Django Admin Without Authentication

Is there a ready way to use the Django admin page without any form of authentication? I know I can use this method, but that was for Django 1.3. Are there any changes that would le

Solution 1:

The accepted answer is already super simple however after messing around with this I found that in recent versions of Django (since admin.site.has_permission became a thing... >= 1.8?) you can do it without middleware.

In your project's urls.py:

from django.contrib import admin

classAccessUser:
    has_module_perms = has_perm = __getattr__ = lambda s,*a,**kw: True

admin.site.has_permission = lambda r: setattr(r, 'user', AccessUser()) orTrue# Register the admin views or call admin.autodiscover()

urlpatterns = [
    # Your url configs then...
    url(r'^admin/', admin.site.urls),
]

If you have AccessUser extend User you can leave out the __getattr__ portion which is a hacky way to return something when user.pk or similar is called.

Solution 2:

Create a module auto_auth.py:

from django.contrib.auth.models import User
from django.utils.deprecation import MiddlewareMixin

classAutoAuthMiddleware(MiddlewareMixin):
    defprocess_request(self, request):
        request.user = User.objects.filter()[0]

Edit MIDDLEWARE in your settings.py:

• Remove 'django.contrib.auth.middleware.AuthenticationMiddleware'
• Add 'auto_auth.AutoAuthMiddleware'

You can change User.objects.filter()[0] to something else if you want a particular user.

---

In response to your comment: yes. To run the Django admin without users at all, try this:

classUser:
    is_superuser = True
    is_active = True
    is_staff = Trueid = 1defreturn_true(*args, **kwargs):
    returnTrue
User.has_module_perms = return_true
User.has_perm = return_true

classAutoAuthMiddleware(MiddlewareMixin):
    defprocess_request(self, request):
        request.user = User()

And remove 'django.contrib.auth' from INSTALLED_APPS

But if you use any apps that depend on the auth app, you're going to have a bad time.

Solution 3:

The accepted answer adapted for Django version >= 1.10

/[yourapp]/middleware.py:

from django.contrib.auth.models import User

classAuthenticationMiddleware(object):
    def__init__(self, get_response):
        self.get_response = get_response

    def__call__(self, request):
        request.user = User.objects.filter()[0]
        return self.get_response(request)  

In [yourproject]/settings.py for the MIDDLEWARE list:

• Comment or remove: 'django.contrib.auth.middleware.AuthenticationMiddleware',
• Append: '[yourapp].middleware.AuthenticationMiddleware',

Probably obvious to most people but note that the solution still requires one user to exist. Create one manually python manage.py createsuperuser or automatically with a script:

• How to automate createsuperuser on django?
• Autocreate superuser with each schema django
• Create django super user in a docker container without inputting password

Solution 4:

Another Option allows access from anyone: get the first user to bypass authentication

# app/admin.pyfrom django.contrib.auth.models import User
anonymous_user = User.objects.all().first()
admin.site.has_permission = lambda r: setattr(r, 'user', anonymous_user) orTrue

Solution 5:

For the newer versions of django >=2.1 you need to do something like this:

auto_auth.py

classUser:
    is_superuser = True
    is_active = True
    is_staff = Trueid = 1
    pk = 1


User.has_module_perms = True
User.has_perm = TrueclassMiddleware(object):
     def__init__(self, get_response):
          self.response = get_response

     def__call__(self, request):
         request.user = User()
         return self.response(request)

And also don't forget to modify your settings middleware and deactivate django.contrib.auth and add auto_auth