Using django login functionality in a non django app
50 views
Skip to first unread message
Larry Martell
Apr 25, 2016, 4:37:36 PM4/25/16
to django...@googlegroups.com
We have an existing django app with login, change password, and forgot
password functionality.
Then we have this other app built with the falcon framework. The
client side of that is C++/Qt. That app has no login functionality -
you bring it up and you're in. We would like to somehow use the login
functionality of the django app in the falcon app. Is that even
possible? I was thinking that in the Qt app I could bring up the
django login page by invoking the URL for that app. But once they log
in, how could I get control back to the Qt app and not have it proceed
to the django app?
Does this even make any sense? Has anyone ever done anything like this?
password functionality.
Then we have this other app built with the falcon framework. The
client side of that is C++/Qt. That app has no login functionality -
you bring it up and you're in. We would like to somehow use the login
functionality of the django app in the falcon app. Is that even
possible? I was thinking that in the Qt app I could bring up the
django login page by invoking the URL for that app. But once they log
in, how could I get control back to the Qt app and not have it proceed
to the django app?
Does this even make any sense? Has anyone ever done anything like this?
Gergely Polonkai
Apr 25, 2016, 5:26:26 PM4/25/16
to Django users
Hello,
this all depends on how this Qt app communicates with the other end (server side). Does it offer *any* kind of authentication/authorization? If so, look for ways to integrate it with Django. If not, you are screwed anyway (from security point of view), because even if your app pops up a login screen, there can (and will) be ways to get around it.
Best,
Gergely
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CACwCsY4vgxwa6xCyem%3DG_OusAAfKcx5n-mixERNFDBdFknisoA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Larry Martell
Apr 25, 2016, 6:10:05 PM4/25/16
to django...@googlegroups.com
The Qt app talks to the server with web requests routed to python code
by falcon. It currently has no authentication/authorization of any
kind. It's not a web app, you can't just navigate to any page, you can
only get to parts of the app the code lets you get to.
The way I envision it (if possible) is that I would have a decorator
just like @login_required, and if that is called and the user is not
logged in, it would invoke the django login page - just like it works
in django. I think I can do most of this, the part I am unclear on is
how I get control from the django login page back to the Qt app.
by falcon. It currently has no authentication/authorization of any
kind. It's not a web app, you can't just navigate to any page, you can
only get to parts of the app the code lets you get to.
The way I envision it (if possible) is that I would have a decorator
just like @login_required, and if that is called and the user is not
logged in, it would invoke the django login page - just like it works
in django. I think I can do most of this, the part I am unclear on is
how I get control from the django login page back to the Qt app.
Gergely Polonkai
Apr 26, 2016, 2:34:32 AM4/26/16
to Django users
Now I somewhat understand what falcon is, I suggest that you simply implement auth on you web app (it seems to me there is none or little right now. Of course, you don't have to protect all iour views, or you may want to display a different dataset, but that's another topic.
When that is done, you have to do two things in your Qt app. First, make sure that when the server says that you are not authorized, pop up a login window. After a successful login, store the user's credentials for later use. What type of authentication to use and what to store is up to your decision: HTTP Basic (store user/password), HTTP session (store the session cookie) or token (store the token) based auths are the most common examples.
Best,
Gergely
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CACwCsY5NrpmqBKjEcrvFEFLKiz%3D0DyL4oGueUKDvb37wZTO6Gg%40mail.gmail.com.
Larry Martell
Apr 26, 2016, 7:11:50 AM4/26/16
to django...@googlegroups.com
Well, the issue with simply implementing auth, is that we'd need to
not only implement login, which is easy, but also forgot password, and
all the user admin functions. Since we have that already with django I
want to leverage that and not reinvent the wheel.
not only implement login, which is easy, but also forgot password, and
all the user admin functions. Since we have that already with django I
want to leverage that and not reinvent the wheel.
Gergely Polonkai
Apr 26, 2016, 7:32:54 AM4/26/16
to Django users
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CACwCsY6_P7B7PZK6PRCt%3D2m0JyQ%2BejcMLp-1Q%2B7C2N-5rfyxZg%40mail.gmail.com.
Larry Martell
Apr 26, 2016, 8:20:59 AM4/26/16
to django...@googlegroups.com
I need to support create user, change password, delete user and forgot password.
On Tue, Apr 26, 2016 at 7:32 AM, Gergely Polonkai <ger...@polonkai.eu> wrote:
>
>
> That’s not a big issue if you really communicate with Django via a web-based API. If the user can’t log in, you can simply redirect them to a web page. I don’t see the need for user admin functions, though.
>
>
> Gergely Polonkai
> about.me/gergely.polonkai
On Tue, Apr 26, 2016 at 7:32 AM, Gergely Polonkai <ger...@polonkai.eu> wrote:
>
>
> That’s not a big issue if you really communicate with Django via a web-based API. If the user can’t log in, you can simply redirect them to a web page. I don’t see the need for user admin functions, though.
>
>
> Gergely Polonkai
Gergely Polonkai
Apr 26, 2016, 9:28:44 AM4/26/16
to Django users
That means you have to be able to do it via the API. The other solution is to pop up a web view for these tasks. However, we are moving out from Django field here, as this is getting more and more a falcon/UX-related question.
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CACwCsY6B3hGoORFf588r_bFUo%3D8phOa-pXy6TcP%3DGxM4X0N_qg%40mail.gmail.com.
