Hi everyone,

I have written a custom authentication backend, the code is below. It 
allows a user to click "email me a one-time password" on the home page, 
which is saved on the "Person" model (which extends User through a foreign 
key) and then log in with that password. This backend verifies the password 
and then erases it from the database. 
This whole thing works when I put 
SESSION_SERIALIZER='django.contrib.sessions.serializers.PickleSerializer' 
in settings.py, but I don't want that since PickleSerializer is unsafe. 

If I use the default session serializer, I get the following error: 
TypeError at /login/ 

<class 'OneTimePasswordBackend'> is not JSON serializable


how do I solve this? Do I need to write a custom serializer, and if yes, 
how? Can I add serialize/deserialize methods on this class, and what 
exactly do they need to do? Do they need to be classmethods or something?

I would really appreciate some help with this. Thanks in advance!

from django.contrib.auth.models import User
from allauth.account.models import EmailAddress
from passlib.hash import pbkdf2_sha256
from api import models
from base.settings import ACCOUNT_PASSWORD_MIN_LENGTH

class OneTimePasswordBackend(object):
    def authenticate(self, email=None, one_time_password=None):
        if len(one_time_password) < ACCOUNT_PASSWORD_MIN_LENGTH or 
one_time_password==None:
            return None
        try:
            email_obj = EmailAddress.objects.get(email=email)
        except EmailAddress.DoesNotExist:
            return None
        user = email_obj.user
        person = models.Person.objects.get(user_account=user)
        saved_pw = person.one_time_password
        try:
            verify = pbkdf2_sha256.verify(one_time_password, saved_pw)
        except Exception as e:
            print(e)
            verify = False
        else:
            """reset the one time password"""
            person.one_time_password = ""
            person.save()
            return user
        return None

    def get_user(self, user_id):
        try:
            return User.objects.get(pk=user_id)
        except User.DoesNotExist:
            return None

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/69b91fa4-aca9-458e-9a83-d7b3d3ac35f7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to