before_filter :set_user
def set_user
#user = User.new(:id => 123)
end
I am using cancan for authorization and ability.rb doesnt see this #user or user and comes in as nil.Does ability load before the application controller? Am I missing anything in the controllers for cancan? I have load_and_authorize_resource in the controllers.
Any suggestion will be greatly helpful.
Thanks
Ramya
Add this method in your ApplicationController if you don't have it:
def current_user
#user
end

Ruby on Rails - Session in Model for External API

I have an app without models or any database connectivity.
I have a method defined in the ApplicationController called "api_call" which does all api calls within the app. This method uses the ruby session to store things about the user, such as authentication info, access token info, and user info. In the session I store an Authentication hash for sending to the api for security when the user is logged.
Two things:
I'd like to put all api calls (the api_call method) in models (that don't use db or validation), but the problem is I don't have access session.
If I use a module, the module in the model also doesn't have access to the session.
If I create a model class without using ActiveRecord, should I use class methods rather than object methods?
How about passing the "authentication hash" to the API model's constructor?
class Api
def initialize auth
#auth = auth
end
end
class FooController < ApplicationController
def index
api = Api.new session[:auth]
end
end
Also, if you haven't see Pratik Naik's article about this, it's pretty funny.

Sinatra App with multiple users

What is the easiest way to allow for multiple users in a Sinatra web app. I've previously used an authorization class that allows for one username and password, but what if I want to allow users to sign up for a simple web app and allow them all their own login credentials?
Thank you so much!
If HTTP basic auth is sufficient I'd recommend defining two methods like this:
helpers do
def protected!
unless authorized?
response["WWW-Authenticate"] = 'Basic realm="Protected Area"'
throw(:halt, [401, "Not authorized\n"])
end
end
def authorized?
#auth ||= Rack::Auth::Basic::Request.new(request.env)
if #auth.provided? && #auth.basic? && #auth.credentials
username,password = #auth.credentials
# verify credentials are correct
end
end
end
Call protected! from any action that should be protected (or use a before block to protect everything). I leave the credential verification to you since I don't know how you're storing user account information.
The sinatra-authentication gem looks like an easy and powerful solution for adding users, authentication and permissions to sinatra apps.

Resources