Django Management Auth

The exact definition of my job role is complicated, but a part of it is incident response, both from a sysadmin and developer perspective (often at the same time). Some issues are simple and obvious, others are more complex and peculiar, and other only happen for specific users.

Django has a great authentication system, with excellent secure defaults. In an incident, it might be necessary (with a user's permission) to authenticate as them to see what's going on (screen sharing isn't always a viable option). Django has no such functionality built-in.

As someone dealing with an incident, I often have command-line access to the running application, where I may not have a superuser account on the project. In an ideal world, I could run a terminal command, and magically log in as a given user.

#django-management-auth

django-management-auth is a tool I wrote to do just that. It adds a login_as management command which generates a short-lived (60 seconds, by default) URL which, when visited, logs you in as that user - simple.

Because generating the URLs requires shell access already, there's no risk of privilege escalation (Django already has a changepassword command, after all). Authentication is also direct, which should bypass any additional 2FA protections (depending on how they're implemented).

The URLs consist of a signed token, which reuses Django's existing token signing mechanisms (don't write your own crypto, after all). Using signed tokens rather than a row in a database table both reduces system load, and the risk of a potential database leak (which is always a risk). Unfortunately, this does mean tokens can be used multiple times (potentially as part of a replay attack), but this is unlikely, and should be mitigated thanks to the short-lived nature of the tokens.