Authenticating django with Authomatic - Best workflow

Question

I just started working in Django and it is awesome!

I want my webapplication to be accessible for a restricted number of people with their twitter account. To realize this, I use the plugin Authomatic.

This is a starter example that shows how you can use Authomatic with Django. From this, I use the following code snippit:

def login(request, provider_name):
    # We we need the response object for the adapter.
    response = HttpResponse()

    # Start the login procedure.
    result = authomatic.login(DjangoAdapter(request, response), provider_name)

    if result:
        response.write('<a href="..">Home</a>')

        elif result.user:
            if not (result.user.name and result.user.id):
                result.user.update()

            var username = result.user.name
            var id = result.user.id
return response

My question is as follows: After checking if the username is one of the allowed twitter users, how do I login so the user kan browse all the protected pages? I am used to use something like this:

user = authenticate(username=username, password=password)
if user is not None:
    if user.is_active:
        login(request, user)

But the problem is that the twitter users don't have a User object assigned to them. The only thing I can think off is hardcoding a default "allowed" user in my code, but that seems quite dodgy...

EDIT: I tried to implement Ashwin's answer, but that gives me this:

# We we need the response object for the adapter. response = HttpResponse()

# Start the login procedure.
result = authomatic.login(DjangoAdapter(request, response), provider_name)
if result:
    response.write('<a href="..">Home</a>')
if result.error:
    # Login procedure finished with an error.
    response.write('<h2>Damn that error: {0}</h2>'.format(result.error.message))

elif result.user:
    # We need to update the user to get more info.
    if not (result.user.name and result.user.id):
        result.user.update()

    # Welcome the user.
    response.write(u'<h1>Hi {0}</h1>'.format(result.user.name))
    response.write(u'<h2>Your id is: {0}</h2>'.format(result.user.id))
    response.write(u'<h2>Your email is: {0}</h2>'.format(result.user.email))

    # if result.user.id == 110740012624414845989:
    uname = result.user.id
    pwd = '** RANDOM PASSOWRD I SHOULD HAVE? **'
    user = authenticate(username=uname, password=pwd)
    login(request, user)

First of all I can't imagine that it is good practice to have a password writter in my code like this. Second I get the error Provider name "username" not specified!

Does anybody know what I am doing wrong?

score 0 · Accepted Answer · answered Apr 04 '15 at 01:36

0

You can create individual User objects for all the allowed users, then the job will be really easy. Just check if the username is available in the database, authenticate and login the request.

answered Apr 04 '15 at 01:36

Aswin Murugesh

10,831
10
40
69

Thanks for your answer, but how can I authenticate these User objects if I don't have the password? – hY8vVpf3tyR57Xib Apr 04 '15 at 12:03
@user3361028: You can use passwordless authentication. This should help: http://stackoverflow.com/questions/2787650/manually-logging-in-a-user-without-password – Aswin Murugesh Apr 04 '15 at 13:30

Authenticating django with Authomatic - Best workflow

1 Answers1