Re: authentication by email

[Matt Pegler]

For the project I am working on, we solved this by making a custom
auth backend that checks the username against the email column.  We've
found it to be a nice clean solution to wanting to use email addresses
instead of usernames.

On Thu, Mar 8, 2012 at 9:54 PM, Clay McClure  wrote:
> "Django is a high-level Python Web framework that encourages rapid
> development and clean, pragmatic design"—unless you want to do something
> seemingly simple like using email addresses for authentication, in which
> case you need to monkey patch models and forms to get everything working
> right, which is neither rapid nor clean. What began as an innocuous feature
> request five years ago is now a high-level, general purpose, abstract,
> seemingly insurmountable design problem. The core developers are still
> perfectionists, but they seem to have forgotten their deadlines.
>
> Is there not a simple, pragmatic solution (optional and for new
> installations—we're not talking about backwards compatibility here) that
> could be implemented until the panacea of pluggable User models gets figured
> out? Something as simple (albeit ugly) as wrapping new models and forms in:
>
> if settings.AUTH_EMAIL_AUTHENTICATION:
>
> Should these things really take five years? What happened to pragmatic?
>
> Clay
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/django-developers/-/KebjFDOOBF4J.
> To post to this group, send email to django-developers@googlegroups.com.
> To unsubscribe from this group, send email to
> django-developers+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/django-developers?hl=en.

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com.
To unsubscribe from this group, send email to 
django-developers+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-developers?hl=en.

Re: authentication by email

[Matt Pegler]

Sorry all, disregard my previous email, I misread one thing and
completely missed Wim's original message.

On Thu, Mar 8, 2012 at 11:07 PM, Matt Pegler  wrote:
> For the project I am working on, we solved this by making a custom
> auth backend that checks the username against the email column.  We've
> found it to be a nice clean solution to wanting to use email addresses
> instead of usernames.
>
> On Thu, Mar 8, 2012 at 9:54 PM, Clay McClure  wrote:
>> "Django is a high-level Python Web framework that encourages rapid
>> development and clean, pragmatic design"—unless you want to do something
>> seemingly simple like using email addresses for authentication, in which
>> case you need to monkey patch models and forms to get everything working
>> right, which is neither rapid nor clean. What began as an innocuous feature
>> request five years ago is now a high-level, general purpose, abstract,
>> seemingly insurmountable design problem. The core developers are still
>> perfectionists, but they seem to have forgotten their deadlines.
>>
>> Is there not a simple, pragmatic solution (optional and for new
>> installations—we're not talking about backwards compatibility here) that
>> could be implemented until the panacea of pluggable User models gets figured
>> out? Something as simple (albeit ugly) as wrapping new models and forms in:
>>
>> if settings.AUTH_EMAIL_AUTHENTICATION:
>>
>> Should these things really take five years? What happened to pragmatic?
>>
>> Clay
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Django developers" group.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msg/django-developers/-/KebjFDOOBF4J.
>> To post to this group, send email to django-developers@googlegroups.com.
>> To unsubscribe from this group, send email to
>> django-developers+unsubscr...@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/django-developers?hl=en.

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com.
To unsubscribe from this group, send email to 
django-developers+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-developers?hl=en.

Re: #29752 Adding a ALLOWED_HOSTS_IGNORABLE_URLS setting

[Matt Pegler]

We would find this valuable for the reason Jonas outlined. Health checks
from AWS are sent without a host header, which causes the request to fail
the host check. By whitelisting the health check path, it would simplify
deployments to AWS and possibly others. Here's the workaround we use in
production to support AWS health checks that may help give some more
context: http://dpaste.com/2BS0C5M

-Matt

On Fri, Sep 14, 2018 at 10:44 AM, Tim Graham  wrote:

