Security News
Weekly Downloads Now Available in npm Package Search Results
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
django-socialprofile
Advanced tools
django-socialprofile enables users to manage their user profile built by logging in via a social service such as Google, Twitter, or Facebook. It relies on python-socialauth.
.. image:: https://badge.fury.io/py/django-socialprofile.svg :target: http://badge.fury.io/py/django-socialprofile :alt: PyPi Package Version
.. image:: https://travis-ci.org/cyface/django-socialprofile.svg?branch=master :target: https://travis-ci.org/cyface/django-socialprofile :alt: Travis Build Status
.. image:: https://coveralls.io/repos/cyface/django-socialprofile/badge.png?branch=master :target: https://coveralls.io/r/cyface/django-socialprofile?branch=master :alt: Coveralls Code Coverage
.. image:: https://scrutinizer-ci.com/g/cyface/django-socialprofile/badges/quality-score.png?b=master :target: https://scrutinizer-ci.com/g/cyface/django-socialprofile/?branch=master) :alt: Scrutinizer Code Quality
.. image:: https://readthedocs.org/projects/django-socialprofile/badge/?version=latest :target: http://django-socialprofile.readthedocs.org/en/latest/?badge=latest :alt: Documentation Status
Django Social Profile gives you an out-of-the-box way to let users create an account in your application using Google, Twitter, or Facebook authentication.
Users can edit their profile, view other users' profiles, and add multiple types of auth to the same profile.
Django Social Profile relies on omab's excellent python-socialauth <https://github.com/omab/django-social-auth>
_ to do
the actual authentication with the backend providers. If you are just looking for the authentication piece, as opposed
to the UI for customers to use, that module will be all you need. If you are willing to spend a bit of time with the UI,
you can integrate any of the backends that python-socialauth provides (which is extensive).
.. contents:: Table of Contents
This module is meant to be as quick to integrate as possible, and thus extensive customization will likely benefit from a fork. That said, a number of options are available.
The idea is to let you have a working system for letting users create profiles with social auth, edit them, delete them, and merge them, out of the box.
All the underlying bits to make this work come with python-socialauth, this project just pulls them together with a UI.
Dependencies that must be meet to use the application:
Django 1.9: <https://www.djangoproject.com/>
_
python-social-auth: <https://github.com/omab/python-social-auth>
_
python-openid <http://pypi.python.org/pypi/python-openid/>
_
oauth2 <http://pypi.python.org/pypi/oauth2>
_
You will need API Keys from Google, Facebook, and Twitter.
From pypi <https://pypi.python.org>
_::
$ pip install django-socialprofile
or::
$ easy_install django-socialprofile
or clone from github <http://github.com>
_::
$ git clone git://github.com/cyface/django-socialprofile.git
and add django-socialprofile to the PYTHONPATH
::
$ export PYTHONPATH=$PYTHONPATH:$(pwd)/django-socialprofile/
or::
$ cd django-socialprofile
$ sudo python setup.py install
The socialprofile_demo app is included to quickly let you see how to get a working installation going.
The demo is built as a mobile app using jQueryMobile <http://jquerymobile.com/>
_ loaded from the jQuery CDN.
Take a look at the requirements.txt
file in the socialprofile_demo
directory for a quick way to use pip to install
all the needed dependencies::
$ pip install -r requirements.txt
The settings.py
, and settings_local_template.py
files have a working configuration you can crib from.
You'll need to copy settings_local_template.py
as settings_local.py
and fill in your API keys.
The templates in the socialprofile/templates
and socialprofile_demo/templates
directories
give you a good idea of the kinds of things you will need to do if you want to provide a custom interface.
Configuration is minimal for socialprofile itself, more config is needed for python-socialauth
. A quick guide to a basic setup
is below, take a look at the demo app for more details.
Add social_auth and socialprofile to installed applications::
INSTALLED_APPS = (
...
'social.apps.django_app.default',
'socialprofile',
)
In your urls.py, you need to pull in the socialprofile urls::
# Social Profiles
url(r'^socialprofile/', include('socialprofile.urls')),
The python-socialauth
urls get pulled in by socialprofile as /socialprofile/socialauth/
.
All of the configuration for python-socialauth
applies to this module, although the supplied templates only cover
Google, Facebook, and Twitter. python-socialauth
can handle a huge number of backends, you can customize as needed.
