Hello all,
My question is basically can I see in my custom authorisation backend where the login credentials came from?
I have a custom authorisation ‘CustomBackend’, which added an additional “check if human” question to the login process
class CustomBackend(ModelBackend):
def authenticate(self, request, username=None, password=None, todayis=None, **kwargs):
and in settings.py
AUTHENTICATION_BACKENDS = [ 'users.backend.CustomBackend', ]
The users.urls.py
urlpatterns = [
path('login/', views.myloginview.as_view(), name='login'),
path('logout/', views.mylogoutview.as_view(), name='logout'),
]
and the project urls.py have
urlpatterns = [
path('users/', include('users.urls')),
path('admin/', admin.site.urls),
]
The user login part works great, you can login with username, password and the question code.
However the is_staf user can also login using the same user login route.
After that the is_staf is logged in, the is_staf user can go to the admin/ url and he/she is in the administration part of the website.
I don’t want that, I want users to login through users/login
and is_staf users to login through admin/login
Because both routes use the same custom backend my question is can I see where the credentials came from?
What I’m aiming for in pseudo code
def authenticate( ....... ):
if( origin_url == users/login && user == is_staf ):
access denied.
if( origin_url == admin/login && user != is_staf ):
access denied.
Could someone point me in the right direction as I have no clue where I should start looking.
Thanks.
Django Version: | 3.1.5 |
Python Version: | 3.9.1 |