Search Results

Search found 5330 results on 214 pages for 'django auth'.

Page 111/214 | < Previous Page | 107 108 109 110 111 112 113 114 115 116 117 118  | Next Page >

  • Enable basic auth sitewide and disabling it for subpages?

    - by piquadrat
    I have a relatively straight forward config: upstream appserver-1 { server unix:/var/www/example.com/app/tmp/gunicorn.sock fail_timeout=0; } server { listen 80; server_name example.com; location / { proxy_pass http://appserver-1; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; auth_basic "Restricted"; auth_basic_user_file /path/to/htpasswd; } location /api/ { auth_basic off; } } The goal is to use basic auth on the whole website, except on the /api/ subtree. While it does work with respect to basic auth, other directives like proxy_pass are not in effect on /api/ as well. Is it possible to just disable basic auth while retaining the other directives without copy&pasting everything?

    Read the article

  • Why does a browser dialog come up when an xmlhttprequest sends the wrong / no auth?

    - by Kyle
    How come the major browsers all bring up a login dialog when an xmlhttprequest does auth wrong or doesn't send it? I mean isn't this poor UI? Now a days it seems like a lot of people try http auth in jQuery, because theoretically it is quite easy - until the user fails to enter the correct data and is presented with the browsers dialog, which gets in their way, and they might have no idea what to do with it or why it's there? I don't know too much about these low level browser specifications but can someone bring this up with the RFC or webkit/gecko developers? jQuery digest auth could be powerful and user friendly if this was fixed. ** It seems like apache could also fix the problem on their side by not sending the header, but whichever one is the most secure way of doing this would be nice.

    Read the article

  • How can I exclude a file in a folder from basic auth (regex help)?

    - by simon180
    Hi I have a folder on my site which contains admin files and I've added basic auth following a little unwanted attention. This works fine however a couple of the admin functions won't work through basic auth as they handle file uploads and so I want to exclude these files from the auth. It shouldn't have any security implications as any rogue user wouldn't be able to access the pages that could create a session to use these functions. I am using the following basic code to exclude a file: <FilesMatch "(index.php\/myadminfolder\/myurl\/myaction/someotherstuff?)$"> Satisfy Any Order allow,deny Allow from all Deny from none </FilesMatch> The URL exclusion is not working. The URL to exclude is in the form: index.php/directory/subdirectory/action/uniqueid/blah What is the correct URL string to add to FilesMatch to exclude any files that start with the pattern of index.php/directory/subdirectory/action - regardless of what comes after action? Thanks Simon

    Read the article

  • zend framework 2 autentification using DbTable failure

    - by josepmra
    I have followed the zend instructions for implement my web Authentication using a database table. It's exactly the same code, but when render the page, the following exceptions appears: Zend\Authentication\Adapter\Exception\RuntimeException File: C:\xampp\htdocs\pfc\vendor\ZF2\library\Zend\Authentication\Adapter\DbTable.php Mensaje: The supplied parameters to DbTable failed to produce a valid sql statement, please check table and column names for validity. produced by this other: Zend\Db\Adapter\Exception\InvalidQueryException File: C:\xampp\htdocs\pfc\vendor\ZF2\library\Zend\Db\Adapter\Driver\Mysqli\Statement.php Mensaje: Statement couldn't be produced with sql: SELECT `users`.*, (CASE WHEN `password` = ? THEN 1 ELSE 0 END) AS `zend_auth_credential_match` FROM `users` WHERE `mail` = ? Seems to be that Statement.php can not execute the sql of above, but I send the sql by phpmyadmin replacing the ? for strings and work ok. I am sure that $dbAdapter works ok also because I have tested it and the columns name are "mail" and "password". This in my code, also I put the $dbAdapter test code. $dbAdapter = new DbAdapter(array( //This DbAdapter Work ok sure!! 'driver' => 'Mysqli', 'database' => 'securedraw', 'username' => 'root', 'password' => '' )); $fp = function($name) use ($dbAdapter) { return $dbAdapter->driver->formatParameterName($name);}; $sql = 'SELECT * FROM ' . $qi('users') . ' WHERE id = ' . $fp('id'); $statement = $dbAdapter->query($sql); $parameters = array('id' => 1); $sqlResult = $statement->execute($parameters); $row = $sqlResult->current(); $mail = $row['mail']; $password = $row['password']; //until here test $dbAdapter exitly!! //Start the auth proccess!! $authAdapter = new AuthDbTableAdapter($dbAdapter); $authAdapter->setTableName('users') ->setIdentityColumn('mail') ->setCredentialColumn('password'); $authAdapter->setIdentity('josep') ->setCredential('josep'); $authResult = $authAdapter->authenticate(); //This is the fail method!!!

