Easy way to temporarily disable the need to login

[Larry Martell]

We have a django app that requires the users to login. For some
testing we want to do, we want to disable this so the app can be run
without logging in. Is there some way to easily do this? I've tried
commenting out all the @login_required decorations, but then I was
getting a 403. I tried commenting out the 'if not
controller.has_access' lines, but then I was getting 'Report.owner"
must be a "User" instance.' Before I hack up the code any more, is
there some way to just globally disable the need to login?

[Kurtis Mullins]

If any of your templates/views depend upon a request.user object, you'll run into issues because that will not exist without "logging in". I'm not sure of a good way around this off-hand without knowing more about your site. Sorry!

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django...@googlegroups.com.
To unsubscribe from this group, send email to django-users...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.

[Larry Martell]

On Wed, Sep 5, 2012 at 9:22 AM, Kurtis Mullins <kurtis....@gmail.com> wrote:
> If any of your templates/views depend upon a request.user object, you'll run
> into issues because that will not exist without "logging in". I'm not sure
> of a good way around this off-hand without knowing more about your site.
> Sorry!

Yes, they do depend on a request.user object. Can I hard code the
initialization of it?

[Kurtis Mullins]

I don't see why not. Are you running unit tests (testing scripts) or are you just using the browser for testing?

[Kurtis Mullins]

This *might* be helpful depending on how you're testing: http://stackoverflow.com/questions/2036202/how-to-mock-users-and-requests-in-django

[Larry Martell]

On Wed, Sep 5, 2012 at 9:36 AM, Kurtis Mullins <kurtis....@gmail.com> wrote:
> I don't see why not.

I've been trying to do that, but it's still complaining.

> Are you running unit tests (testing scripts) or are you
> just using the browser for testing?

I'm trying to do performance measuring. I have a list of all the urls
accessed over the past few months by a client, along with metrics on
their execution times. I want to run all those on a new server we've
set up and collect metrics and compare them. I have a python script
that uses urllib2 but, I can't run anything without logging in. I've
tried to login from python, but I get a 403. I also tried using the
requests module - that doesn't give me the 403, but doesn't log me in
- it just returns the login page as if the login failed.

[anthony tresontani]

We are using a middleware to enforce a user login:

class AutoAuthMiddleware(object):
    """
        Middleware for testing purpose only.
        Can enforce the user login.
    """

    def process_request(self, request):
        enforce_user = request.GET.get("enforce_user", None)
        if hasattr(request, "user") and not enforce_user:
            return

        user = User.objects.filter(username = enforce_user)
        if user:
            backend = get_backends()[0]
            user = user[0]
            user.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__) #fake authentication
            login(request, user)

You can add that to your testing environnement MIDDLEWARE_CLASSES.

Then you can just go to any url and add ?enforce_user=<username>

[Larry Martell]

On Wed, Sep 5, 2012 at 12:21 PM, anthony tresontani
<dev.tre...@gmail.com> wrote:
> We are using a middleware to enforce a user login:
>
> class AutoAuthMiddleware(object):
> """
> Middleware for testing purpose only.
> Can enforce the user login.
> """
>
> def process_request(self, request):
> enforce_user = request.GET.get("enforce_user", None)
> if hasattr(request, "user") and not enforce_user:
> return
>
> user = User.objects.filter(username = enforce_user)

I'm getting: 'NameError: "global name 'User' is not defined"' on the
above line. This is the same issue I was running into when I was
trying to hard code the initialization of a request.user object. Where
is that defined?

[Kurtis Mullins]

Looks like you just need a quick:

from django.contrib.auth.models import User

towards the top :)

[Larry Martell]

Thanks - but now I'm getting

NameError: "global name 'get_backends' is not defined"

[Amyth Arora]

could you post the traceback and the respective code. Most probably you'll need to disable all login_required decorators and also disable your user login based template tags in all the templates for it to work properly.

Thanks & Regards
----------------------------

Amyth [Admin - Techstricks]
Email - aroras....@gmail.com, ad...@techstricks.com
Twitter - @a_myth_________
http://techstricks.com/

[Kurtis Mullins]

Actually, I've got another idea for you. You mentioned you wanted to simply access using urllib. Maybe you could create a small script to extract a CSRF token from the login page, login with a known (test) user, and continue passing and extracting the CSRF token as needed?

[Larry Martell]

The code is what Anthony posted, and the traceback is simply:


Traceback:
File "/opt/local/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/site-packages/django/core/handlers/base.py"
in get_response
89. response = middleware_method(request)
File "/usr/local/motor/motor/../motor/middleware.py" in process_request
29. backend = get_backends()[0]

Exception Type: NameError at /report/CDSEM/RawFile/
Exception Value: global name 'get_backends' is not defined


And I was under the impression that his middleware code would
eliminate the need to disable all login_required decorators, etc.

[Larry Martell]

I have no idea how that would be done (neither extracting the token
nor passing it via urllib). I'm googling this, but if you know and
want to share, that would be great.

[Larry Martell]

I got Anthony's code to work by adding the appropriate imports:

from django.contrib.auth.models import User
from django.contrib.auth import get_backends
from django.contrib.auth import login

Thanks very much!!

[Kurtis Mullins]

Sure,

To submit a cookie, check this out: http://stackoverflow.com/questions/3334809/python-urllib2-how-to-send-cookie-with-urlopen-request

To harvest a CSRF Token from a page (for example, as part of a form), here's one example solution I found: http://stackoverflow.com/questions/3145178/get-contents-of-a-tags-using-python -- of course you'd want to grab the appropriate HTML Element.

Here's an example of setting and getting cookies: http://stackoverflow.com/questions/5606083/how-to-set-and-retrieve-cookie-in-http-header-in-python

Here's some docs on the how to make the CSRF System happy: https://docs.djangoproject.com/en/dev/ref/contrib/csrf/#how-it-works

[Larry Martell]

Thanks Kurtis!

[Kurtis Mullins]

No problem! Alternatively, you may have some luck with Selenium ... although I have no experience here and am not sure if it can be made to record times or any other indication of performance.

http://seleniumhq.org/

[Kurtis Mullins]

Actually, I take that back. I did some quick reading and found this from Selenium's FAQ (http://selenium-grid.seleniumhq.org/faq.html)

"

Selenium Grid is not designed for performance and load testing, but very efficient web acceptance/functional testing. The main reason for this is that conducting performance/load testing with real browser is a pretty bad idea as it is hard/expensive to scale the load and the actual load is very inconsistent.

For load/performance testing I would advise using tools like JMeter, Grinder or httperf. What you can do though, is reuse your selenium tests to record the use cases you will use for your load testing. If you really want to conduct load testing with Selenium, check out Browser Mob.

To simulate 200 concurrent users for instance, you would need 200 concurrent browsers with a load testing framework based on Selenium Grid. Even if you use Firefox on Linux (so the most efficient setup) you will probably need at least 10 machines to generate that kind of load. Quite insane when JMeter/Grinder/httperf can generate the same kind of load with a single machine.

[Larry Martell]

I have timing built into the app using Navigation Timing:

http://www.html5rocks.com/en/tutorials/webperformance/basics/

It gets logged in our database.