3

I have a medium sized Drupal 6 site running (around 5 million page views per month and more than 30K registered users) and I need to integrate OSQA, a Django application, with it. I already have many users, roles and permissions in my Drupal database and I'd like to point the Django app to use the sign up and login pages I already have in Drupal to give my users a single point on entrance.

I want to keep the Django authentication part because I think OSQA would work better. I also have performance reasons in mind, the Drupal site already gets a lot of traffic and has a very busy database and I think that using a separate database for Django would help.

After some research I think I could make the Drupal sign up and login pages call Django in the background to sign up or login to the Django app. I plan to do this writing a couple of views in Django, one for sign up and another for login, and Drupal would post the username and password to those views. Of course I'd need to disable CSRF in Django for those views and probably also post some secret key that only my Drupal and Django applications know about to avoid external sites trying to use this "unprotected" Django views.

I know that my Django application may need some user data from Drupal at some points and I'm planning on using the Drupal services module for that.

Would this be a good approach? Any suggestions?

Thanks a lot!

Mentakatz
  • 715
  • 1
  • 5
  • 13
  • Here's another question that seems to have some more relevant information: http://stackoverflow.com/questions/1936186/how-to-build-a-secure-django-single-signon-between-different-sites – bchang Feb 18 '11 at 23:31

3 Answers3

0

Are there any plugins for OSQA to expose an authentication service that Drupal can talk to? (OpenID or similar).

Alternatively, check out Drupal's ldap_integration module for an example of a module that uses an external authentication service. Consider that you will need to create Drupal user accounts for each login.

Finally, why not just build the essential parts of OSQA's functionality with Drupal? Seems like the key functionality could be replicated quite easily using Taxonomy, Vote Up and Userpoints/User Badges... potentially easier to do than shared authentication, especially on a large site.

GSP
  • 569
  • 3
  • 6
  • Thanks for the suggestion. We will be probably using other external authentication methods (Twitter and Facebook to start with) but we have many users already authenticating directly to Drupal and I think I'd like to keep the core Drupal authentication in place. I thought about creating the Q&A features with Drupal but OSQA already has a lot of things we need and I wouldn't want to recreate the wheel. Besides, I'd also like to have Q&A in a different database and servers. – Mentakatz Feb 18 '11 at 18:45
0

I once created a very simple [sql_authentication][1] module, which you can probably simply re-create for a more recent version of Drupal.

The idea is simple: provide Drupal with an alternative authentication callback. In that callback-function, just check against the Django database, and return TRUE if you think the user is correct.

You could look at how openid.module (in core) extends the user-authentication for a simple example.

berkes
  • 26,996
  • 27
  • 115
  • 206
  • Thanks, I'll take a look at openind and ldap_integration modules (which GSP suggested in other answer). I'm not sure if just checking the Django database would be enough as I need to actually call the authenticate() and login() Django methods and bypass the CSRF validation to create the correct session data for Django. I think I have now a better idea about the Drupal part of my question but still want to confirm about the Django part. – Mentakatz Feb 18 '11 at 18:50
0

If you can post to the Django form, you may be able to use drupal_http_request to handle the call to Django. After using the ldap_integration module for a while, I worked on a custom authentication module that calls a Java-based REST authentication API using drupal_http_request. If you're interested in the code, let me know.

Matt V.
  • 9,703
  • 10
  • 35
  • 56