    Read the article

  • How to layer if statements when order of logic is irrelevant?

    - by jimmyjimmy
    Basically I have a series of logic in my website that can lead to 5 total outcomes. Basically two different if tests and then a catch all else statement. For example: if cond1: if mod1: #do things elif mod2: #do things elif cond2: if mod1: #do things elif mod2 #do things else: #do things I was thinking about rewriting it like this: if cond1 and mod1: #do things elif cond1 and mod2: #do things elif cond2 and mod1: #do things elif cond2 and mod2: #do things else: #do things Is there any real difference in these two coding options/a better choice for this kind of logic testing?

    Read the article

  • How do I install OSQA with limited access to the server?

    - by Noir
    I would very much like to install OSQA on my host (provided/owned by my friend), but I can not make heads or tails of how I would go about doing it; a lot of the dependancies and such can't be installed with the current level of access (or most probably just knowledge) that I have. I can provide any further information required, and attempt to contact (friend) to see if he can do any of it for me, but I'm unsure as to how often I will be able to contact him. exec and shell_exec are not disabled on the server. If there are any other alternatives that I could use, please let me know! I tried Qwench but that was pretty buggy. I can usually deal with these kind of things, but this is my first foray into Python stuff!

    Read the article

  • tastypie posting and full example

    - by Justin M
    Is there a full tastypie django example site and setup available for download? I have been wrestling with wrapping my head around it all day. I have the following code. Basically, I have a POST form that is handled with ajax. When I click "submit" on my form and the ajax request runs, the call returns "POST http://192.168.1.110:8000/api/private/client_basic_info/ 404 (NOT FOUND)" I have the URL configured alright, I think. I can access http://192.168.1.110:8000/api/private/client_basic_info/?format=json just fine. Am I missing some settings or making some fundamental errors in my methods? My intent is that each user can fill out/modify one and only one "client basic information" form/model. a page: {% extends "layout-column-100.html" %} {% load uni_form_tags sekizai_tags %} {% block title %}Basic Information{% endblock %} {% block main_content %} {% addtoblock "js" %} <script language="JavaScript"> $(document).ready( function() { $('#client_basic_info_form').submit(function (e) { form = $(this) form.find('span.error-message, span.success-message').remove() form.find('.invalid').removeClass('invalid') form.find('input[type="submit"]').attr('disabled', 'disabled') e.preventDefault(); var values = {} $.each($(this).serializeArray(), function(i, field) { values[field.name] = field.value; }) $.ajax({ type: 'POST', contentType: 'application/json', data: JSON.stringify(values), dataType: 'json', processData: false, url: '/api/private/client_basic_info/', success: function(data, status, jqXHR) { form.find('input[type="submit"]') .after('<span class="success-message">Saved successfully!</span>') .removeAttr('disabled') }, error: function(jqXHR, textStatus, errorThrown) { console.log(jqXHR) console.log(textStatus) console.log(errorThrown) var errors = JSON.parse(jqXHR.responseText) for (field in errors) { var field_error = errors[field][0] $('#id_' + field).addClass('invalid') .after('<span class="error-message">'+ field_error +'</span>') } form.find('input[type="submit"]').removeAttr('disabled') } }) // end $.ajax() }) // end $('#client_basic_info_form').submit() }) // end $(document).ready() </script> {% endaddtoblock %} {% uni_form form form.helper %} {% endblock %} resources from residence.models import ClientBasicInfo from residence.forms.profiler import ClientBasicInfoForm from tastypie import fields from tastypie.resources import ModelResource from tastypie.authentication import BasicAuthentication from tastypie.authorization import DjangoAuthorization, Authorization from tastypie.validation import FormValidation from tastypie.resources import ModelResource, ALL, ALL_WITH_RELATIONS from django.core.urlresolvers import reverse from django.contrib.auth.models import User class UserResource(ModelResource): class Meta: queryset = User.objects.all() resource_name = 'user' fields = ['username'] filtering = { 'username': ALL, } include_resource_uri = False authentication = BasicAuthentication() authorization = DjangoAuthorization() def dehydrate(self, bundle): forms_incomplete = [] if ClientBasicInfo.objects.filter(user=bundle.request.user).count() < 1: forms_incomplete.append({'name': 'Basic Information', 'url': reverse('client_basic_info')}) bundle.data['forms_incomplete'] = forms_incomplete return bundle class ClientBasicInfoResource(ModelResource): user = fields.ForeignKey(UserResource, 'user') class Meta: authentication = BasicAuthentication() authorization = DjangoAuthorization() include_resource_uri = False queryset = ClientBasicInfo.objects.all() resource_name = 'client_basic_info' validation = FormValidation(form_class=ClientBasicInfoForm) list_allowed_methods = ['get', 'post', ] detail_allowed_methods = ['get', 'post', 'put', 'delete'] Edit: My resources file is now: from residence.models import ClientBasicInfo from residence.forms.profiler import ClientBasicInfoForm from tastypie import fields from tastypie.resources import ModelResource from tastypie.authentication import BasicAuthentication from tastypie.authorization import DjangoAuthorization, Authorization from tastypie.validation import FormValidation from tastypie.resources import ModelResource, ALL, ALL_WITH_RELATIONS from django.core.urlresolvers import reverse from django.contrib.auth.models import User class UserResource(ModelResource): class Meta: queryset = User.objects.all() resource_name = 'user' fields = ['username'] filtering = { 'username': ALL, } include_resource_uri = False authentication = BasicAuthentication() authorization = DjangoAuthorization() #def apply_authorization_limits(self, request, object_list): # return object_list.filter(username=request.user) def dehydrate(self, bundle): forms_incomplete = [] if ClientBasicInfo.objects.filter(user=bundle.request.user).count() < 1: forms_incomplete.append({'name': 'Basic Information', 'url': reverse('client_basic_info')}) bundle.data['forms_incomplete'] = forms_incomplete return bundle class ClientBasicInfoResource(ModelResource): # user = fields.ForeignKey(UserResource, 'user') class Meta: authentication = BasicAuthentication() authorization = DjangoAuthorization() include_resource_uri = False queryset = ClientBasicInfo.objects.all() resource_name = 'client_basic_info' validation = FormValidation(form_class=ClientBasicInfoForm) #list_allowed_methods = ['get', 'post', ] #detail_allowed_methods = ['get', 'post', 'put', 'delete'] def apply_authorization_limits(self, request, object_list): return object_list.filter(user=request.user) I made the user field of the ClientBasicInfo nullable and the POST seems to work. I want to try updating the entry now. Would that just be appending the pk to the ajax url? For example /api/private/client_basic_info/21/? When I submit that form I get a 501 NOT IMPLEMENTED message. What exactly haven't I implemented? I am subclassing ModelResource, which should have all the ORM-related functions implemented according to the docs.

    Read the article

  • How do common web frameworks (Django, Rails, Symfony, etc) handle multiple instances of the same plu

    - by Steven Wei
    Do any of the popular web frameworks solve this problem well? Here's an example: suppose you're running one of these web frameworks and you want to install a blog plugin. Except instead of a single blog, you need to run two separate instances of the blog plugin, and you want to keep them segregated. Or say you want to install multiple instances of a user authentication plugin, because you want to segregate your administrative users from your customer user accounts. Or say you want to install multiple instances of a wiki plugin for different parts of your site, or multiple instances of a comments plugin, or whatever else. It seems to me that at the basic level, each instance of plugin would need to be able to configured with a different set of database tables, and would need to be 'installed' at a different URL path. My experience is mostly with Django and Symfony, and I haven't seen a clean solution to this problem in either of them. They both tend to assume that each plugin (or app, in Django's case) is only ever going to be installed once. I'm curious if the Rails folks have figured out a clean solution to this problem, or any other framework authors (in any language). And if you were going to design a solution to this problem, what would it look like?