Setup your backends::
AUTHENTICATION_BACKENDS = ( 'django.contrib.auth.backends.ModelBackend', # Leave Enabled for Admin Access 'social.backends.twitter.TwitterOAuth', 'social.backends.facebook.Facebook2OAuth2', 'social.backends.google.GoogleOAuth2', )
Set up what page to go to post-authentication::
SOCIAL_AUTH_LOGIN_REDIRECT_URL = '/secure/' SOCIAL_AUTH_NEW_USER_REDIRECT_URL = '/secure/' SOCIAL_AUTH_NEW_ASSOCIATION_REDIRECT_URL = '/secure/'
Set up the redirects for forcing auth on the way to other pages::
LOGIN_URL = '/socialprofile/select/' LOGIN_REDIRECT_URL = '/secure/' LOGIN_ERROR_URL = '/socialprofile/select/'
Google ^^^^^^
https://code.google.com/apis/console/
Set the return URL to http://localhost:8000/socialprofile/socialauth/complete/google-oauth2/ for development when you set up the API key.
Twitter ^^^^^^^
https://dev.twitter.com/apps/new
Set the callback URL to http://localhost:8000/socialprofile/socialauth/complete/twitter/ for development when you set up the API key.
Facebook ^^^^^^^^
Facebook is a bit of a pain, since you can only have one URL per API key.
https://developers.facebook.com/apps
Set the site URL http://localhost:8000/ for local development.
Facebook also allows you to request additional information beyond authentication. The default setup assumes you are requesting the user's email address. See below for how to note that in the API settings.
See https://developers.facebook.com/docs/authentication/permissions/#extended_perms for details on other permissions you can request.
Add API Keys to Settings ^^^^^^^^^^^^^^^^^^^^^^^^
Take the keys from your APIs and add them to your settings::
SOCIAL_AUTH_TWITTER_KEY = ''
SOCIAL_AUTH_TWITTER_SECRET = ''
SOCIAL_AUTH_FACEBOOK_KEY = ''
SOCIAL_AUTH_FACEBOOK_SECRET = ''
SOCIAL_AUTH_FACEBOOK_SCOPE = ['public_profile', 'email']
SOCIAL_AUTH_FACEBOOK_PROFILE_EXTRA_PARAMS = {'fields': 'first_name,last_name,gender,picture,link'}
SOCIAL_AUTH_GOOGLE_OAUTH2_KEY = ''
SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET = ''
SOCIAL_AUTH_GOOGLE_OAUTH_SCOPE = ['https://www.googleapis.com/auth/userinfo.profile',]
Note that the extended permissions and such there are typical, you may also want to request the ability to post as that user and so forth.
This project creates a SocialProfile
object for each User that is registered via one of the social methods.
The data on this profile can be viewed and edited in the Django admin by editing the User
object.
The SocialProfile
data appears at the bottom of the User
detail in the Django admin.
To do this, a custom User
admin definition is created in admin.py
, so if you have other things that override
the User admin, you'll want to merge this customization in with that, or provide your own admin definition for SocialProfile
.
The 'socialprofile/select' view provides a login modal that you can use to both force existing users to sign in as well as to enable new users to select how they want to authenticate to the site.
If you have LOGIN_URL set to /socialprofile/select/
, this will work automatically.
The default template has attributes to make this a nice modal using jQueryMobile, but the HTML is straightforward, and a custom template should be simple to create.
The socialprofile/
view lets a user see their own profile. The default template checks to see if they profile is
indeed theirs, and displays an 'edit' button taking them to the socialprofile/edit/
view.
This view supports a ?returnTo=
parameter to specify a URL path to return to once the user is done. The default template
uses this for the < Return
button.
The socialprofile/view/<username>
view lets a user see any profile. You may want to adjust the template to hide any
profile fields that should not be public.
This view supports a ?returnTo=
parameter to specify a URL path to return to once the user is done. The default template
uses this for the < Return
button.
The socialprofile/edit/
view lets a user edit their own profile. In typical Django fashion, a GET request to this view
will display the form, while a POST request to this view will try and save the changes.
This view supports a ?returnTo=
parameter to specify a URL path to return to once the user is done. The default template
uses this for the Cancel
and Done
button. When the form returns to the Self Profile View, it passes returnTo
.
A user can add an additional social authentication type to their existing profile. If they originally created their profile using Google auth, then they could add Facebook and Twitter, enabling them to sign in with any of those services and access the same account.
To do this, just have the customer log in with their new auth type, and python-socialauth will do the rest.
This is a default feature of python-socialauth, and is available using::
{% url "social:disconnect" user_social_auth.provider %}
... in a template.
It is important to let customers remove their accounts, and the /socialprofile/delete view prompts them to ensure they really want to delete their account before sending them to /socialprofile/delete/action?confirm=true.
You may want to provide your own function to do this, that perhaps only deactivates their account.
FAQs
django-socialprofile enables users to manage their user profile built by logging in via a social service such as Google, Twitter, or Facebook. It relies on python-socialauth.
We found that django-socialprofile demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
Security News
A Stanford study reveals 9.5% of engineers contribute almost nothing, costing tech $90B annually, with remote work fueling the rise of "ghost engineers."
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.