Access request object from within django admin's authenticate()

 

Is this anyhow possible to access the request object from within the django admin's authenticate() in custom auth backend?

The reason for this is I want to keep and re-use the user's password (or a Kerberos ticket - not sure yet) to authorize an operation in another system, which uses the same LDAP backend. For this purpose I wanted to use request.session - but it doesn't seem to be accessible, at least not the easy way.

If there's any other possibility to pass a value from the auth to the model, I'd be happy to get a suggestion as well.

Thanks.

I believe it's a bad idea to store raw password in session for security reasons, but some ideas (just ideas, never tried it):

  • Access session directly https://docs.djangoproject.com/en/1.10/topics/http/sessions/#using-sessions-out-of-views

    • Make sure your session won't be flushed by django.contrib.auth.login . See details in implementation.

  • user_logged_in signal has access to request and user object.

    • user_logged_in.send(sender=user.__class__, request=request, user=user)

    Looks like you can add attribute to user object inside authentication backend method and later attach it to session.

    链接地址: http://www.djcxy.com/p/33766.html

    上一篇: 尝试从远程连接Django dev服务器

    下一篇: 从django admin的authenticate()中访问请求对象