first excuse me for my english it isn't the best one.
I'm pretty new to django and python and i try to programm a user authentification.
I used the django documentation and everything works fine with these code below:
def anges(request):
username = []
password = []
if request.method == "POST":
username = request.POST['username']
password = request.POST['password']
user = authenticate(username=username, password=password)
render_to_response ('registration/login.html', {'username': username, 'password': password})
if user is not None:
if user.is_active:
login(request, user)
angestellte_list = Employee.objects.all().order_by('lastname')
return render_to_response(("emp/angestellte.html"), {'angestellte_list': angestellte_list})
else:
return HttpResponse('disabled account')
else:
return HttpResponse('invalid login')
else:
return render_to_response ('registration/login.html', {'username':username, 'password':password})
But this is just a function and i want to use this object oriented for my other functions in my views.py, because of DRY.
This is just a first test but it doesn't works because the debugger says:"global name 'request' is not defined"
That's my code:
class einloggen:
def __init__(self):
self.Username = request.POST['username']
def angestellte(self):
return HttpResponse("hello")
How can I use the request variable in classes or is there anything more to consider?
Quite obvious that you can't use the request variable in __init__ in the einloggen class, because, quite frankly, you don't send the request variable in to the constructor.
I can't see you making a einloggen object anywhere in your view either, but you should probably to something like:
class einloggen:
def __init__(self, request):
self.Username = request.POST.get('username')
and then in your view (where you've got the request variable):
def anges(request):
myobj = einloggen(request)
However, Django already has an authentication system. And you'd be much better off using that. You can use the beautiful decorators to make it really easy and nice to «protect» views.
Related
In my project I have an open signup form, where you can create your Company and all the information bellow it.
After that you can invite people to help you administrate the information of your company. To do that, my idea was to, when the logged user add another admin, I would create the user manually with a fake password and send a Reset Password request to the created email, so he can create his own password. The important code is below:
from django.contrib.auth.forms import PasswordResetForm
...
def create_admin(request):
if request.method == 'POST':
form = AdminForm(request.POST)
if form.is_valid():
email = form.cleaned_data.get("email")
random_pass = User.objects.make_random_password()
user = User(username=email, email=email, password=random_pass)
user.save()
company.add_admin(user)
reset_form = PasswordResetForm({'email': email})
reset_form.save(
email_template_name="rh/password_reset_email.html",
subject_template_name="rh/password_reset_subject.txt")
return redirect('dashboard')
else:
form = AdminForm()
return render(request, 'rh/create_admin.html', {'form': form})
Unfortunately, the above code returns a Exception Type: AttributeError 'PasswordResetForm' object has no attribute 'cleaned_data'
To note:
I already have a fully working reset password feature, using everything from django and custom templates. That's why I'm trying to make this work this way
I would like to customize the email_template_name and subject_template_name, like in my code
thanks in advance
After a bit of dialog in comments I'll leave the response. The two issues were the way the password was being created and the form not being validated. This code should work:
email = form.cleaned_data.get("email")
random_pass = User.objects.make_random_password()
user = User(username=email, email=email)
user.set_password(random_pass)
user.save()
company.add_admin(user)
reset_form = PasswordResetForm({'email': email})
reset_form.is_valid()
reset_form.save(
email_template_name="rh/password_reset_email.html",
subject_template_name="rh/password_reset_subject.txt")
return redirect('dashboard')
(Note that in this code I used the form and not the view, because I'm not sure about what you did with that. If this code doesn't work please correct it.)
In django, for class-based view like ListView and DetailView, methods like get() or post() or other functions defined by developer take parameters include self and request. I learnt that in self these is actually a self.request field, so wha's the difference between self.request and request?
Example, this is the function in a class based view and used to handle user's login requirement:
def login(self, request):
name = request.POST['name']
pwd = request.POST['password']
user = authenticate(username=name, password=pwd)
if user is not None:
request.session.set_expiry(0)
login(request, user)
log_message = 'Login successfully.'
else:
log_message = 'Fail to login.'
return HttpResponseRedirect(reverse('blog:testindex'))
This is the function used to handle user's register:
def register(self, request):
user_name = self.request.POST['username']
firstname = self.request.POST['firstname']
lastname = self.request.POST['lastname']
pwd = self.request.POST['password']
e_mail = self.request.POST['email']
user = User.objects.create(username=user_name, first_name=firstname, last_name=lastname, email=e_mail)
user.set_password(pwd)
try:
user.save()
user = authenticate(username=user_name, password=pwd)
login(self.request, user)
except Exception:
pass
else:
return HttpResponseRedirect(reverse('blog:testindex'))
In the first function, it used data stored in request and in the second one, it used self.request, both work functionally. What's the difference?
For a subclass of View, they're the same object. self.request = request is set in view function that as_view() returns. I looked into the history, but only found setting self.request and then immediately passing request into the view function.
I am currently having difficulty customizing Djangos authentication system.
In my scenario there is no database and authentication happens through a http request. There are no tables to read from or write from.
