0

When a user of my website submits a bug report, I would like to be able to log into the staging website (so that a non-production copy of the database is used) as him to see exactly what he sees. I could achieve this by changing his user email address to mine and then resetting the password. However, it would simplify things if I could enable a universal password for the staging website, using which I could login as any user. Is there a way to achieve this with Django authentication?

Update: I have stumbled upon the django-master-password project (the term master password did not come to my mind initially). Any other alternatives?

AlwaysLearning
  • 7,257
  • 4
  • 33
  • 68
  • 1
    I'd recommend something like `django-impersonate` (there are other similar packages) which allows a superuser to act-as (i.e. impersonate) any other given user. All these solutions (master password / impersonate) generate some security risk as in a way there is a centralized auth for all users. However it should solve what you're aiming for. – rob Jan 05 '22 at 13:25
  • @rob It looks like django-master-password is simpler for me, because I don't have to make any provision in my React.js frontend to send request to a specific backend url. However, I still cannot get it to work and asked a follow-up question about it: https://stackoverflow.com/questions/70594441/unable-to-make-django-master-password-work – AlwaysLearning Jan 05 '22 at 14:22

0 Answers0