One benefit of using Django is it comes with built-in, easy-to-use user models and authentication. Django comes with pre-defined models of what a user is, and comes with ways to create users.
Let's see it all in action:
The primary attributes of Django's built-in user model are:
- username
- password
- first_name
- last_name
Django comes with a built-in create_user() function that can be imported and used through your application
Here's how the User model works in action:
>>> from django.contrib.auth.models import User
>>> user = User.objects.create_user(username='john', password='secret')
# At this point, user is a User object that has already been saved
# to the database. You can continue to change its attributes
# if you want to change other fields.
>>> user.first_name = 'John'
>>> user.last_name = 'Lennon'
>>> user.email = 'johnlennon@beatlesreuniontour.net'
>>> user.save()Django has a built in auth module that builds off the User model, and uses session and middleware to keep track of users while they move through the site. You'll have to import the auth module, then you have access to these handy methods:
-
user = auth.authenticate(username, password)- checks whether a passwordmatches what's stored with a username. Returns an instance of a User model
if it matches.
-
auth.login(request, user)- This method takes auserinstance returnedfrom the
auth.authenticate()function and attaches user information tothe servers session and middleware. This is what keeps users logged in.
You can reference user information all over the place off
request.userafter using this to log a user in.
-
auth.logout()- This un-attaches user information from the server sessionand middleware.
request.userwon't be available anymore.
Now, creating users in your application is as simple as creating an HTML form to gather user information, and creating a route that accepts the form's POST request, picks out the user information and calls the create_user() method.
Django also comes with an easy way to authenticate users. Running the auth.authenticate(username='john', password='secret') function providing a username and a password will return an instance of a user model.
from django.contrib import auth
user = auth.authenticate(username='john', password='secret')
if user is not None:
# A backend authenticated the credentials
else:
# No backend authenticated the credentialsFinally, Django provides an easy way to remember that a user is actually logged in. Import the login function from Django's auth library.
The login(request, user) function will attach user information to the request so that they remain authenticated and logged in through an application.
Django uses it's own session information and middleware to keep track of users that have been logged in via the login() function. We should be familiar with session and middleware from our experience with other web servers, like Express.
from django.contrib import auth
def my_view(request):
username = request.POST['username']
password = request.POST['password']
user = auth.authenticate(username=username, password=password)
if user is not None:
auth.login(request, user)
# Redirect to a success page.
...
else:
# Return an 'invalid login' error message.
...Notice that everything we've seen here is happening on the server. We're just grabbing all of the user information from a POST request. The POST request is probably coming from a form, or an AJAX request. It doesn't matter.
As with all web development frameworks, if you can get text from the client to the server then you're golden!
python-django-todo/todoapp/urls.py:
from django.conf.urls import url
from . import views
urlpatterns = [
url(r'^$', views.index, name="index"),
url(r'^signup$', views.signup, name="signup"),
url(r'^login$', views.login, name="login"),
url(r'^logout$', views.logout, name="logout"),
]python-django-todo/todoapp/views.py:
from django.contrib.auth.models import User
from django.contrib import auth
def signup(request):
context = {"error": False}
if request.method == "GET":
return render(request, 'todoapp/signup.html', context)
if request.method == "POST":
username = request.POST["username"]
password = request.POST["password"]
try:
user = User.objects.create_user(username=username, password=password)
if user is not None:
# run the login method to automatically log in user
# as they sign up.
return login(request)
except:
context["error"] = f"Username '{username}' already exists."
return render(request, 'todoapp/signup.html', context)
def login(request):
context = {"error": False}
if request.method == "GET":
return render(request, 'todoapp/login.html')
if request.method == "POST":
username = request.POST["username"]
password = request.POST["password"]
user = auth.authenticate(username=username, password=password)
if user is not None:
auth.login(request, user)
return redirect('index')
def logout(request):
auth.logout(request)
return redirect('index')python-django-todo/todoapp/templates/todoapp/signup.html:
{% extends 'todoapp/base.html' %}
{% block content %}
{% if error %}
<div class="alert alert-warning">
<strong>Error!</strong> {{error}}
</div>
{% endif %}
<h1>Sign Up</h1>
<form action="/signup" method="POST">
{% csrf_token %}
<input type="text" name="username" placeholder="username"/>
<input type="password" name="password" placeholder="password"/>
<input type="submit" value="Sign Up"/>
</form>
{% endblock %}
python-django-todo/todoapp/templates/todoapp/login.html:
{% extends 'todoapp/base.html' %}
{% block content %}
<h1>Login</h1>
<form action="/login" method="POST">
{% csrf_token %}
<input type="text" name="username" placeholder="username"/>
<input type="password" name="password" placeholder="password"/>
<input type="submit" value="Login"/>
</form>
{% endblock %}
python-django-todo/todoapp/templates/todoapp/signup.html:
{% extends 'todoapp/base.html' %}
{% block content %}
{% if error %}
<div class="alert alert-warning">
<strong>Error!</strong> {{error}}
</div>
{% endif %}
<h1>Sign Up</h1>
<form action="/signup" method="POST">
{% csrf_token %}
<input type="text" name="username" placeholder="username"/>
<input type="password" name="password" placeholder="password"/>
<input type="submit" value="Sign Up"/>
</form>
{% endblock %}