django user auth without typing password

Question

I want a feature workflows as follows:

1) user login from web page ( typing user name/password),and auth success, then we can got user's password from database(not from web page), we will use it later.

2) user confirm start a small bot service that provide by us, once user confirm that, then the service will execute and callback 3) since the bot service is another independent app, so it have to use user account callback login action (auth) and record information under the user account.

my question is, while I use the user's account login in bot service app, it failed, since the password has been hash.

is there any way solve this issue ?

I trace django source code ,

djanofrom django.contrib import auth

auth.login(request,authenticate)

seem no other way solve this issue unless modify the source code, I meaning add new function in framework? but obviously, it is not best idea

anyone give tips on this issue, thanks

Answer 1

You should write a custom auth backend.

https://docs.djangoproject.com/en/1.8/topics/auth/customizing/#writing-an-authentication-backend

from django.contrib.auth.backends import ModelBackend
from django.contrib.auth.models import User

class PasswordlessAuthBackend(ModelBackend):
    def authenticate(self, username=None):
        try:
            return User.objects.get(username=username)
        except User.DoesNotExist:
            return None

    def get_user(self, user_id):
        try:
            return User.objects.get(pk=user_id)
        except User.DoesNotExist:
            return None

then add this to your settings.py

AUTHENTICATION_BACKENDS = (
    # ... your other backends
    'yourapp.auth_backend.PasswordlessAuthBackend',
)

after that you can login in your views with

user = authenticate(username=user.username)
login(request, user)