On authentication and login in django
- 2020-05-12 02:52:02
- OfStack
Authentication login
There are many methods available in django.contrib.auth, and here are three of them:
1 authenticate(**credentials) provides user authentication, which verifies that the user name and password are correct
1 normally requires two keyword parameters, username password
If the authentication information is valid, an User object is returned. authenticate() sets a property on the User object to identify which authentication backend has authenticated the user, and this information is required later in the login process. When we try to log in an User object directly from the database without going through authenticate(), we will get an error!!
user = authentica(username='someone',password='somepassword')
2 login (HttpRequest user, backend = None)
This function accepts one HttpRequest object and one certified User object
This function USES django's session framework to attach information such as session id to an authenticated user.
from django.contrib.auth import authenticate, login
def my_view(request):
username = request.POST['username']
password = request.POST['password']
user = authenticate(username=username, password=password)
if user is not None:
login(request, user)
# Redirect to a success page.
...
else:
# Return an 'invalid login' error message.
...3 logout(request) logout users
from django.contrib.auth import logout
def logout_view(request):
logout(request)
# Redirect to a success page.This function accepts an HttpRequest object with no return value.
When this function is called, the current requested session information is cleared
The user does not report an error using this function even if he is not logged in
Only logged-in users are allowed access
If you wish:
1 users can only access certain pages after logging in.
2. If the user visits the page without logging in, he/she will directly jump to the login page
3 after the user finishes logging in in the jump login interface, the automatic access will jump to the previously accessed address
We have several ways to do this:
1 a live rough
Detect request. user. is_authenticated ()
from django.conf import settings
from django.shortcuts import redirect
def my_view(request):
if not request.user.is_authenticated():
return redirect('%s?next=%s' % (settings.LOGIN_URL, request.path))The login_required function in 2 django
django has designed a decorator for us for this situation: login_requierd()
from django.contrib.auth.decorators import login_required
@login_required
def my_view(request):
... Login verification is required before running the my_view function.
1 if the user is not logged in, it jumps to URL '/accounts/login/ ', the default login for django (this value can be modified by LOGIN_URL in the settings file). And pass the current absolute path to access url (which will be redirected to upon successful login).
Login to url can be configured using the login_url parameter.
You can use the redirect_field_name parameter to configure the absolute path to the current access to url.
If you want to use the default login interface of django, you can configure it this way in urls.py so that if you are not logged in, the program will default to
templates\registration\ login. html
#urls.py
...
(r'^accounts/login/$', 'django.contrib.auth.views.login'),If the user logs in, he or she will enter the normal page