Detailed explanation of Django's auth module (user authentication)-Python Tutorial-php.cn

Home

Backend Development

Python Tutorial

Detailed explanation of Django's auth module (user authentication)

不言

Apr 17, 2018 am 10:41 AM

authdjangouser

This article mainly introduces the detailed explanation of Django's auth module (user authentication). Now I share it with you and give it as a reference. Let’s take a look together

#The auth module is an encapsulation of the login authentication method. Previously, after we obtained the user name and password entered by the user, we needed to query whether there is a user from the user table. An object whose name and password match,

With the auth module, you can easily verify whether the user's login information exists in the database.

In addition, auth also encapsulates the session to facilitate us to verify whether the user has logged in

Methods in auth

If you want to use the methods of the auth module, you must first import the auth module.

from django.contrib import auth

django.contrib.auth provides many methods. Here we mainly introduce four of them:

1, authenticate()

provides user authentication, that is, to verify whether the username and password are correct. Generally, two username and password are required. Keyword parameters

If the authentication information is valid, a User object will be returned. authenticate() will set an attribute on the User object to identify which authentication backend authenticated the user, and this information will be needed in the subsequent login process. When we try to log in to a User object that is taken directly from the database without authenticate(), an error will be reported! !

user = authenticate(username=&#39;someone&#39;,password=&#39;somepassword&#39;)

2, login(HttpRequest, user)

This function accepts an HttpRequest object and an authenticated User object

This function uses Django's session framework to attach session id and other information to an authenticated user.

from django.contrib.auth import authenticate, login
  
def my_view(request):
  username = request.POST[&#39;username&#39;]
  password = request.POST[&#39;password&#39;]
  user = authenticate(username=username, password=password)
  if user is not None:
    login(request, user)
    # Redirect to a success page.
    ...
  else:
    # Return an &#39;invalid login&#39; error message.
    ...

3 、logout(request) Log out the user

This function accepts an HttpRequest object and has no return value. When this function is called, all session information for the current request will be cleared. Even if the user is not logged in, no error will be reported when using this function.

from django.contrib.auth import logout
  
def logout_view(request):
  logout(request)
 # Redirect to a success page.

4. is_authenticated() of the user object

Requirements:

1 User login Some pages can only be accessed after logging in.

2 If the user accesses the page without logging in, it will jump directly to the login page.

3 After the user completes the login in the jumped login interface, the user will automatically access the jump page. Go to the previously visited address

Method 1:

Directly verify using the is_authenticated() method of auth

def my_view(request):
   if not request.user.is_authenticated():
      return redirect(&#39;%s?next=%s&#39; % (settings.LOGIN_URL, request.path))

Method 2:

Verify based on request.user.username. If it is empty, it means you are not logged in

def my_view(request):
   if not request.user.username:
      return redirect(&#39;%s?next=%s&#39; % (settings.LOGIN_URL, request.path))

Method 3:

Django has designed a decorator for us for this situation: login_requierd()

from django.contrib.auth.decorators import login_required
   
@login_required
def my_view(request):
 ...

If the user is not logged in, it will jump Go to django's default login URL '/accounts/login/ ' (this value can be modified in the settings file through LOGIN_URL). And pass the absolute path of the current access URL (after successful login, you will be redirected to this path).

user object

User object attributes: username, password (required) password is saved to the database using a hash algorithm

is_staff: Whether the user has administrative rights to the website.

is_active: Whether the user is allowed to log in, set to ``False``, you can prohibit the user from logging in without deleting the user

2.1. is_authenticated()

If it is a real User object, the return value is always True. Used to check whether the user has passed the authentication.

Passing authentication does not mean that the user has any permissions, nor does it even check whether the user is active. It just means that the user has successfully passed the authentication. This method is very important. Use request.user.is_authenticated() in the background to determine whether the user has logged in. If true, you can display request.user.name

2.2 and create a user

Use the create_user auxiliary function to create a user:

from django.contrib.auth.models import User
user = User.objects.create_user（username=&#39;&#39;,password=&#39;&#39;,email=&#39;&#39;）

2.3, check_password(passwd)

user = User.objects.get(username=&#39; &#39;)
if user.check_password(passwd):
  ......

When the user needs to change the password, he must first enter the original password. If the given string passes the password check, return True

Use set_password() To change the password

user = User.objects.get(username=&#39;&#39;)
user.set_password(password=&#39;&#39;)
user.save

2.5, simple example

Registration:

def sign_up(request):
 
  state = None
  if request.method == &#39;POST&#39;:
 
    password = request.POST.get(&#39;password&#39;, &#39;&#39;)
    repeat_password = request.POST.get(&#39;repeat_password&#39;, &#39;&#39;)
    email=request.POST.get(&#39;email&#39;, &#39;&#39;)
    username = request.POST.get(&#39;username&#39;, &#39;&#39;)
    if User.objects.filter(username=username):
        state = &#39;user_exist&#39;
    else:
        new_user = User.objects.create_user(username=username, password=password,email=email)
        new_user.save()
 
        return redirect(&#39;/book/&#39;)
  content = {
    &#39;state&#39;: state,
    &#39;user&#39;: None,
  }
  return render(request, &#39;sign_up.html&#39;, content)

Change password:

