Detailed explanation of Django's auth module (user authentication)

This article mainly introduces the detailed explanation of Django's auth module (user authentication). Now I share it with you and give it as a reference. Let’s take a look together

#The auth module is an encapsulation of the login authentication method. Previously, after we obtained the user name and password entered by the user, we needed to query whether there is a user from the user table. An object whose name and password match,

With the auth module, you can easily verify whether the user's login information exists in the database.

In addition, auth also encapsulates the session to facilitate us to verify whether the user has logged in

Methods in auth

If you want to use the methods of the auth module, you must first import the auth module.

from django.contrib import auth

django.contrib.auth provides many methods. Here we mainly introduce four of them:

1, authenticate()

provides user authentication, that is, to verify whether the username and password are correct. Generally, two username and password are required. Keyword parameters

If the authentication information is valid, a User object will be returned. authenticate() will set an attribute on the User object to identify which authentication backend authenticated the user, and this information will be needed in the subsequent login process. When we try to log in to a User object that is taken directly from the database without authenticate(), an error will be reported! !

user = authenticate(username='someone',password='somepassword')

2, login(HttpRequest, user)

This function accepts an HttpRequest object and an authenticated User object

This function uses Django's session framework to attach session id and other information to an authenticated user.

from django.contrib.auth import authenticate, login
  
def my_view(request):
  username = request.POST['username']
  password = request.POST['password']
  user = authenticate(username=username, password=password)
  if user is not None:
    login(request, user)
    # Redirect to a success page.
    ...
  else:
    # Return an 'invalid login' error message.
    ...

3 、logout(request) Log out the user

This function accepts an HttpRequest object and has no return value. When this function is called, all session information for the current request will be cleared. Even if the user is not logged in, no error will be reported when using this function.

from django.contrib.auth import logout
  
def logout_view(request):
  logout(request)
 # Redirect to a success page.

4. is_authenticated() of the user object

Requirements:

1 User login Some pages can only be accessed after logging in.

2 If the user accesses the page without logging in, it will jump directly to the login page.

3 After the user completes the login in the jumped login interface, the user will automatically access the jump page. Go to the previously visited address

Method 1:

Directly verify using the is_authenticated() method of auth

def my_view(request):
   if not request.user.is_authenticated():
      return redirect('%s?next=%s' % (settings.LOGIN_URL, request.path))

Method 2:

Verify based on request.user.username. If it is empty, it means you are not logged in

def my_view(request):
   if not request.user.username:
      return redirect('%s?next=%s' % (settings.LOGIN_URL, request.path))

Method 3:

Django has designed a decorator for us for this situation: login_requierd()

from django.contrib.auth.decorators import login_required
   
@login_required
def my_view(request):
 ...

If the user is not logged in, it will jump Go to django's default login URL '/accounts/login/ ' (this value can be modified in the settings file through LOGIN_URL). And pass the absolute path of the current access URL (after successful login, you will be redirected to this path).

user object

User object attributes: username, password (required) password is saved to the database using a hash algorithm

is_staff: Whether the user has administrative rights to the website.

is_active: Whether the user is allowed to log in, set to ``False``, you can prohibit the user from logging in without deleting the user

2.1. is_authenticated()

If it is a real User object, the return value is always True. Used to check whether the user has passed the authentication.

Passing authentication does not mean that the user has any permissions, nor does it even check whether the user is active. It just means that the user has successfully passed the authentication. This method is very important. Use request.user.is_authenticated() in the background to determine whether the user has logged in. If true, you can display request.user.name

2.2 and create a user

Use the create_user auxiliary function to create a user:

from django.contrib.auth.models import User
user = User.objects.create_user（username='',password='',email=''）

2.3, check_password(passwd)

user = User.objects.get(username=' ')
if user.check_password(passwd):
  ......

When the user needs to change the password, he must first enter the original password. If the given string passes the password check, return True

Use set_password() To change the password

user = User.objects.get(username='')
user.set_password(password='')
user.save　

2.5, simple example

Registration:

def sign_up(request):
 
  state = None
  if request.method == 'POST':
 
    password = request.POST.get('password', '')
    repeat_password = request.POST.get('repeat_password', '')
    email=request.POST.get('email', '')
    username = request.POST.get('username', '')
    if User.objects.filter(username=username):
        state = 'user_exist'
    else:
        new_user = User.objects.create_user(username=username, password=password,email=email)
        new_user.save()
 
        return redirect('/book/')
  content = {
    'state': state,
    'user': None,
  }
  return render(request, 'sign_up.html', content)　　

Change password:

@login_required
def set_password(request):
  user = request.user
  state = None
  if request.method == 'POST':
    old_password = request.POST.get('old_password', '')
    new_password = request.POST.get('new_password', '')
    repeat_password = request.POST.get('repeat_password', '')
    if user.check_password(old_password):
      if not new_password:
        state = 'empty'
      elif new_password != repeat_password:
        state = 'repeat_error'
      else:
        user.set_password(new_password)
        user.save()
        return redirect("/log_in/")
    else:
      state = 'password_error'
  content = {
    'user': user,
    'state': state,
  }
  return render(request, 'set_password.html', content)

##Create the User table yourself

It should be noted that all the above operations are for the auth_user table automatically created by django. We can take a look at the structure of this table

This is Django gives us a user table automatically created, and if you want to use the auth module, you must use (or inherit) this table.

继承表的好处是我们可以增加一些自己需要的字段，并且同时可以使用auth模块提供的接口、方法

下面就讲一下继承auth的方法：

1、导入AbstractUser类，并且写一个自定义的类，继承AbstractUser类，如下：

from django.contrib.auth.models import AbstractUser

class UserInfo(AbstractUser):
  """
  用户信息
  """
  nid = models.AutoField(primary_key=True)
  telephone = models.CharField(max_length=11, null=True, unique=True)
  ......

需要注意的是，UserInfo表里就不需要有auth_user里重复的字段了，比如说username以及password等，但是还是可以直接使用这些字段的，并且django会自动将password进行加密

2、这样写完之后，还需要在setting.py文件里配置：

AUTH_USER_MODEL = 'blog.UserInfo'

这样，django就知道从blog项目下的models去查找UserInfo这张表了

相关推荐：

Django的cookie使用详解

Django中的Ajax使用方法

The above is the detailed content of Detailed explanation of Django's auth module (user authentication). For more information, please follow other related articles on the PHP Chinese website!