Update: Since Django 1.7, users are automatically logged-out when their password changes. On each request, the current password hash is compared to the value saved in their session and if doesn’t match, the user is logged-out. So, a simple password update has the effect of logging the user out. You can then disable the account … Read more
For the 2nd part of John C’s answer, and Django 1.4+… Instead of extending HttpResponseRedirect, you can change the request.scheme to https. Because Django is behind Nginx’s reverse proxy, it doesn’t know the original request was secure. In your Django settings, set the SECURE_PROXY_SSL_HEADER setting: SECURE_PROXY_SSL_HEADER = (‘HTTP_X_FORWARDED_PROTO’, ‘https’) Then, you need Nginx to set … Read more
If you are looking to check for permissions in templates, the following code would suffice: {% if perms.app_label.can_do_something %} <form here> {% endif %} Where model refers to the model that the user need permissions to see the form for. Refer to https://docs.djangoproject.com/en/stable/topics/auth/default/#permissions for more examples. The currently logged-in user’s permissions are stored in the … Read more
Your User object is linked to the Group object through a ManyToMany relationship. You can thereby apply the filter method to user.groups. So, to check if a given User is in a certain group (“Member” for the example), just do this : def is_member(user): return user.groups.filter(name=”Member”).exists() If you want to check if a given user … Read more
After digging around the Django source code for a while, I found a working soultion. I am not totally happy with this solution, but it seems to work. Feel free to suggest better solutions! Django uses UserAdmin to render the nice admin look for User model. By just using this in our admin.py-file, we can … Read more
Not sure if this is still needed but thought I would share my solution: 1) Install django-tracking (thankyou for that tip Van Gale Google Maps + GeoIP is amazing!) 2) Add this middleware: from django.contrib.sessions.models import Session from tracking.models import Visitor from datetime import datetime class UserRestrictMiddleware(object): “”” Prevents more than one user logging in … Read more
Ok, I eventually found a way of doing this, although I’m sure there are better ways. I created a new middleware class called LoginFormMiddleware. In the process_request method, handle the form more or less the way the auth login view does: class LoginFormMiddleware(object): def process_request(self, request): # if the top login form has been posted … Read more
There’s a way to achieve that without touching the core model, and without inheritance, but it’s definitely hackish and I would use it with extra care. If you look at Django’s doc on signals, you’ll see there’s one called class_prepared, which is basically sent once any actual model class has been created by the metaclass. … Read more
UPDATE 2020-01-02 ⚠ The following answer was never updated to the latest Python and Django versions. Since writing this a few years ago packages have been released to solve this problem. Nowadays I highly recommend using django-crum which implements the same technique but has tests and is updated regularly: https://pypi.org/project/django-crum/ The least obstrusive way is … Read more
There are a few strategies listed in the CBV docs: Decorate the view when you instantiate it in your urls.py (docs) urlpatterns = [ path(‘view/’,login_required(ViewSpaceIndex.as_view(..)), … ] The decorator is applied on a per-instance basis, so you can add it or remove it in different urls.py routes as needed. Decorate your class so every instance … Read more