Django package for helping integrate a Django app with sandstorm.io
To use: pip install django-sandstorm
It is HIGHLY recommended you make a separate sandstorm settings file for your app. Whether or not you do, the following needs to go in your app settings for integration with sandstorm to work:
-
Add
django_sandstorm
toINSTALLED_APPS
INSTALLED_APPS = [ ... 'django_sandstorm', ]
-
Set
AUTHENTICATION_BACKENDS
todjango.contrib.auth.backends.RemoteUserBackend
. This is Django's built in backend for handling remote user authentication.AUTHENTICATION_BACKENDS = [ 'django.contrib.auth.backends.RemoteUserBackend', ]
-
Add
django_sandstorm.middleware.SandstormUserMiddleware
toMIDDLEWARE_CLASSES
. This middleware extendsdjango.contrib.auth.middleware.RemoteUserMiddleware
to add Sandstorm specific handling for remote user information.MIDDLEWARE_CLASSES = [ ... 'django_sandstorm.middleware.SandstormUserMiddleware', ]
By default, this middleware creates a user with the Sandstorm User ID as a username, sets the user
first_name
andlast_name
fields, and looks for a default "admin" permission from Sandstorm, granting staff and superuser status if it is found.Extend the
SandstormUserMiddleware
class to customize this behavior. -
Add
django_sandstorm.middleware.SandstormPreCsrfViewMiddleware
beforedjango.middleware.csrf.CsrfViewMiddleware
inMIDDLEWARE_CLASSES
.MIDDLEWARE_CLASSES = [ ... 'django_sandstorm.middleware.SandstormPreCsrfViewMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', ... ]
Django requires a
Referer
header to be set for CSRF protection to work. Sandstorm does not set this header, so the middleware is needed to add it.