Authenticate against Drupal users database table from Django application

Question

I'm working with:

A) A large Drupal 7.23 application running at https://sitename.com using a MySQL database with thousands of users, around 30 of which are Staff.

B) A small Django 1.3.7 application running at http://dj.sitename.com using a PostgreSQL database with few (only the Drupal app's staff) users, who need to be able to login to this Django app using their existing Drupal credentials .

The workflow would be something like this:

1. Staff users are manually created with identical usernames in each of the applications.

2. A staff user goes to dj.sitename.com and inputs the same username and password of their account that was created at sitename.com, and clicks submit. Django checks the username and password against the users table in the Drupal MySQL database and compares it with the details in the Django users table. If they match, the user is logged in.

3. When a staff user is already logged into the Drupal app and visits the Django app at dj.sitename.com, they are automatically logged in, and vice-versa.

4. When a staff user logs out from the Django app, they are logged out from Drupal, too, and vice-versa.

5. When a user changes their password in either Drupal or Django applications, it is automatically changed in both systems.

What is the simplest way to accomplish this?

Answer 1

You can use the Services module to expose Drupal user login as a HTTP service, which can then be used by your custom Django authentication backend. On successful login, the service will return you the Drupal user object. This object include the roles of the user, so you can use it to validate of the user has access to your application.

Answer 2

I had a similar request and I've detailed my solution in this howto . Both Drupal and Django run on the same server so I can use both TCP to share data between the two platforms and drush to do Drupal operations in Django.

Every login/logout has two steps:

• Login: Django login -> (auto) Drupal login
• Logout: Drupal logout -> (auto) Django logout

The turn point in the analysis of mine was to generate and use the one-time login after the Django login using Drush . Then, I use that generated url as a destination url of a login success in Django and alter or suppressing the password recovery message to avoid one more click.

from subprocess import check_output
output = check_output(["drush", "-r", settings.DRUPAL_SITE_PATH, "-l", settings.DRUPAL_SITE_NAME, "user-login", drupal_id])

Where drupal_id is the drupal uid of the just logged in django user. I have to keep a field for drupal uid in the django database. Via Drush you can even create an user when it's the first time you login successfully.

To logout you have to logout from Drupal and then logout from Django. You can do it via Rules , calling a django logout path after the event User has logged out is triggered.

Answer 3

What you're describing is single sign-on. You can look into phpSimpleSAML and enable SAML on both Drupal and your Django based app. Drupal has a module available here: https://drupal.org/project/simplesamlphp_auth

I'm guessing some type of SAML module/plugin exists for Django already.