@login_required
def set_password(request):
  user = request.user
  state = None
  if request.method == &#39;POST&#39;:
    old_password = request.POST.get(&#39;old_password&#39;, &#39;&#39;)
    new_password = request.POST.get(&#39;new_password&#39;, &#39;&#39;)
    repeat_password = request.POST.get(&#39;repeat_password&#39;, &#39;&#39;)
    if user.check_password(old_password):
      if not new_password:
        state = &#39;empty&#39;
      elif new_password != repeat_password:
        state = &#39;repeat_error&#39;
      else:
        user.set_password(new_password)
        user.save()
        return redirect("/log_in/")
    else:
      state = &#39;password_error&#39;
  content = {
    &#39;user&#39;: user,
    &#39;state&#39;: state,
  }
  return render(request, &#39;set_password.html&#39;, content)

##Create the User table yourself

It should be noted that all the above operations are for the auth_user table automatically created by django. We can take a look at the structure of this table

This is Django gives us a user table automatically created, and if you want to use the auth module, you must use (or inherit) this table.

继承表的好处是我们可以增加一些自己需要的字段，并且同时可以使用auth模块提供的接口、方法

下面就讲一下继承auth的方法：

1、导入AbstractUser类，并且写一个自定义的类，继承AbstractUser类，如下：

from django.contrib.auth.models import AbstractUser

class UserInfo(AbstractUser):
  """
  用户信息
  """
  nid = models.AutoField(primary_key=True)
  telephone = models.CharField(max_length=11, null=True, unique=True)
  ......

需要注意的是，UserInfo表里就不需要有auth_user里重复的字段了，比如说username以及password等，但是还是可以直接使用这些字段的，并且django会自动将password进行加密

2、这样写完之后，还需要在setting.py文件里配置：

AUTH_USER_MODEL = &#39;blog.UserInfo&#39;

这样，django就知道从blog项目下的models去查找UserInfo这张表了

相关推荐：

Django的cookie使用详解

Django中的Ajax使用方法

The above is the detailed content of Detailed explanation of Django's auth module (user authentication). For more information, please follow other related articles on the PHP Chinese website!

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

What are the alternatives to concatenate two lists in Python?May 09, 2025 am 12:16 AM

There are many methods to connect two lists in Python: 1. Use operators, which are simple but inefficient in large lists; 2. Use extend method, which is efficient but will modify the original list; 3. Use the = operator, which is both efficient and readable; 4. Use itertools.chain function, which is memory efficient but requires additional import; 5. Use list parsing, which is elegant but may be too complex. The selection method should be based on the code context and requirements.

Python: Efficient Ways to Merge Two ListsMay 09, 2025 am 12:15 AM

There are many ways to merge Python lists: 1. Use operators, which are simple but not memory efficient for large lists; 2. Use extend method, which is efficient but will modify the original list; 3. Use itertools.chain, which is suitable for large data sets; 4. Use * operator, merge small to medium-sized lists in one line of code; 5. Use numpy.concatenate, which is suitable for large data sets and scenarios with high performance requirements; 6. Use append method, which is suitable for small lists but is inefficient. When selecting a method, you need to consider the list size and application scenarios.

Compiled vs Interpreted Languages: pros and consMay 09, 2025 am 12:06 AM

Compiledlanguagesofferspeedandsecurity,whileinterpretedlanguagesprovideeaseofuseandportability.1)CompiledlanguageslikeC arefasterandsecurebuthavelongerdevelopmentcyclesandplatformdependency.2)InterpretedlanguageslikePythonareeasiertouseandmoreportab

Python: For and While Loops, the most complete guideMay 09, 2025 am 12:05 AM

In Python, a for loop is used to traverse iterable objects, and a while loop is used to perform operations repeatedly when the condition is satisfied. 1) For loop example: traverse the list and print the elements. 2) While loop example: guess the number game until you guess it right. Mastering cycle principles and optimization techniques can improve code efficiency and reliability.

Python concatenate lists into a stringMay 09, 2025 am 12:02 AM

To concatenate a list into a string, using the join() method in Python is the best choice. 1) Use the join() method to concatenate the list elements into a string, such as ''.join(my_list). 2) For a list containing numbers, convert map(str, numbers) into a string before concatenating. 3) You can use generator expressions for complex formatting, such as ','.join(f'({fruit})'forfruitinfruits). 4) When processing mixed data types, use map(str, mixed_list) to ensure that all elements can be converted into strings. 5) For large lists, use ''.join(large_li

Python's Hybrid Approach: Compilation and Interpretation CombinedMay 08, 2025 am 12:16 AM

Pythonusesahybridapproach,combiningcompilationtobytecodeandinterpretation.1)Codeiscompiledtoplatform-independentbytecode.2)BytecodeisinterpretedbythePythonVirtualMachine,enhancingefficiencyandportability.

Learn the Differences Between Python's 'for' and 'while' LoopsMay 08, 2025 am 12:11 AM

ThekeydifferencesbetweenPython's"for"and"while"loopsare:1)"For"loopsareidealforiteratingoversequencesorknowniterations,while2)"while"loopsarebetterforcontinuinguntilaconditionismetwithoutpredefinediterations.Un

Python concatenate lists with duplicatesMay 08, 2025 am 12:09 AM

In Python, you can connect lists and manage duplicate elements through a variety of methods: 1) Use operators or extend() to retain all duplicate elements; 2) Convert to sets and then return to lists to remove all duplicate elements, but the original order will be lost; 3) Use loops or list comprehensions to combine sets to remove duplicate elements and maintain the original order.

See all articles