I am using the Django-two-factor-auth library for my sites login. Everything is working fine, however when I try to login and redirect a new user to their profile page after sign up using login(request, user) I keep getting redirected to the login page.
The login works fine when the user re-enters their new login credentials however I want to redirect the user straight to their profile page after signup instead.
I am aware Django-two-factor-auth overides Django's built in authentication (Django.contrib.auth), however I am unsure why the login() function is not marking the user as authenticated.
views.py
from django.contrib.auth import login
def signup(request):
...
user = signup_form.save()
login(request, user)
return redirect('/profile')
You can add that to your settings:
LOGIN_REDIRECT_URL = 'yourUrl' # this is the name of the url
Resolved. Turns out the 'is_active' field of the newly created user was being modified by a model signal elsewhere in my code resulting in the user being redirected to the login page.
Related
The Problem
I am trying to connect a superuser to the Django test client, and then access a page in the Django administration interface with a GET method. However, I get a redirect to the login page, even though the superuser is properly logged in.
The Code
def test(self) -> None:
client = Client()
user = User.objects.create(username='user', is_superuser=True)
client.force_login(user)
response = client.get(f'/admin/management/establishment/', follow=True)
print("Redirect chain\t", response.redirect_chain)
print("Request user\t", response.wsgi_request.user)
print("Is superuser\t", response.wsgi_request.user.is_superuser)
The Output
Redirect chain [('/admin/login/?next=/admin/management/establishment/', 302)]
Request user user
Is superuser True
Additional Information
Same result with a user having a password and an email
Tested on a new Django project
The Question
Do you know why I have this redirection and how I can avoid it?
Problem source
It seems that setting a user as superuser with is_superuser=True does not allow them to access the Django admin interface.
Only staffs can log in, so the is_staff=True attribute must be added to the user creation.
It's surprising that superusers are not considered staff by default.
Solution
Creating the user with the following line does not redirect to the login page:
user = User.objects.create(username='user', is_superuser=True, is_staff=True)
test.html:
authorize
views.py:
from django.contrib.auth.decorators import login_required
#login_required
def myview(req):
user = req.user
return render(req, 'test.html')
For ebay's oauth process, you have to provide users with a link to ebay's server, which asks the user if they want to give credentials to you. If they accept, ebay redirects the user to a given url with a querystring containing the access key.
The problem is, when I authorize my app with ebay, the user gets redirected to my login page (despite already being logged in). If I remove the #login_required decorator, req.user returns AnonymousUser instead. This is a problem since I don't know which user to assign the access token to.
What am I missing here?
Note that I am using ngrok to tunnel my server, and I have no problems
rendering myview other than the fact that the user is Anonymous.
The problem was that when I logged the user in initially, I was using the domain localhost:8000 instead of my ngrok instance.
Logging my user in using my ngrok address fixed the problem.
I have created a view which allows the user to sign in.
def signin(request):
email = request.POST['username']
password = request.POST['password']
user = authenticate(request, username=email, password=password)
if user is not None:
login(request, user)
How should I verify that the user is signed in?
Is it when the user is accessing an API that requires user to be logged in first?
The documentation shows that we can use request.user.is_authenticated is True or not to verify.
However, I am not using django templates but reactJS to send POST requests.
How should I do it?
Should I include a User attribute in json body in the POST request?
It doesn't matter whether you use django template or use reactjs to send Post request. So this function will be in the views.py file, you can add the #login_required decorator for all required endpoints, django have it own authentication(by default it will associate with the User model, but you can change it)to protect the API, and you can use DRF token or JWT in your application to post to serve(check this for details:http://www.django-rest-framework.org/api-guide/authentication/)
I am using Django 1.9.
Base on the Django documentation:
" To log a user in, from a view, use login(). It takes an HttpRequest object and a User object. login() saves the user’s ID in the session, using Django’s session framework."
So how do I retrieve the information in that session.
For example: (this is also taken from the documentation)
from django.contrib.auth import authenticate, login
def my_view(request):
username = request.POST['username']
password = request.POST['password']
user = authenticate(username=username, password=password)
if user is not None:
if user.is_active:
**login(request, user)**
# Redirect to a success page.
else:
How do I retrieve the user information such as username or if possible the password out on the success page.
P.S
If you could also kinda explain the solution in layman term as possible
EDIT
I was playing around with the framework back then. So I was testing if it can be done.
You don't get it from the session.
The authentication middleware adds the current user to the request, as request.user.
(And you definitely do not ever retrieve or display the password.)
I am trying to make a application in django. I have an authentication api from another application. I take input from user via form and post the input to the api in json. After I get success message from api and my user is authenticated to api I want to make that user as request.user in django.
Is there any way I can do it. I am thinking of doing it in middleware in process_view. Is this right approach ? But I have no idea how to do it.
Any suggestion will be appriciated.
If you are really doing it thru Django views, you can manually login the user with:
# imports needed
from django.contrib.auth import login, logout
from django.contrib.auth.models import User
# hard way to login a user
user = User.objects.filter(username=INPUT_USERNAME).first()
user.backend = 'django.contrib.auth.backends.ModelBackend'
login(request, user)
If you need to logout:
logout(request)