[Fixed]-Django Admin without Authentication

14👍

Create a module auto_auth.py:

from django.contrib.auth.models import User
from django.utils.deprecation import MiddlewareMixin

class AutoAuthMiddleware(MiddlewareMixin):
    def process_request(self, request):
        request.user = User.objects.filter()[0]

Edit MIDDLEWARE in your settings.py:

  • Remove 'django.contrib.auth.middleware.AuthenticationMiddleware'
  • Add 'auto_auth.AutoAuthMiddleware'

You can change User.objects.filter()[0] to something else if you want a particular user.


In response to your comment: yes. To run the Django admin without users at all, try this:

class User:
    is_superuser = True
    is_active = True
    is_staff = True
    id = 1

def return_true(*args, **kwargs):
    return True
User.has_module_perms = return_true
User.has_perm = return_true

class AutoAuthMiddleware(MiddlewareMixin):
    def process_request(self, request):
        request.user = User()

And remove 'django.contrib.auth' from INSTALLED_APPS

But if you use any apps that depend on the auth app, you’re going to have a bad time.

18👍

The accepted answer is already super simple however after messing around with this I found that in recent versions of Django (since admin.site.has_permission became a thing… >= 1.8?) you can do it without middleware.

In your project’s urls.py:

from django.contrib import admin

class AccessUser:
    has_module_perms = has_perm = __getattr__ = lambda s,*a,**kw: True

admin.site.has_permission = lambda r: setattr(r, 'user', AccessUser()) or True

# Register the admin views or call admin.autodiscover()

urlpatterns = [
    # Your url configs then...
    url(r'^admin/', admin.site.urls),
]

If you have AccessUser extend User you can leave out the __getattr__ portion which is a hacky way to return something when user.pk or similar is called.

5👍

The accepted answer adapted for Django version >= 1.10

/[yourapp]/middleware.py:

from django.contrib.auth.models import User

class AuthenticationMiddleware(object):
    def __init__(self, get_response):
        self.get_response = get_response

    def __call__(self, request):
        request.user = User.objects.filter()[0]
        return self.get_response(request)  

In [yourproject]/settings.py for the MIDDLEWARE list:

  • Comment or remove: 'django.contrib.auth.middleware.AuthenticationMiddleware',
  • Append: '[yourapp].middleware.AuthenticationMiddleware',

Probably obvious to most people but note that the solution still requires one user to exist. Create one manually python manage.py createsuperuser or automatically with a script:

👤hellbe

4👍

Another Option allows access from anyone: get the first user to bypass authentication

# app/admin.py
from django.contrib.auth.models import User
anonymous_user = User.objects.all().first()
admin.site.has_permission = lambda r: setattr(r, 'user', anonymous_user) or True

0👍

For the newer versions of django >=2.1 you need to do something like this:

auto_auth.py

class User:
    is_superuser = True
    is_active = True
    is_staff = True
    id = 1
    pk = 1


User.has_module_perms = True
User.has_perm = True


class Middleware(object):
     def __init__(self, get_response):
          self.response = get_response

     def __call__(self, request):
         request.user = User()
         return self.response(request)

And also don’t forget to modify your settings middleware and deactivate django.contrib.auth and add auto_auth

-1👍

For all using Django 3.0,

comment out this code AUTH_USER_MODEL = ‘customUser’ in your settings.py and create a superuser (python manage.py createsuperuser) with the default user model first.

After creating the superuser then uncomment this code AUTH_USER_MODEL = ‘customUser’.

This happened to me and that’s what I did with Django 3.0

You should be good to go. Hope it helps

Leave a comment