Open in app

Sign in

Write

Sign in

Adding User Login to your django site

Hernán Tylim
Django Musings
Published in
2 min readMay 10, 2016

This is the first part of a series on customizing your django site and understanding the authentication middleware of Django.

In this first example we are going to explain how to add login capabilities to your already existing web app that currently uses django admin.

So. You have your web app. and some views you want to have them protected. How do you do that? Easy. with this decorators:

@login_required()
def my_view(request):
  ...

The login_required() decorator will make sure that the view is executed on an active logged in session. If not, it will redirect the user to the login page.

In addition to login_required() you can use:

@staff_member_required()
def my_view(request):
  ...

With staff_member_required() it will not only check that the user is logged in but also has the “ is_staff” flag turned on (this is a checkbox that you can set up in the admin interface)

What about if you want to use other type of check, then you can use the user_passes_test() decorator that accepts a callable and will invoke it to determine if the user can or can’t access the view. Example:

def email_check(user):
  return user.email.endswith("something.com")@user_passes_test(email_check)
def my_view(request):
  ...

The user_passes_tests() help is here.

Using this 3 decorators you can control which view has public access and which view has a more restrictive access.

But we are not complete. We need to tell django how the user needs to login. All these decorators are fully customizable and you can pass your own login url, but by default it will use: “/accounts/login/”. So if you want you can just add that URL to your URLConf and set it with your own view.

Or better yet, use the one that is part of Django:

from django.contrib.auth import views as auth_views
...
url(r'^accounts/login/$', auth_views.login)

Or, change the default so you redirect to the admin’s site login:

# add this in your settings.pyLOGIN_URL=”/admin/login/”

Django provides a lot of views for all the default auth operations, you can bulk include them with this in your URLConf:

url('r^', include('django.contrib.auth.urls')

If you do that you’ll be adding the login, logout, password_reset, and a lot more of views. but none of these views have their template set! is your responsibility to implement those templates. You can just include in your app the templates with their default names or pass your own, but for that you can’t use the include() call from above, but you need to add the route explicitly:

urlpatterns = [
 url(
   ‘^change-password/’,
   auth_views.password_change,
  {‘template_name’: ‘change-password.html’}
 )
]

OK. That’s it. Here are defined all the auth views and their parameters. here

BTW as for providing your own login template you can use as base the one here

Note that each template is passed some template arguments, one of those arguments is a form instance with everything that you need to build the form.

Django
Python

--

--

Hernán Tylim
Django Musings

Written by Hernán Tylim

61 Followers
Editor for

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams