Hi everyone,
I have written a custom authentication backend, the code is below. It
allows a user to click "email me a one-time password" on the home page,
which is saved on the "Person" model (which extends User through a foreign
key) and then log in with that password. This backend verifies the password
and then erases it from the database.
This whole thing works when I put
SESSION_SERIALIZER='django.contrib.sessions.serializers.PickleSerializer'
in settings.py, but I don't want that since PickleSerializer is unsafe.
If I use the default session serializer, I get the following error:
TypeError at /login/
<class 'OneTimePasswordBackend'> is not JSON serializable
how do I solve this? Do I need to write a custom serializer, and if yes,
how? Can I add serialize/deserialize methods on this class, and what
exactly do they need to do? Do they need to be classmethods or something?
I would really appreciate some help with this. Thanks in advance!
from django.contrib.auth.models import User
from allauth.account.models import EmailAddress
from passlib.hash import pbkdf2_sha256
from api import models
from base.settings import ACCOUNT_PASSWORD_MIN_LENGTH
class OneTimePasswordBackend(object):
def authenticate(self, email=None, one_time_password=None):
if len(one_time_password) < ACCOUNT_PASSWORD_MIN_LENGTH or
one_time_password==None:
return None
try:
email_obj = EmailAddress.objects.get(email=email)
except EmailAddress.DoesNotExist:
return None
user = email_obj.user
person = models.Person.objects.get(user_account=user)
saved_pw = person.one_time_password
try:
verify = pbkdf2_sha256.verify(one_time_password, saved_pw)
except Exception as e:
print(e)
verify = False
else:
"""reset the one time password"""
person.one_time_password = ""
person.save()
return user
return None
def get_user(self, user_id):
try:
return User.objects.get(pk=user_id)
except User.DoesNotExist:
return None
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/69b91fa4-aca9-458e-9a83-d7b3d3ac35f7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