This thread here deals pretty much with the same case I am dealing with however i do not understand how a user is being created in his example. I also read this from django manual regarding REMOTE_USER authentication.Coming back to the first link the user posted this code here.It consists of a backend and a user object
Backend - inherit from RemoteUserBackend
from django.contrib.auth.backends import RemoteUserBackend
class MyRemoteUserBackend (RemoteUserBackend):
# Create a User object if not already in the database?
create_unknown_user = False
def get_user (self, user_id):
user = somehow_create_an_instance_of (MyUser, user_id) ---->A
return user
def authenticate (self, **credentials):
check_credentials ()
user = somehow_create_an_instance_of (MyUser, credentials) ---->B
return user
Then the user:
from django.contrib.auth.models import User
class MyUser (User):
def save (self):
"""saving to DB disabled"""
pass
objects = None # we cannot really use this w/o local DB
username = "" # and all the other properties likewise.
# They're defined as model.CharField or similar,
# and we can't allow that
def get_group_permissions (self):
"""If you don't make your own permissions module,
the default also will use the DB. Throw it away"""
return [] # likewise with the other permission defs
def get_and_delete_messages (self):
"""Messages are stored in the DB. Darn!"""
return []
Now my question is I would like to do something like this in my view
def my_view(request):
username = request.POST['username']
password = request.POST['password']
user = authenticate(username=username, password=password)
if user is not None:
if user.is_active:
login(request, user)
Now how can I have authenticate method from MyRemoteUserBackend be called in the above code snippet and what does the snippet mean by somehow_create_an_instance_of any suggestions on this would be great
I can't seem to work out how to log in users in Django. I'm confused because the documentation tells you explicitely how to do it, but still somehow I must be making a mistake.
The link
https://docs.djangoproject.com/en/dev/topics/auth/default/#django.contrib.auth.login
says
"To log a user in, from a view, use login(). It takes an HttpRequest object and a User object. login() saves the user’s ID in the session, using Django’s session framework."
So I have the following views.py:
def login_view(request):
if request.method == 'GET':
return render(request, 'app/login.htm')
if request.method == 'POST':
username = request.POST.get('username', '')
password = request.POST.get('password', '')
user = auth.authenticate(username=username, password=password)
if user is None:
return HttpResponseRedirect(reverse('error'))
if not user.is_active:
return HttpResponseRedirect(reverse('error'))
# Correct password, and the user is marked "active"
auth.login(request, user)
# Redirect to a success page.
return HttpResponseRedirect(reverse('home'))
def home(request):
contextdict = {}
if request.session.user.is_authenticated():
contextdict['username'] = request.session.user.username
context = RequestContext(request, contextdict )
return render(request, 'app/home.htm', context)
Now, by using print 'qqq' I know for a fact that 'is None' and 'not is_active' have been evaluated to True, and so auth.login is evaluated and the HttpResponseRedirect is returned. I expected everythin to go normally and the user to be logged in, and the user name to be passed as context in the home view. However, Django gives me the following error:
AttributeError at /app/home/
'SessionStore' object has no attribute 'user'
Yeah, I have no idea what I'm doing.
You should use request.user to get user object, not request.session.user.
The data in session is used to retrieve the user object, but the session does not contain the actual user
I was working with a legacy database where there was a table 'tbl_personaldetails', from where i ported data to custome user model.
In code to port data from tbl_personaldetails, i use user.set_password(password) which sets password as hash in user table.
Trouble is when i try to authenticate(username=username, password=password) where password and username are plain text, authenticate returns None (Even for superuser account from which i can login in admin section).
The code to login is as follows:
class LoginView(FormView):
form_class = LoginForm
template_name = 'account/login.html'
def get_success_url(self):
return reverse("userHomeAfterLogin")
def form_valid(self, form):
email = form.cleaned_data['email'].lower().strip()
password = form.cleaned_data['password']
user = authenticate(email=email, password=password)
if user:
login(self.request, user)
return redirect(self.get_success_url())
else:
try:
user = User.objects.get(email__iexact=email)
if not check_password(password, user.password):
form._errors['password'] = ErrorList([u'That is not the correct Password.'])
except User.DoesNotExist:
form._errors['email'] = ErrorList([u'This email is not registered with us.'])
context = self.get_context_data(form=form)
return self.render_to_response(context)
As of now it flows like this:
1.authenticate returns none, landing up in else part:
2. can retrieve the user with email and check_password is correct.
3. it renders the form w/o any error message
.
what is it that i am doing wrong, everything looks fine though
As far as I understand from the code snippet, you are using email as your username. With email address, Django's authenticate will never work. It expects username instead. See code below.
def authenticate(**credentials):
"""
If the given credentials are valid, return a User object.
"""
for backend in get_backends():
try:
user = backend.authenticate(**credentials)
except TypeError:
# This backend doesn't accept these credentials as arguments. Try the next one.
continue
if user is None:
continue
# Annotate the user object with the path of the backend.
user.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__)
return user
In order to use email address as the username field, please refer to http://justcramer.com/2008/08/23/logging-in-with-email-addresses-in-django/.
Hope this helps.