A Django Auth Backend for Second Life
I've started hacking away at a personal project of mine around Second Life. More on that in the days to come, but I did want to share some code created last night while playing around with Second Life logins. I've worked up a Django authentication backend for authenticating users on a Django-based site against Second Life's login process. I've created a Google code project for the code, so cleverly named slauth.
This is code of the "release early, release often" variety. There are no docs, no tests, not even a README. I just wanted to get this up while I had 5 minutes today. I welcome feedback, and I'm certain I will be working on this as the larger project evolves. I'm not even certain I'll use this in the final project. I feel uncomfortable taking username and password for another "site," but without a proper login API for site-to-site authentication, this seems to be the only viable route. This uses the same XMLRPC auth process of the Second Life viewer code, which seemed to legitimize it a little for me (since this is how third party viewers have to authenticate). It's certainly better than page scraping the response of the Second Life web site's login form. If there were a way to register you application with the login process, I would be totally cool with this. Then, the user could verify a site as being legitimate -- or at least more legitimate than any joe running this auth backend. ;)
Having said all that, it's pretty easy to authenticate via this package.
Just make sure the module lives on your PythonPath, and then add slauth.backends.SLAuthBackend to your Django AUTHENTICATION_BACKENDS setting. You'll even be able to login through the
Django admin with your full SL username ("Anders Falworth" in my case, as
an example). Of course, you won't get into the admin until you add make
the SL account "staff". (This app creates a stub Django user account
for each successful SL login, and then you can check is_staff, then login again
with the SL account, and you'll see the successful entry into the
Django admin site.)
This is the main class that does all the work:
from django.contrib.auth.models import User from slauth.utils import valid_sl_login, get_or_create_sl_user class SLAuthBackend: """ A Second Life authentication backend for Django-based sites. """ def authenticate(self, **kwargs): """ Use kwargs to make the authenticate method more flexible. Django's admin app assumes username/password logins, so allow first and last in one username. For example, username could be 'Bob Smith' and this method will split that apart into the first and last names SL login expects. So either of the following would work: >>> from django.contrib.auth import authenticate >>> authenticate(first_name='Bob', last_name='Smith', password='foo') >>> authenticate(username='Bob Smith', password='foo') """ first_name = kwargs.get('first_name', '') last_name = kwargs.get('last_name', '') password = kwargs.get('password', '') if kwargs.get('username', ''): username = kwargs.get('username', '') if ' ' in username: first_name, last_name = username.split(' ') authenticated = valid_sl_login(first_name, last_name, password) if authenticated: user = get_or_create_sl_user(first_name, last_name) return user return None def get_user(self, user_id): try: return User.objects.get(pk=user_id) except User.DoesNotExist: return None
You could certainly use parts of this without using Django, even though it's
written with Django in mind. There is a utils module that has sl_login and valid_sl_login which returns the
response from a login attempt or a True/False on success or failure of a
login attempt.
Please have at the code at it's Google project home if you have need for or want to play with Second Life logins via Django or Python. Comments, suggestions, and of course, contributions are always welcome. This code is released under the GNU GPL v2.
Posted by deryck on March 3, 2008
Comments