Skip to main content
Join the official 2020 Python Developers SurveyStart the survey!

Override current user based on subdomain

Project description

django-host-user-override

Overrides current user based on host prefix. For example any request to 5.user.example.com (format can be changed in settings) becomes request as if you were logged in as user with ID 5. This allows you to be logged in as different users in different tabs at the same time without losing your primary authenticated user.

Works only if you're logged in as superuser by default (can be changed in settings).

Also gives you big red banner on top of every page if your user is overridden.

Requirements

  • Your DNS server should resolve subdomains *.user.<your domain> to the same IP address as main domain.
  • Your project should not use absolute link generation or any other technic that can change current subdomain. It is a more inconvenience than requirement though.

Installing django-host-user-override

  1. Install the package from PyPI: pip install django-host-user-override

  2. Add host_user_override to INSTALLED_APPS:

INSTALLED_APPS = [
   ...,
   'host_user_override',
   ...,
]
  1. Add HostUserOverrideMiddleware right after AuthenticationMiddleware:
MIDDLEWARE = [
   ...,
   'django.contrib.auth.middleware.AuthenticationMiddleware',
   'host_user_override.middleware.HostUserOverrideMiddleware',
   ...,
]
  1. Update your settings.py file to support subdomains (don't forget about DNS as well):
ALLOWED_HOSTS = ['.example.com']

SESSION_COOKIE_DOMAIN = '.example.com'
  1. Set new change_form.html template in UserAdmin:
admin.site.unregister(User)

@admin.register(User)
class CustomUserAdmin(UserAdmin):
    change_form_template = 'host_user_override/change_form.html'

Optional settings

  1. Update settings.py if you want host pattern other than <id>.user.<domain>. Example for u<id>.<domain>:
HOSTUSEROVERRIDE_HOST_REGEXP = r'u(\d+)\..+'

HOSTUSEROVERRIDE_HOST_SUB_REGEXP = r'u\d+\.'

HOSTUSEROVERRIDE_REDIRECT_URL_FORMAT = 'http://u{user_id}.{host}/'

HOSTUSEROVERRIDE_PERMANENT_REDIRECT = False
  1. Set HOSTUSEROVERRIDE_PERMISSION_CHECK to customize required permissions. Should be function that takes 2 positional arguments: current user and desired user.

  2. Set HOSTUSEROVERRIDE_FORCE_ACTIVE to force overriden user to be active even when he is actually disabled.

Usage

Open any non-superuser in Django Admin and press 'Login as multiuser' button.

License

This project is licensed under the MIT License - see the LICENSE file for details.

Acknowledgments

  • Props to django-debug-toolbar team for HTML injection code
  • Thanks to @dimoha for original idea

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for django-host-user-override, version 0.4.5
Filename, size File type Python version Upload date Hashes
Filename, size django_host_user_override-0.4.5-py2.py3-none-any.whl (11.1 kB) File type Wheel Python version py2.py3 Upload date Hashes View

Supported by

Pingdom Pingdom Monitoring Google Google Object Storage and Download Analytics Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page