Friday 13 August 2010 — This is 14 years old. Be careful.
I added an admin trapdoor login to a project the other day. This is the technique where a superuser can log in to a site as any other user. My preferred way to do this is to use the standard login form in a clever way: enter the desired user’s name as the username, and both your superuser name and superuser password into the password field.
But this project was modern enough that I could use a Django authentication backend to get the job done:
from django.contrib.auth import login, authenticate
from django.contrib.auth.models import User
# So I can invoked authenticate recursively below
django_authenticate = authenticate
class SuperuserLoginAuthenticationBackend(object):
""" Let superusers login as regular users. """
def authenticate(self, username=None, password=None):
try:
user = User.objects.get(username=username)
except User.DoesNotExist:
return None
# The password should be name/password
if "@" not in password:
return None
supername, superpass = password.split("@", 1)
superuser = django_authenticate(username=supername, password=superpass)
if superuser and superuser.is_superuser:
return user
def get_user(self, user_id):
try:
return User.objects.get(pk=user_id)
except User.DoesNotExist:
return None
Very nice.
Comments
Add a comment: