Home > Software design >  Django : How can we custom login_required decorator?
Django : How can we custom login_required decorator?

Time:03-21

I want to write a decorator like the login_required decorator of Django to check the Azure AD authentication and the Django authentication at the same time. If one of the two is not true, it redirects to the login page.

For the authentication, I used the tutorial (https://docs.microsoft.com/en-us/graph/tutorials/python). I do not how to deal with groups and permissions since I use Azure AD authentication. So I take the username and surname from the token that comes from the Azure Authentication and with this two infos, I create an user in the User Django models. I know it is not the best idea, but I can start to play with groups and permissions.

The django authentication is automatic without that the user create it. It is done in the callback function.

def callback(request):
  
    # Make the token request
    result = get_token_from_code(request)

    #Get the user's profile
    user = get_user(result['access_token'])

    # Store user
    store_user(request, user)

    # Get user info
    # user attribute like displayName,surname,mail etc. are defined by the 
    # institute incase you are using single-tenant. You can get these 
    # attribute by exploring Microsoft graph-explorer.

    username = user['displayName']
    password = user['surname']
    email = user['mail']

    try:
        # if use already exist
        user = User.objects.get(username=username)

    except User.DoesNotExist:
        # if user does not exist then create a new user
        user = User.objects.create_user(username,email,password)
        user.save()

    user = authenticate(username=username,password=password)

    if user is not None:
        login(request,user)
        messages.success(request,"Success: You were successfully logged in.")
        return redirect('home')
    return redirect('home')

If I want to check if the user is authenticated by Azure AD. From the tutorial, I should do something like that :

if request.session.get('user').get('is_authenticated') :

But I do not know how to combine with the django authentication to check both. Anyone can help me

Thanks

CodePudding user response:

simplest way would be to use the user_passes_test decorator to make your own function and apply that as a decorator to your views as per the docs

from django.contrib.auth.decorators import user_passes_test

def check_azure(user):
    # so something here to check the azure login which should result in True/False 
    return #theResult of your check

@user_passes_test(check_azure)
def my_view(request):
    ...

CodePudding user response:

Here is my solution :

from django.shortcuts import redirect


def authenticated_user(view_func) :
    def wrapper_func(request, *args, **kwargs):

        if request.user.is_authenticated and request.session.get('user').get('is_authenticated') :
    
            return view_func(request, *args, **kwargs)

        else : 

            return redirect('login')

    return wrapper_func

Page link:https//www.codepudding.com/Softwaredesign/342343.html

Prev:I am trying to complete an else if statment in Java but it doesnt work
Next:Website -> Count Button Clicks and never reset
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding