My question is basically can I see in my custom authorisation backend where the login credentials came from?
I have a custom authorisation ‘CustomBackend’, which added an additional “check if human” question to the login process
class CustomBackend(ModelBackend): def authenticate(self, request, username=None, password=None, todayis=None, **kwargs):
and in settings.py
AUTHENTICATION_BACKENDS = [ 'users.backend.CustomBackend', ]
urlpatterns = [ path('login/', views.myloginview.as_view(), name='login'), path('logout/', views.mylogoutview.as_view(), name='logout'), ]
and the project urls.py have
urlpatterns = [ path('users/', include('users.urls')), path('admin/', admin.site.urls), ]
The user login part works great, you can login with username, password and the question code.
However the is_staf user can also login using the same user login route.
After that the is_staf is logged in, the is_staf user can go to the admin/ url and he/she is in the administration part of the website.
I don’t want that, I want users to login through
users/login and is_staf users to login through
Because both routes use the same custom backend my question is can I see where the credentials came from?
What I’m aiming for in pseudo code
def authenticate( ....... ): if( origin_url == users/login && user == is_staf ): access denied. if( origin_url == admin/login && user != is_staf ): access denied.
Could someone point me in the right direction as I have no clue where I should start looking.