Hi, First of all Sorry for the late reply😉

Okay👌 let's go...

It is generally not recommended to authenticate auto-generated users
directly from inspect_db without proper user model fields and permissions.
Here's why:

   -

   Security Concerns:
   - AbstractBaseUser and PermissionsMixin provide essential
      functionalities for user authentication and authorization. They
      handle password hashing, permissions management, and other security
      aspects. Bypassing these models might lead to vulnerabilities like
      storing passwords in plain text or granting unauthorized access.
   -

   Maintainability Issues:
   - Using inspect_db creates a tight coupling between your authentication
      logic and the specific database schema. This makes it difficult to
      modify the user model or switch databases in the future.

Here are some alternative approaches to consider:

   1.

   Migrate User Model Fields:
   - Gradually migrate your existing user model to include the necessary
      fields from AbstractBaseUser and PermissionsMixin. This ensures
      proper authentication and authorization mechanisms.
   2.

   Custom User Model:
   - Create a custom user model that inherits from AbstractBaseUser and
      includes any additional fields you need. This provides a more secure
      and maintainable approach.
   3.

   Alternative Authentication Methods:
   - Depending on your application's requirements, you might explore
      alternative authentication methods like API keys, tokens, or social
      logins. These can be suitable for non-human users or specific use
      cases.

While it might be technically possible to authenticate through inspect_db,
it's strongly advised against it due to the security and maintainability
drawbacks. Consider the alternative approaches mentioned above for a more
secure and robust solution.

On Wed, May 29, 2024, 3:06 AM utibe solomon <utibesolom...@gmail.com> wrote:

> Hey bro is it possible to authenticate an auto generated user from
> inspect_db without necessarily having to migrate fields that come with
> using abstractbaseuser and permissions mixin
>
>
> On Tue, 28 May 2024 at 20:39, Mike Schem <mike.sc...@stringking.com>
> wrote:
>
>> Hey Faisal,
>>
>> Thanks for taking the time to read the PR and provide some feedback. I
>> copied all of your concerns here and responded to them accordingly. Please
>> let me know if you have any further questions!
>>
>> 1.
>> Have you considered including a section in the Django admin documentation
>> that outlines the new shortcuts and how to use them?
>>
>> Yes, I absolutely will document this, I was thinking about adding it to
>> the "Other Topics" section here:
>> https://docs.djangoproject.com/en/5.0/ref/contrib/admin/#other-topics.
>> What do you think?
>>
>> 2.
>>  Are the keyboard shortcuts configurable?
>>
>> Not yet, but I would be open to doing this as a future PR.
>>
>> 3.
>> Have you tested the keyboard shortcuts across different browsers and
>> operating systems to ensure consistent behavior?
>>
>>  Any specific browsers or versions where you faced issues?
>>
>> Yes, we've tested on pretty much all major OSs and browsers and have seen
>> consistent behavior.  I've been running this in my company for over a year
>> now. It's been great!
>>
>> 4.
>> What considerations have been made regarding accessibility?
>>
>> I'd say this is largely an accessibility feature since it would allow for
>> the visually impaired to save without needing to see the save buttons,
>> which is great!
>>
>> 5.
>> How does the implementation handle potential conflicts with existing
>> browser or system shortcuts?
>>
>> There is an existing ctrl + S for saving browser pages as HTML, frakely,
>> I don't think that should be the default for users. When saving the page,
>> the action should not be to save it as html, but instead save the content
>> of the admin.
>>
>> 6.
>> Have you noticed any performance impacts with the addition of these
>> shortcuts? Ensuring that the admin interface remains performant is
>> important for all users.
>>
>> No, no performance issues. It's a very simple code change without much
>> impact.
>>
>> On Sat, May 25, 2024 at 7:25 AM Faisal Mahmood <
>> faisalbhagri2...@gmail.com> wrote:
>>
>>> Hi *Mike Schem,
>>>
>>> Thank you for reaching out and for your work on adding keyboard
>>> shortcuts to the Django admin. This is a valuable feature that can greatly
>>> enhance productivity for many users. We appreciate your contribution and
>>> the effort you've put into this PR.
>>>
>>> We have reviewed your pull request and are excited about its potential.
>>> Here are some thoughts and questions we have:
>>>
>>> 1.
>>> Have you considered including a section in the Django admin
>>> documentation that outlines the new shortcuts and how to use them?
>>>
>>> 2.
>>>  Are the keyboard shortcuts configurable?
>>>
>>> 3.
>>> Have you tested the keyboard shortcuts across different browsers and
>>> operating systems to ensure consistent behavior?
>>>
>>>  Any specific browsers or versions where you faced issues?
>>>
>>> 4.
>>> What considerations have been made regarding accessibility?
>>>
>>> 5.
>>> How does the implementation handle potential conflicts with existing
>>> browser or system shortcuts?
>>>
>>> 6.
>>> Have you noticed any performance impacts with the addition of these
>>> shortcuts? Ensuring that the admin interface remains performant is
>>> important for all users.
>>>
>>> We believe these questions can help further refine the feature and
>>> ensure it meets the needs of the wider Django community. Once again, thank
>>> you for your contribution. We look forward to your responses and further
>>> discussion.
>>>
>>> Best regards,
>>> [Faisal Mahmood]
>>>
>>> On Fri, May 24, 2024, 10:32 PM Mike Schem <mike.sc...@stringking.com>
>>> wrote:
>>>
>>>> Hey all,
>>>>
>>>> I’m seeking some support and feedback on my PR. I’ve added keyboard
>>>> shortcuts to the Django admin for the save actions. We use it at my
>>>> company, and it’s pretty helpful for power users. I’d love to hear what the
>>>> community thinks.
>>>>
>>>> https://github.com/django/django/pull/17599
>>>>
>>>>
>>>> Mike Schem
>>>> Senior Software Engineer
>>>> String King Lacrosse, LLC
>>>> StringKing, Inc.
>>>> 19100 South Vermont Avenue
>>>> <https://www.google.com/maps/search/19100+South+Vermont+Avenue+Gardena,+CA%C2%A0+90248?entry=gmail&source=g>
>>>> Gardena, CA  90248
>>>> <https://www.google.com/maps/search/19100+South+Vermont+Avenue+Gardena,+CA%C2%A0+90248?entry=gmail&source=g>
>>>> 310-699-7175 Mobile
>>>>
>>>> m...@stringking.com <m...@stringkinglacrosse.com>
>>>> StringKing.com <http://stringkinglacrosse.com/> | uSTRING.com
>>>> <http://ustring.com/>
>>>>
>>>> --
>>>> You received this message because you are subscribed to the Google
>>>> Groups "Django users" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to django-users+unsubscr...@googlegroups.com.
>>>> To view this discussion on the web visit
>>>> https://groups.google.com/d/msgid/django-users/CALUzFO1GyhQct422sU6WDRC3ksYf-qg8qgtR%2BwXGOwrjWDn2_A%40mail.gmail.com
>>>> <https://groups.google.com/d/msgid/django-users/CALUzFO1GyhQct422sU6WDRC3ksYf-qg8qgtR%2BwXGOwrjWDn2_A%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>>> .
>>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Django users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to django-users+unsubscr...@googlegroups.com.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/django-users/CAP3eejy%3DHWk82qHU5uNaWAYDTRC1-N1A9fUVkc%2B_avj5FmUYQA%40mail.gmail.com
>>> <https://groups.google.com/d/msgid/django-users/CAP3eejy%3DHWk82qHU5uNaWAYDTRC1-N1A9fUVkc%2B_avj5FmUYQA%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>> .
>>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Django users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to django-users+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/django-users/CALUzFO2RUz_smUPtoCfE_TQq-qK2L_b_ebbX1Y2L234LmiFj_Q%40mail.gmail.com
>> <https://groups.google.com/d/msgid/django-users/CALUzFO2RUz_smUPtoCfE_TQq-qK2L_b_ebbX1Y2L234LmiFj_Q%40mail.gmail.com?utm_medium=email&utm_source=footer>
>> .
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-users/CAJkiqy79rnh9aDo7TLj29HN3XjMjfTb%3Dwh20CBOzUrhegb%3D8Tg%40mail.gmail.com
> <https://groups.google.com/d/msgid/django-users/CAJkiqy79rnh9aDo7TLj29HN3XjMjfTb%3Dwh20CBOzUrhegb%3D8Tg%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/CAP3eejzk--BKW8G9g62z5RH56%2Bwym8wWT487Yi%2BxyT2YifeuFg%40mail.gmail.com.

Reply via email to