Home/ Questions/Q 1104779
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-17T01:31:55+00:00

I have a Django app where there are 2 use cases where I want

  • 0

I have a Django app where there are 2 use cases where I want a user to be able to login without a password.

  1. User registers and gets activation link in e-mail.
  2. User resets password and gets link to change password form in e-mail.

The links include a one-time-use key that I validate, and then I want to log the user in without using credentials.

# This raises an exception unless
# I call user.authenticate 1st.
auth.login(request, user)

How do I acheive this?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You can write your own authentication backend(s) which handles your two use cases. See the docs on writing and using a custom auth backend:
    http://docs.djangoproject.com/en/1.2/topics/auth/#other-authentication-sources

    EDIT:
    There seems there might be some misconception about how difficult it might be to write your own auth backend. From the docs:

    An authentication backend is a class
    that implements two methods:
    get_user(user_id) and
    authenticate(**credentials).

    That’s right. It’s any class that implements two functions both which return User objects.

    The get_user method takes a user_id —
    which could be a username, database ID
    or whatever — and returns a User
    object.

    …authenticate should check the
    credentials it gets, and it should
    return a User object that matches
    those credentials, if the credentials
    are valid. If they’re not valid, it
    should return None.

    The OP has already stated that the links contain one-time keys that he validates (and presumably has associated with the user he wishes to log in). In other words he’s already written the business logic for the backend, he would just need to convert it into an appropirate class.

    Custom authentication backends can do a number of awesome things in Django 1.2 like object level permissions but they don’t have to be that complicated. Plus they stack so you can mix in your token based authentication with the default model backend or OpenID or Facebook. But in the end an auth backend is just class with two methods and I don’t see how you can call that overkill.

    • 0