> What would be the value of that setting for your use case?
>
> On Friday, September 14, 2018 at 11:52:46 AM UTC-4, Jonas H wrote:
>>
>> Hi,
>>
>> I've started a discussion on https://code.djangoproject.com/ticket/29752
>> to add a new ALLOWED_HOSTS_IGNORABLE_URLS setting.
>>
>> The setting can become handy if you can't control the Host header sent to
>> your application but still want to accept the request. An example of this
>> is health checks made by AWS ECS/Fargate – google "django allowed_hosts
>> aws" and find 16,000 results with tips how to work around the problem.
>>
>> I'd like to discuss the addition on this list as per Tim's triage.
>>
>> Jonas
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To post to this group, send email to django-developers@googlegroups.com.
> Visit this group at https://groups.google.com/group/django-developers.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/django-developers/48278799-baea-4943-91b0-
> 4d1f2318c3a5%40googlegroups.com
> 
> .
>
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CA%2BSd1WcNRzR1WsN%2BeVW6V2Mr5N7W4kS4HEhWVpX%3DKa%3Dx9Y8%2Bvw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: #29752 Adding a ALLOWED_HOSTS_IGNORABLE_URLS setting

[Matt Pegler]

AWS will send a request to a specific path and make sure it receives a
status 200 response. If the response status is not 200, it will consider
that instance unhealthy and will not route traffic to that instance. The
path can be anything that can be used as a signal that the application is
running properly.

-Matt

On Fri, Sep 14, 2018 at 11:29 AM, Tim Graham  wrote:

> Sorry, I still don't understand what "whitelisting the health check path" 
> looks like.
>
> Here's the snippet for anyone reading the thread after the pastebin expires.
>
> ALLOWED_HOSTS = ['ourdomain.com']EC2_PRIVATE_IP = Nonetry:  # AWS provided 
> magic service that returns metadata about the instance making the call  
> EC2_PRIVATE_IP = 
> requests.get('http://169.254.169.254/latest/meta-data/local-ipv4', timeout = 
> 0.01).textexcept requests.exceptions.RequestException:  passif 
> EC2_PRIVATE_IP:  ALLOWED_HOSTS.append(EC2_PRIVATE_IP)
>
>
>
> On Friday, September 14, 2018 at 2:03:11 PM UTC-4, Matt wrote:
>>
>> We would find this valuable for the reason Jonas outlined. Health checks
>> from AWS are sent without a host header, which causes the request to fail
>> the host check. By whitelisting the health check path, it would simplify
>> deployments to AWS and possibly others. Here's the workaround we use in
>> production to support AWS health checks that may help give some more
>> context: http://dpaste.com/2BS0C5M
>>
>> -Matt
>>
>> On Fri, Sep 14, 2018 at 10:44 AM, Tim Graham  wrote:
>>
>>> What would be the value of that setting for your use case?
>>>
>>> On Friday, September 14, 2018 at 11:52:46 AM UTC-4, Jonas H wrote:

 Hi,

 I've started a discussion on https://code.djangoproject.com
 /ticket/29752 to add a new ALLOWED_HOSTS_IGNORABLE_URLS setting.

 The setting can become handy if you can't control the Host header sent
 to your application but still want to accept the request. An example of
 this is health checks made by AWS ECS/Fargate – google "django
 allowed_hosts aws" and find 16,000 results with tips how to work around the
 problem.

 I'd like to discuss the addition on this list as per Tim's triage.

 Jonas

>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Django developers (Contributions to Django itself)" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to django-develop...@googlegroups.com.
>>> To post to this group, send email to django-d...@googlegroups.com.
>>> Visit this group at https://groups.google.com/group/django-developers.
>>> To view this discussion on the web visit https://groups.google.com/d/ms
>>> gid/django-developers/48278799-baea-4943-91b0-4d1f2318c3a5%
>>> 40googlegroups.com
>>> 
>>> .
>>>
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To post to this group, send email to django-developers@googlegroups.com.
> Visit this group at https://groups.google.com/group/django-developers.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/django-developers/58003490-00cb-4b01-856b-
> a7672e3e3c13%40googlegroups.com
> 
> .
>
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CA%2BSd1WdX0Cp2nLmGyMxhvM86jWq4G4CzDtwbM0ezsGgS-FM1tA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.