On Feb 13, 2:23 am, paul <[email protected]> wrote:
> On Feb 12, 5:03 pm, pbzRPA <[email protected]> wrote:
>
> > The middleware looks good. Is your browser maybe not blocking cookies?
> > I have really though hard about it, but without code it's really
> > difficult to get a picture of where the problem may lie. You also said
> > you do custom authentication, then why is it that you printing out the
> > request in the django.contrib,auth.views.login?
>
> In settings.py, I also have:
>
> AUTHENTICATION_BACKENDS = ('auth.backends.ldap_backend',)
>
> The following code represents the backend that authenticates against a
> LDAP directory. It is working correctly (if the supplied username and
> password match, it returns a User -- I've verified this. I'm trying
> to not overflow this message with code, hopefully I'm including enough
> code to be informative. So basically my understanding is that if I
> want to use a different authentication backend, I just specify it
> under AUTHENTICATION BACKENDS, and Django will abstract the
> authentication and login process as long as my authentication backend
> returns a User instance if an entered username and password are
> validated. Please see the following code, I'll add some more comments
> after it:
>
> class ldap_backend(ModelBackend):
> def authenticate(self, username=None, password=None):
> if username is not None and password is not None:
> <SNIPPED OUT validating username & password in LDAP>
>
> if valid: # valid = True if username & password matched
> the LDAP entry
> return self.get_user(username)
>
> def get_user(self, username):
> try:
> return User.objects.get(username=username)
> except User.DoesNotExist:
> return None
>
> The following is a portion of the django.contrib.auth.login function.
> If I supply the correct username and password, the function executes
> all the way to returning HttpResponseRedirect. I am showing where I
> put in a print statement to show request.user.is_authenticated().
> This prints "True".
>
> def login(request, template_name='registration/login.html',
> redirect_field_name=REDIRECT_FIELD_NAME):
> "Displays the login form and handles the login action."
> redirect_to = request.REQUEST.get(redirect_field_name, '')
> if request.method == "POST":
> <SNIP>
> print "end %s" % request.user.is_authenticated() # will
> be True if username & pw are validated
> return HttpResponseRedirect(redirect_to)
>
> Now, here is the code of the view that handles redirect_to:
>
> view.py
> def home(request):
> context = {'title_prefix' : 'Account Home'}
> template = 'accounts/home.html'
> rc = RequestContext(request)
> return render_to_response(template, context, context_instance=rc)
>
> In this code, if I check request.user.is_authenticated, it returns
> False. request.user is actually AnonymousUser. However, if I look at
> request.session.items, I see the correct _auth_user_id for the user
> that just logged in.
>
> I hope that my code might be helpful. I'm quite perplexed about
> what's wrong.
>
> thanks again,
>
> Paul
Hi Paul, I wonder if your problem does not lie in your "get_user"
method in your ldap_backend. The normal get_user method requires a
used_id and not a username. The authentication method should return
it's own user instead of calling get get_user method.
Try changing you get_user method to:
def get_user(self, user_id):
try:
return User.objects.get(pk=user_id)
except User.DoesNotExist:
return None
and in your authenticate method replace:
"""return self.get_user(username) """
with:
try:
user = User.objects.get(username=username)
except User.DoesNotExist:
return None
return user
I think that django calls the get_user method with a request. The
django auth calls " user = backend.get_user(user_id) or
AnonymousUser()"
Hope that helps.
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