    Read the article

  • is there a signal emiter/consumer engine (like in Django) for .NET (C#)

    - by user118657
    Has .NET (C#) anything like Django's Signals engine? Our business logic become really complicated over few years of adding new features. I'm going to re-architecture it. Currently all features are very coupled that makes regression errors while changing something one one place - some other place may be broken. I really like Django's apps idea where separate applications introduce new functionality and are absolutely separate. Communication between apps is implemented though signals. I wounder if there is something in .NET that allows to divide project business to many separated "apps" (plug-ins, zones, modules, you name it) and make communication using some kind of "signals". For example we have simple order flow. We can add "coupon app" that if exists in the project adds abilities to use discount coupon. We can add "cross sale" module that if exists adds abilities to offer cross-sale products Email notification module that if exists adds abilities to send order email notifications. But in the same time all this modules are "self-contained" means that communication between them is done using emitting signals (ORDER_PROCCESS_START, ORDER_SUCCESS, etcs) and other modules can subscribe to this signals and process them in required way. This architecture is not related to web, all business logic is processed on the server side like without working with HTTP directly. I wonder if it's good architecture from code maintaining and testing point of few, is it possible to do this in .NET? Any drawbacks that I don't realize now?

    Read the article

  • How should I configure my Apache Hosts File to serve a different site for localhost than for my domain/publicip?

    - by rofls
    I'm trying to test out a LAMP (with PHP5 specifically) setup with Django already serving a website. I want to do the PHP stuff on localhost for now, so that when I do something like this: curl http://localhost/database/script.php?var=1, I get a response from the php server. Right now I'm getting a Django error. I tried something like this in the default file in sites-available: Listen 80 <VirtualHost aaa.bbb.ccc.ddd> ServerName localhost DocumentRoot /home/phpsite </VirtualHost> where aaa.bbb.ccc.ddd is the local ip address, and changing my actual site's settings to specify the public ip, like this: Listen 80 <VirtualHost www.xxx.yyy.zzz> ServerName mysite.com DocumentRoot /srv/www/mysite WSGIScriptAlias / /srv/www/mysite.wsgi </VirtualHost> but then I start getting all kinds of errors when I start apache, such as port ::[80] is already in use or something. I noticed that the hosts file that's located in /etc/apache2/ is apparently pointing everything to mysite.com, including my local ip as well as 127.0.0.1 and 127.0.1.1; Do I need to change the configuration there too?

    Read the article

  • How to return email address when auth an OpenID?

    - by onlyloveone
    Hi, I'm trying to build a login form using OpenID Auth. I'm using sample code from: http://openidenabled.com/php-openid/ But I only get user's email address when auth with account on myopenid.com I want get returned email when auth link "google.com/accounts/o8/id" How can I do? Thank you very much.

    Read the article

  • Authentication and Login on 2 website

    - by xRobot
    Hi at all, I have 2 site: example.com and exampletwo.com I want that when a user login on example.com then he is automatically authenticated also on exampletwo.com How can I do that ? I use Django + Nginx on first website and Tornado framework + Tornado server on second website. Thanks ;) . P.S. If you don't know this platforms ( Django or Tornado or Nginx ), I accept also a solution for a generic PHP+Apache platform and then I will do some research :)

    Read the article

  • Equivalent to Bash Alias in Powershell

    - by RightFullRudder
    Hi there, a newbie powershell question: I'd like to make an alias in powershell exactly equivalent to this Bash alias: alias django-admin-jy="jython /path/to/jython-dev/dist/bin/django-admin.py" In tinkering with it so far, I've found this to be very difficult. -Powershell Aliases only work with Powershell commands + function calls -No clear way to allow for an unlimited number of args on a powershell function call -Powershell seems to block stdout

    Read the article

  • Passing local variables to Erlydtl block

    - by Justin
    Hi, I've got a block of erlydtl code which I use repeatedly and would like to abstract to some kind of block / partial template. The issue is that I need to pass the block a local variable. This is possible with Rails partial templates; it looks like it's possible with Django's blocks [albeit with some kind of Python hackery]; I'm wondering if it's possible with Erlydtl [Erlang implementation of Django templates] Ideas ? Thanks you.

