Reputation: 839
Django Admin without Authentication
Is there a ready way to use the Django admin page without any form of authentication? I know I can use this method, but that was for Django 1.3. Are there any changes that would let me do this more easily in Django 1.6?
My main motivation for this is that I want to have as few database tables as possible, and I am using this only locally, so there is no need for any sort of authentication (I'm only ever running the server on localhost anyways).
Upvotes: 16
Views: 16677
Answers (6)
Reputation: 7555
Create a module auto_auth.py:
from django.contrib.auth.models import User
from django.utils.deprecation import MiddlewareMixin
class AutoAuthMiddleware(MiddlewareMixin):
def process_request(self, request):
request.user = User.objects.filter()[0]
Edit MIDDLEWARE in your settings.py:
- Remove
'django.contrib.auth.middleware.AuthenticationMiddleware' - Add
'auto_auth.AutoAuthMiddleware'
You can change User.objects.filter()[0] to something else if you want a particular user.
In response to your comment: yes. To run the Django admin without users at all, try this:
class User:
is_superuser = True
is_active = True
is_staff = True
id = 1
def return_true(*args, **kwargs):
return True
User.has_module_perms = return_true
User.has_perm = return_true
class AutoAuthMiddleware(MiddlewareMixin):
def process_request(self, request):
request.user = User()
And remove 'django.contrib.auth' from INSTALLED_APPS
But if you use any apps that depend on the auth app, you're going to have a bad time.
Upvotes: 14
Reputation: 9
For all using Django 3.0,
comment out this code AUTH_USER_MODEL = 'customUser' in your settings.py and create a superuser (python manage.py createsuperuser) with the default user model first.
After creating the superuser then uncomment this code AUTH_USER_MODEL = 'customUser'.
This happened to me and that's what I did with Django 3.0
You should be good to go. Hope it helps
Upvotes: -1
Reputation: 4671
Another Option allows access from anyone: get the first user to bypass authentication
# app/admin.py
from django.contrib.auth.models import User
anonymous_user = User.objects.all().first()
admin.site.has_permission = lambda r: setattr(r, 'user', anonymous_user) or True
Upvotes: 5
Reputation: 9267
For the newer versions of django >=2.1 you need to do something like this:
auto_auth.py
class User:
is_superuser = True
is_active = True
is_staff = True
id = 1
pk = 1
User.has_module_perms = True
User.has_perm = True
class Middleware(object):
def __init__(self, get_response):
self.response = get_response
def __call__(self, request):
request.user = User()
return self.response(request)
And also don't forget to modify your settings middleware and deactivate django.contrib.auth and add auto_auth
Upvotes: 0
Reputation: 321
The accepted answer adapted for Django version >= 1.10
/[yourapp]/middleware.py:
from django.contrib.auth.models import User
class AuthenticationMiddleware(object):
def __init__(self, get_response):
self.get_response = get_response
def __call__(self, request):
request.user = User.objects.filter()[0]
return self.get_response(request)
In [yourproject]/settings.py for the MIDDLEWARE list:
- Comment or remove:
'django.contrib.auth.middleware.AuthenticationMiddleware', - Append:
'[yourapp].middleware.AuthenticationMiddleware',
Probably obvious to most people but note that the solution still requires one user to exist. Create one manually python manage.py createsuperuser or automatically with a script:
- How to automate createsuperuser on django?
- Autocreate superuser with each schema django
- Create django super user in a docker container without inputting password
Upvotes: 7
Reputation: 309
The accepted answer is already super simple however after messing around with this I found that in recent versions of Django (since admin.site.has_permission became a thing... >= 1.8?) you can do it without middleware.
In your project's urls.py:
from django.contrib import admin
class AccessUser:
has_module_perms = has_perm = __getattr__ = lambda s,*a,**kw: True
admin.site.has_permission = lambda r: setattr(r, 'user', AccessUser()) or True
# Register the admin views or call admin.autodiscover()
urlpatterns = [
# Your url configs then...
url(r'^admin/', admin.site.urls),
]
If you have AccessUser extend User you can leave out the __getattr__ portion which is a hacky way to return something when user.pk or similar is called.
Upvotes: 19
Related Questions
- How to make Django admin site accessed by non-staff user?
- Django admin login
- Log in user without giving access to admin interface
- Login to Admin in Django
- Django app with logged in users
- Can the Admin UI be used without the user authenticating in Django 1.3?
- Admin login form django
- Django Admin Individual Access
- How does Django Admin Authentication work?
- Django Admin - Re-authentication?