Larry Martell
Apr 27, 2016, 10:58:21 AM4/27/16
to django...@googlegroups.com
Well, not really. I have managed to invoke my django login screen from
my Qt app, but after I log in, of course my django app comes up.
What I would like is to pass in some parameter to the login screen
(which is easy), and then have my django app detect that and after
successfully or unsuccessfully logging in, return a token or error
code to the Qt app and not bring up the django app. But I'm not sure
how to do that.
On Tue, Apr 26, 2016 at 9:27 AM, Gergely Polonkai <ger...@polonkai.eu> wrote:
>
> That means you have to be able to do it via the API. The other solution is to pop up a web view for these tasks. However, we are moving out from Django field here, as this is getting more and more a falcon/UX-related question.
>
>
> Gergely Polonkai
> about.me/gergely.polonkai
my Qt app, but after I log in, of course my django app comes up.
What I would like is to pass in some parameter to the login screen
(which is easy), and then have my django app detect that and after
successfully or unsuccessfully logging in, return a token or error
code to the Qt app and not bring up the django app. But I'm not sure
how to do that.
On Tue, Apr 26, 2016 at 9:27 AM, Gergely Polonkai <ger...@polonkai.eu> wrote:
>
> That means you have to be able to do it via the API. The other solution is to pop up a web view for these tasks. However, we are moving out from Django field here, as this is getting more and more a falcon/UX-related question.
>
>
> Gergely Polonkai
Gergely Polonkai
Apr 27, 2016, 11:54:09 AM4/27/16
to Django users
I would create a separate view for this, like /falcon_login/, which could give you a plain text result. But that’s totally up to you.
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CACwCsY6eH%3D1A2tQYSgxYVwMmzyRQj1dbkefzqr7XS8Cm1ZOHog%40mail.gmail.com.
Avraham Serour
Apr 27, 2016, 12:25:44 PM4/27/16
to django...@googlegroups.com
You can just use the session id, call it a token instead of cookie and be happy
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CACczBUL4RwkpBtbU-BPbdvJn%2BF6%3DGuW3MCwUNsfYNQv2PgSnXw%40mail.gmail.com.
Larry Martell
May 3, 2016, 5:53:52 PM5/3/16
to django...@googlegroups.com
So I have been working on this and I think I am very close. I have a
view /falcon_login/ and I have the @login_required decorator on it. It
returns user info in JSON. In my Qt app I invoke /falcon_login/ and
because the user is not logged in the django login page is brought up.
After they login my /falcon_login/ view code runs and returns the
JSON.
But here is my issue - from the Qt app I cannot get the response from
the the login page, so after the successful login I do a GET on the
/falcon_login/ - since they have just logged in I would expect my code
to run and return the JSON. But in my Qt app I don't get the JSON, I
get an empty response with a 302 return.
Looking in my server's log I see this:
GET /falcon_login/ => generated 0 bytes in 2 msecs (HTTP/1.1 302)
GET /accounts/login/?next=/falcon_login/ => generated 3409 bytes in 10 msecs
POST /accounts/login/ => generated 0 bytes in 128 msecs (HTTP/1.1 302)
GET /falcon_login/ => generated 29 bytes in 9 msecs (HTTP/1.1 200)
GET /falcon_login/ => generated 0 bytes in 1 msecs (HTTP/1.1 302)
So it seems that when my Qt code sends the get after the login django
does not think the user is logged in. So I'm wondering exactly how the
login_required decorator makes that determination. I looked at the
code and it uses is_authenticated(), which looks like it always
returns True. Yet it seems like it returns False in this case
I would think that immediately after logging in login_required would
return True.
What am I missing here?
On Wed, Apr 27, 2016 at 11:53 AM, Gergely Polonkai <ger...@polonkai.eu> wrote:
>
> I would create a separate view for this, like /falcon_login/, which could give you a plain text result. But that’s totally up to you.
>
>
> Gergely Polonkai
> about.me/gergely.polonkai
view /falcon_login/ and I have the @login_required decorator on it. It
returns user info in JSON. In my Qt app I invoke /falcon_login/ and
because the user is not logged in the django login page is brought up.
After they login my /falcon_login/ view code runs and returns the
JSON.
But here is my issue - from the Qt app I cannot get the response from
the the login page, so after the successful login I do a GET on the
/falcon_login/ - since they have just logged in I would expect my code
to run and return the JSON. But in my Qt app I don't get the JSON, I
get an empty response with a 302 return.
Looking in my server's log I see this:
GET /falcon_login/ => generated 0 bytes in 2 msecs (HTTP/1.1 302)
GET /accounts/login/?next=/falcon_login/ => generated 3409 bytes in 10 msecs
POST /accounts/login/ => generated 0 bytes in 128 msecs (HTTP/1.1 302)
GET /falcon_login/ => generated 29 bytes in 9 msecs (HTTP/1.1 200)
GET /falcon_login/ => generated 0 bytes in 1 msecs (HTTP/1.1 302)
So it seems that when my Qt code sends the get after the login django
does not think the user is logged in. So I'm wondering exactly how the
login_required decorator makes that determination. I looked at the
code and it uses is_authenticated(), which looks like it always
returns True. Yet it seems like it returns False in this case
I would think that immediately after logging in login_required would
return True.
What am I missing here?
On Wed, Apr 27, 2016 at 11:53 AM, Gergely Polonkai <ger...@polonkai.eu> wrote:
>
> I would create a separate view for this, like /falcon_login/, which could give you a plain text result. But that’s totally up to you.
>
>
> Gergely Polonkai
Reply all
Reply to author
Forward
0 new messages