So I have been working on this and I think I am very close. I have a
view /falcon_login/ and I have the @login_required decorator on it. It
returns user info in JSON. In my Qt app I invoke /falcon_login/ and
because the user is not logged in the django login page is brought up.
After they login my /falcon_login/ view code runs and returns the
JSON.
But here is my issue - from the Qt app I cannot get the response from
the the login page, so after the successful login I do a GET on the
/falcon_login/ - since they have just logged in I would expect my code
to run and return the JSON. But in my Qt app I don't get the JSON, I
get an empty response with a 302 return.
Looking in my server's log I see this:
GET /falcon_login/ => generated 0 bytes in 2 msecs (HTTP/1.1 302)
GET /accounts/login/?next=/falcon_login/ => generated 3409 bytes in 10 msecs
POST /accounts/login/ => generated 0 bytes in 128 msecs (HTTP/1.1 302)
GET /falcon_login/ => generated 29 bytes in 9 msecs (HTTP/1.1 200)
GET /falcon_login/ => generated 0 bytes in 1 msecs (HTTP/1.1 302)
So it seems that when my Qt code sends the get after the login django
does not think the user is logged in. So I'm wondering exactly how the
login_required decorator makes that determination. I looked at the
code and it uses is_authenticated(), which looks like it always
returns True. Yet it seems like it returns False in this case
I would think that immediately after logging in login_required would
return True.
What am I missing here?
On Wed, Apr 27, 2016 at 11:53 AM, Gergely Polonkai <gergely@polonkai.eu> wrote:
>
> I would create a separate view for this, like /falcon_login/, which could give you a plain text result. But that's totally up to you.
>
>
> Gergely Polonkai
> about.me/gergely.polonkai
>
> 2016-04-27 16:57 GMT+02:00 Larry Martell <larry.martell@gmail.com>:
>>
>> Well, not really. I have managed to invoke my django login screen from
>> my Qt app, but after I log in, of course my django app comes up.
>>
>> What I would like is to pass in some parameter to the login screen
>> (which is easy), and then have my django app detect that and after
>> successfully or unsuccessfully logging in, return a token or error
>> code to the Qt app and not bring up the django app. But I'm not sure
>> how to do that.
>>
>> On Tue, Apr 26, 2016 at 9:27 AM, Gergely Polonkai <gergely@polonkai.eu> wrote:
>> >
>> > That means you have to be able to do it via the API. The other solution is to pop up a web view for these tasks. However, we are moving out from Django field here, as this is getting more and more a falcon/UX-related question.
>> >
>> >
>> > Gergely Polonkai
>> > about.me/gergely.polonkai
>> >
>> > 2016-04-26 14:19 GMT+02:00 Larry Martell <larry.martell@gmail.com>:
>> >>
>> >> I need to support create user, change password, delete user and forgot password.
>> >>
>> >> On Tue, Apr 26, 2016 at 7:32 AM, Gergely Polonkai <gergely@polonkai.eu> wrote:
>> >> >
>> >> >
>> >> > That's not a big issue if you really communicate with Django via a web-based API. If the user can't log in, you can simply redirect them to a web page. I don't see the need for user admin functions, though.
>> >> >
>> >> >
>> >> > Gergely Polonkai
>> >> > about.me/gergely.polonkai
>> >> >
>> >> > 2016-04-26 13:10 GMT+02:00 Larry Martell <larry.martell@gmail.com>:
>> >> >>
>> >> >> Well, the issue with simply implementing auth, is that we'd need to
>> >> >> not only implement login, which is easy, but also forgot password, and
>> >> >> all the user admin functions. Since we have that already with django I
>> >> >> want to leverage that and not reinvent the wheel.
>> >> >>
>> >> >> On Tue, Apr 26, 2016 at 2:29 AM, Gergely Polonkai <gergely@polonkai.eu> wrote:
>> >> >> > Now I somewhat understand what falcon is, I suggest that you simply
>> >> >> > implement auth on you web app (it seems to me there is none or little right
>> >> >> > now. Of course, you don't have to protect all iour views, or you may want to
>> >> >> > display a different dataset, but that's another topic.
>> >> >> >
>> >> >> > When that is done, you have to do two things in your Qt app. First, make
>> >> >> > sure that when the server says that you are not authorized, pop up a login
>> >> >> > window. After a successful login, store the user's credentials for later
>> >> >> > use. What type of authentication to use and what to store is up to your
>> >> >> > decision: HTTP Basic (store user/password), HTTP session (store the session
>> >> >> > cookie) or token (store the token) based auths are the most common examples.
>> >> >> >
>> >> >> > Best,
>> >> >> > Gergely
>> >> >> >
>> >> >> > On Apr 26, 2016 00:09, "Larry Martell" <larry.martell@gmail.com> wrote:
>> >> >> >>
>> >> >> >> The Qt app talks to the server with web requests routed to python code
>> >> >> >> by falcon. It currently has no authentication/authorization of any
>> >> >> >> kind. It's not a web app, you can't just navigate to any page, you can
>> >> >> >> only get to parts of the app the code lets you get to.
>> >> >> >>
>> >> >> >> The way I envision it (if possible) is that I would have a decorator
>> >> >> >> just like @login_required, and if that is called and the user is not
>> >> >> >> logged in, it would invoke the django login page - just like it works
>> >> >> >> in django. I think I can do most of this, the part I am unclear on is
>> >> >> >> how I get control from the django login page back to the Qt app.
>> >> >> >>
>> >> >> >> On Mon, Apr 25, 2016 at 5:26 PM, Gergely Polonkai <gergely@polonkai.eu>
>> >> >> >> wrote:
>> >> >> >> > Hello,
>> >> >> >> >
>> >> >> >> > this all depends on how this Qt app communicates with the other end
>> >> >> >> > (server
>> >> >> >> > side). Does it offer *any* kind of authentication/authorization? If so,
>> >> >> >> > look
>> >> >> >> > for ways to integrate it with Django. If not, you are screwed anyway
>> >> >> >> > (from
>> >> >> >> > security point of view), because even if your app pops up a login
>> >> >> >> > screen,
>> >> >> >> > there can (and will) be ways to get around it.
>> >> >> >> >
>> >> >> >> > Best,
>> >> >> >> > Gergely
>> >> >> >> >
>> >> >> >> > On Apr 25, 2016 22:37, "Larry Martell" <larry.martell@gmail.com> wrote:
>> >> >> >> >>
>> >> >> >> >> We have an existing django app with login, change password, and forgot
>> >> >> >> >> password functionality.
>> >> >> >> >>
>> >> >> >> >> Then we have this other app built with the falcon framework. The
>> >> >> >> >> client side of that is C++/Qt. That app has no login functionality -
>> >> >> >> >> you bring it up and you're in. We would like to somehow use the login
>> >> >> >> >> functionality of the django app in the falcon app. Is that even
>> >> >> >> >> possible? I was thinking that in the Qt app I could bring up the
>> >> >> >> >> django login page by invoking the URL for that app. But once they log
>> >> >> >> >> in, how could I get control back to the Qt app and not have it proceed
>> >> >> >> >> to the django app?
>> >> >> >> >>
>> >> >> >> >> Does this even make any sense? Has anyone ever done anything like this?
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CACwCsY6mdFX7VHC0vBY-N5puKe2wvhit4WS_4ZNsWV%3DHerZ6jw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment