Hi everyone,
I have written a custom authentication backend, the code is below. It allows a user to click "email me a one-time password" on the home page, which is saved on the "Person" model (which extends User through a foreign key) and then log in with that password. This backend verifies the password and then erases it from the database.
This whole thing works when I put SESSION_SERIALIZER='django.contrib.sessions.serializers.PickleSerializer' in settings.py, but I don't want that since PickleSerializer is unsafe.
If I use the default session serializer, I get the following error:
how do I solve this? Do I need to write a custom serializer, and if yes, how? Can I add serialize/deserialize methods on this class, and what exactly do they need to do? Do they need to be classmethods or something?
I would really appreciate some help with this. Thanks in advance!
from django.contrib.auth.models import User
from allauth.account.models import EmailAddress
from passlib.hash import pbkdf2_sha256
from api import models
from base.settings import ACCOUNT_PASSWORD_MIN_LENGTH
class OneTimePasswordBackend(object):
def authenticate(self, email=None, one_time_password=None):
if len(one_time_password) < ACCOUNT_PASSWORD_MIN_LENGTH or one_time_password==None:
return None
try:
email_obj = EmailAddress.objects.get(email=email)
except EmailAddress.DoesNotExist:
return None
user = email_obj.user
person = models.Person.objects.get(user_account=user)
saved_pw = person.one_time_password
try:
verify = pbkdf2_sha256.verify(one_time_password, saved_pw)
except Exception as e:
print(e)
verify = False
else:
"""reset the one time password"""
person.one_time_password = ""
person.save()
return user
return None
def get_user(self, user_id):
try:
return User.objects.get(pk=user_id)
except User.DoesNotExist:
return None
-- I have written a custom authentication backend, the code is below. It allows a user to click "email me a one-time password" on the home page, which is saved on the "Person" model (which extends User through a foreign key) and then log in with that password. This backend verifies the password and then erases it from the database.
This whole thing works when I put SESSION_SERIALIZER='django.contrib.sessions.serializers.PickleSerializer' in settings.py, but I don't want that since PickleSerializer is unsafe.
If I use the default session serializer, I get the following error:
TypeError at /login/
<class 'OneTimePasswordBackend'> is not JSON serializable
how do I solve this? Do I need to write a custom serializer, and if yes, how? Can I add serialize/deserialize methods on this class, and what exactly do they need to do? Do they need to be classmethods or something?
I would really appreciate some help with this. Thanks in advance!
from django.contrib.auth.models import User
from allauth.account.models import EmailAddress
from passlib.hash import pbkdf2_sha256
from api import models
from base.settings import ACCOUNT_PASSWORD_MIN_LENGTH
class OneTimePasswordBackend(object):
def authenticate(self, email=None, one_time_password=None):
if len(one_time_password) < ACCOUNT_PASSWORD_MIN_LENGTH or one_time_password==None:
return None
try:
email_obj = EmailAddress.objects.get(email=email)
except EmailAddress.DoesNotExist:
return None
user = email_obj.user
person = models.Person.objects.get(user_account=user)
saved_pw = person.one_time_password
try:
verify = pbkdf2_sha256.verify(one_time_password, saved_pw)
except Exception as e:
print(e)
verify = False
else:
"""reset the one time password"""
person.one_time_password = ""
person.save()
return user
return None
def get_user(self, user_id):
try:
return User.objects.get(pk=user_id)
except User.DoesNotExist:
return None
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/69b91fa4-aca9-458e-9a83-d7b3d3ac35f7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
No comments:
Post a Comment