Sunday 25 August 2013

Adding Authentication to a Django site


  1. Put 'django.contrib.auth' and 'django.contrib.contenttypes' in your INSTALLED_APPS setting. (The Permission model in django.contrib.auth depends on django.contrib.contenttypes.).  These should be the default settings anyway after installing Django.
  2. Run the command manage.py syncdb.
Add @login_required before each view:

e.g.
@login_required (login_url='/accounts/login/')
def myview(request, event_id):
    ...
    return render(request, ...

This redirects the user to /accounts/login, so add the following to the top level urls.py:

    url(r '^accounts/login/$' , 'django.contrib.auth.views.login'),


The default login page template is then at registration/login.html:

e.g. 
{% extends "base.html" %}
{% load url from future %}

{% if form.errors %}
<p>Your username and password didn 't match. Please try again.</p>
{% endif %}

<form method="post" action= "{% url 'django.contrib.auth.views.login' %}">
{% csrf_token %}
<table align="center">
<tr>
    <td>{{ form.username.label_tag }}</td>
    <td>{{ form.username }}</td>
</tr>
<tr>
    <td>{{ form.password.label_tag }}</td>
    <td>{{ form.password }}</td>
</tr>
</table>


<div style="text-align: center;"><input type="submit" value= "login" /></div>
<div style="text-align: center;"><input type="hidden" name= "next" value="{{ next }}" /></div>
</form>


The following URLs are used for password reset 
(r'^accounts/password/reset/$', 'django.contrib.auth.views.password_reset', 
        {'post_reset_redirect' : '/accounts/password/reset/done/'}),(r'^accounts/password/reset/done/$', 'django.contrib.auth.views.password_reset_done'),(r'^accounts/password/reset/(?P<uidb36>[0-9A-Za-z]+)-(?P<token>.+)/$', 'django.contrib.auth.views.password_reset_confirm', 
        {'post_reset_redirect' : '/accounts/password/done/'}),(r'^accounts/password/done/$', 'django.contrib.auth.views.password_reset_complete'),

The following templates are required. These are referred to from the url patterns above, plus one for  email.
  • registration/password_reset_complete.html
  • registration/password_reset_confirm.html
  • registration/password_reset_done.html
  • registration/password_reset_form.html
  • registration/password_reset_email.html

registration/password_reset_complete.html

{% extends "template.html" %}

{% block title %}Password reset complete{% endblock %}

{% block pagetitle %}Password reset complete{% endblock %}

{% block content %}<p>Your password has been set.  You may go ahead and log in now.</p><p><a href="{{ login_url }}">Log in>/a></p>{% endblock %}

registration/password_reset_confirm.html

{% extends "template.html" %}{% block title %}Password reset{% endblock %}

{% block pagetitle %}Password reset{% endblock %}

{% block content %}

{% if validlink %}<p>Please enter your new password twice so we can verify you typed it in correctly.</p><form action="" method="post">  <table>    <tr>      <td>{{ form.new_password1.errors }}<label for="id_new_password1">New password:</label></td>      <td>{{ form.new_password1 }}</td>    </tr>    <tr>      <td>{{ form.new_password2.errors }}<label for="id_new_password2">Confirm password:</label></td>      <td>{{ form.new_password2 }}</td>    </tr>    <tr>      <td></td>      <td><input type="submit" value="Change my password" /></td>    </tr>  </table></form>{% else %}<h1>Password reset unsuccessful</h1><p>The password reset link was invalid, possibly because it has already been used.  Please request a new password reset.</p>{% endif %}{% endblock %}

registration/password_reset_done.html

{% extends "template.html" %}

{% block title %}Password reset successful{% endblock %}

{% block pagetitle %}Password reset successful{% endblock %}

{% block content %}<p>We've e-mailed you instructions for setting your password to the e-mail address you submitted.</p><p>You should be receiving it shortly.</p>{% endblock %}

registration/password_reset_form.html

{% extends "template.html" %}

{% block title %}Password reset{% endblock %}

{% block pagetitle %}Password reset{% endblock %}

{% block content %}<p>Forgotten your password? Enter your e-mail address below, and we'll e-mail instructions for setting a new one.</p>

<form action="" method="post"> {{ form.email.errors }}<p><label for="id_email">E-mail address:</label> {{ form.email }} <input type="submit" value="Reset my password" /></p></form>{% endblock %}

registration/password_reset_email.html

{% autoescape off %}You're receiving this e-mail because you requested a password reset for your user account at {{ site_name }}.

Please go to the following page and choose a new password:{% block reset_link %}{{ protocol }}://{{ domain }}{% url django.contrib.auth.views.password_reset_confirm uidb36=uid, token=token %}{% endblock %}

Your username, in case you've forgotten: {{ user.username }}

Thanks for using our site!

The {{ site_name }} team.

{% endautoescape %}
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)