In Django, after a login how can I detect which auth backend authenticated the user?
Question
I'm trying to distinguish between a couple of Django authentication backends (which are external packages and I preferably don't want to modify them) in my views. django.contrib.auth docs says auth backends ( settings.AUTHENTICATION_BACKENDS ) will be tried in order and the first that does authenticate, will return and set request.user and if any raises an exception, authentication is refused. But it does not say how can I distinguish between requests depending on which backend has authenticated the user.
Is this possible? and how?
1 answers
solution1
7 ACCPTED 2017-09-18 08:08:08
As explained in Django docs for authentication backends settings :
Once a user has authenticated, Django stores which backend was used to authenticate the user in the user's session, and re-uses the same backend for the duration of that session whenever access to the currently authenticated user is needed. This effectively means that authentication sources are cached on a per-session basis
Actually, this information is stored when function login(request, user, backend=None) is used (see django.contrib.auth.__init__.py ). After user has been authenticated, following session information are stored:
SESSION_KEY = '_auth_user_id'
BACKEND_SESSION_KEY = '_auth_user_backend'
HASH_SESSION_KEY = '_auth_user_hash'
# [...]
request.session[SESSION_KEY] = user._meta.pk.value_to_string(user)
request.session[BACKEND_SESSION_KEY] = backend
request.session[HASH_SESSION_KEY] = session_auth_hash
So, you should check current request's session for key BACKEND_SESSION_KEY to find the backend used to authenticate user.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.