如何获得由“站点”供电的多个Django站点的唯一用户。框架？ [英] How to get unique users across multiple Django sites powered by the "sites" framework?

问题描述

我正在构建一个Django网站框架，该框架将为多个独立站点提供支持，所有这些站点都使用相同的应用程序，但使用自己的模板。我打算通过使用多个设置文件并为其设置独特的SITE_ID来完成此任务，如Django文档中针对 django.contrib.sites框架

I am building a Django site framework which will power several independent sites, all using the same apps but with their own templates. I plan to accomplish this by using multiple settings-files and setting a unique SITE_ID for them, like suggested in the Django docs for the django.contrib.sites framework

但是，我不希望网站A的用户能够在网站上登录B.检查syncdb创建的用户表后，我看不到任何可能将用户限制在特定站点的列。我还试图在一个站点上创建一个用户'bob'，然后使用shell命令来列出对方的所有用户，并且确定，bob显示在那里。

However, I don't want a user from site A to be able to login on site B. After inspecting the user table created by syncdb, I can see no column which might restrict a user to a specific site. I have also tried to create a user, 'bob', on one site and then using the shell command to list all users on the other side and sure enough, bob shows up there.

如何确保所有用户都限制在各自的网站？

How can I ensure all users are restricted to their respective sites?

推荐答案

最兼容的方式是创建一个用户配置文件模型，其中包含Site模型的外键，然后编写自定义身份验证后端，根据该FK的值检查当前站点。一些示例代码：

The most compatible way to do this would be to create a user Profile model that includes a foreign key to the Site model, then write a custom auth backend that checks the current site against the value of that FK. Some sample code:

定义您的个人资料模型，在app / models.py中说：

Define your profile model, let's say in app/models.py:

from django.db import models
from django.contrib.sites.models import Site
from django.contrib.auth.models import User

class UserProfile(models.Model):
    user = models.OneToOneField(User)
    site = models.ForeignKey(Site)

编写您的自定义验证后端，从默认继承，在app / auth_backend.py中说：

Write your custom auth backend, inheriting from the default one, let's say in app/auth_backend.py:

from django.contrib.auth.backends import ModelBackend
from django.contrib.sites.models import Site

class SiteBackend(ModelBackend):
    def authenticate(self, **credentials):
        user_or_none = super(SiteBackend, self).authenticate(**credentials)
        if user_or_none and user_or_none.userprofile.site != Site.objects.get_current():
            user_or_none = None
        return user_or_none

    def get_user(self, user_id):
        try:
            return User.objects.get(
                pk=user_id, userprofile__site=Site.objects.get_current())
        except User.DoesNotExist:
            return None

此auth后端假定所有用户都有个人资料;您需要确保您的用户创建/注册过程始终创建一个。

This auth backend assumes all users have a profile; you'd need to make sure that your user creation/registration process always creates one.

重写的验证方法确保用户只能登录到正确的站点。根据用户会话中存储的认证信息，从数据库中提取用户的每个请求都调用 get_user 方法;我们的覆盖确保用户无法在站点A上登录，然后使用相同的会话cookie来获取未经授权的访问站点B.（感谢Jan Wrobel指出需要处理后一种情况。）

The overridden authenticate method ensures that a user can only login on the correct site. The get_user method is called on every request to fetch the user from the database based on the stored authentication information in the user's session; our override ensures that a user can't login on site A and then use that same session cookie to gain unauthorized access to site B. (Thanks to Jan Wrobel for pointing out the need to handle the latter case.)

这篇关于如何获得由“站点”供电的多个Django站点的唯一用户。框架？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！