I am not sure that this question has to do with django itself,
if not please forgive me, and ignore this posting.
I am porting to django a PHP site for a scientific organization,
the site serves a number of database tables, one of which contains
a list with usernames allowed to use the site.
This table is maintained (added to, deleted from) via a periodic cronjob,
which reads from the organization-wide LDAP server,
pruning out those (legitimate) organization members that have no business
with the site.
The site is accessible only via a port 443, and the first thing
a user sees upon entering the link in h** browser is a rather anodyne
box requesting a username and password, issued (I guess)
from apache itself. This (call it step 1) lets thru any (but only) organization member.
Next, the site’s settings contain:
AUTHENTICATION_BACKENDS = [
"django.contrib.auth.backends.ModelBackend",
"django_auth_ldap.backend.LDAPBackend",
]
and all its views are decorated with
from django.contrib.auth.mixins import LoginRequiredMixin
from django.contrib.auth.decorators import login_required
@login_required
def home(request):
etc.etc.
return HttpResponse(template.render(context, request))
The decorator (call it step 2) shows a second form, more fanciful,
where the user enters exactly the same information entered already in step 1,
contacting exactly the same LDAP server, and users find this annoying.
My problem is, that only after step 2 I know the (LDAP-certfied) user’s username,
from request.user.username, and only then I can check “is this authenticated user
also a legitimate user of my site”, by looking up in my table this username.
In other words, I do not know how to get from step 1 the username: If I knew that,
I could scrap step 2 from the workflow. This problem was not present in the PHP site
because there the user’s username from step 1 did appear in a corner of the SESSION dictionary.
And, for security reason, I can not scrap step 1 and serve the site from port 80,
this would let every guy in the world with a browser up to the decorators
(although, presumably, not beyond).
I’ll be grateful for, and learn from, every suggestion or idea, usable or not.