    Read the article

  • agility of asp.net MVC

    - by Hellnar
    Hello I am wondering how agile (fast to develop yet stable) asp.net MVC compared to frameworks using dynamic languages such as Django or Ruby on Rails. I will be happy if you share you experiance in the name of development speed (assuming each language/framework is known at a similar level) Things I love about Django Fast model design thanks to ORM Good template system Not too hard to deploy Easy to extend Lots of free apps to plugin and great documentation Thanks

    Read the article

  • How can I conditionally only log something if it's a certain Class?

    - by BryanWheelock
    Something like this: if self.class == "User": logging.debug("%s non_pks were found" % (str(len(non_pks))) ) In [2]: user = User.objects.get(pk=1) In [3]: user.class Out[3]: In [4]: if user.class == 'django.contrib.auth.models.User': print "yes" ...: In [5]: user.class == 'django.contrib.auth.models.User' Out[5]: False In [6]: user.class == 'User' Out[6]: False In [7]: user.class == "" Out[7]: False

    Read the article

  • mod_wsgi daemon mode vs threaded fastcgi

    - by t0ster
    Can someone explain the difference between apache mod_wsgi in daemon mode and django fastcgi in threaded mode. They both use threads for concurrency I think. Supposing that I'm using nginx as front end to apache mod_wsgi. UPDATE: I'm comparing django built in fastcgi(./manage.py method=threaded maxchildren=15) and mod_wsgi in 'daemon' mode(WSGIDaemonProcess example threads=15). They both use threads and acquire GIL, am I right?

    Read the article

  • Creating form object for variable kind of form.

    - by Bunny Rabbit
    i want to create a form for users to submit questions in django ..so far the models i have created are class Question(models.Model): statement=models.CharField(max_length=100) class Choice(models.Model): statement=models.CharField(max_length=100) value=models.IntegerField() question=models.ForeignKey(Question) Now i want to write a Form class for creating a above form but the problem is the number of choices are variable,a user can decide how many choices a question must have .How do i do that in django?

    Read the article

  • Combine Related Resources With TastyPie

    - by Aaron Ng
    How can I combine multiple Resources in TastyPie? I have 3 models I'd like to combine: users, profiles and posts. Ideally I'd like profiles nested within user. I'm not sure where to go from here. class UserResource(ModelResource): class Meta: queryset = User.objects.all() resource_name = 'user' fields = ['username','id','date_joined'] #Improper Auth authorization = Authorization() class UserProfileResource(ModelResource): class Meta: queryset = UserProfile.objects.all() resource_name = 'profile' class UserPostResource(ModelResource): user = fields.ForeignKey(UserResource,'user', full=True) class Meta: queryset = UserPost.objects.all() resource_name = 'userpost' #Improper Auth authorization = Authorization()

    Read the article

  • How can I make list or set translatable using gettext?

    - by Thomas
    I have some structure in Python: gender=( ('0','woman'), ('1','man') ) I want translate it before I will display it in Django template. Unfortunatelly below sollution don't work: from django.utils.translation import ugettext_lazy as _ gender=( ('0',('woman')), ('1',('man')) ) What I must do to translate this. I readed something in: link text but I can't understand what I should do.

    Read the article

  • Default tablespace for indexes in postgres

    - by tom
    Just wondering if its possible to set a default tablespace in postgres to keep indexes. Would like the databases to live on the default tablespace for postgres, however, would like to get the indexes on a different set of disks just to keep the i/o traffic separated. It does not appear to me that it can be done without going in and doing an ALTER index TABLESPACE command, and then the index is moved and will stay there, but the databases and indexes are part of a django app, so non-django intervention can cause some problems.

    Read the article

< Previous Page | 107 108 109 110 111 112 113 114 115 116 117 118  | Next Page >