Home >Backend Development >Python Tutorial >Detailed explanation of Django's auth module (user authentication)
This article mainly introduces the detailed explanation of Django's auth module (user authentication). Now I share it with you and give it as a reference. Let’s take a look together
#The auth module is an encapsulation of the login authentication method. Previously, after we obtained the user name and password entered by the user, we needed to query whether there is a user from the user table. An object whose name and password match,
With the auth module, you can easily verify whether the user's login information exists in the database.
In addition, auth also encapsulates the session to facilitate us to verify whether the user has logged in
Methods in auth
If you want to use the methods of the auth module, you must first import the auth module.
from django.contrib import auth
django.contrib.auth provides many methods. Here we mainly introduce four of them:
1, authenticate()
provides user authentication, that is, to verify whether the username and password are correct. Generally, two username and password are required. Keyword parameters
If the authentication information is valid, a User object will be returned. authenticate() will set an attribute on the User object to identify which authentication backend authenticated the user, and this information will be needed in the subsequent login process. When we try to log in to a User object that is taken directly from the database without authenticate(), an error will be reported! !
user = authenticate(username='someone',password='somepassword')
2, login(HttpRequest, user)
This function accepts an HttpRequest object and an authenticated User object
This function uses Django's session framework to attach session id and other information to an authenticated user.
from django.contrib.auth import authenticate, login def my_view(request): username = request.POST['username'] password = request.POST['password'] user = authenticate(username=username, password=password) if user is not None: login(request, user) # Redirect to a success page. ... else: # Return an 'invalid login' error message. ...
3 、logout(request) Log out the user
This function accepts an HttpRequest object and has no return value. When this function is called, all session information for the current request will be cleared. Even if the user is not logged in, no error will be reported when using this function.
from django.contrib.auth import logout def logout_view(request): logout(request) # Redirect to a success page.
4. is_authenticated() of the user object
Requirements:
1 User login Some pages can only be accessed after logging in.
2 If the user accesses the page without logging in, it will jump directly to the login page.
3 After the user completes the login in the jumped login interface, the user will automatically access the jump page. Go to the previously visited address
Method 1:
Directly verify using the is_authenticated() method of auth
def my_view(request): if not request.user.is_authenticated(): return redirect('%s?next=%s' % (settings.LOGIN_URL, request.path))
Method 2:
Verify based on request.user.username. If it is empty, it means you are not logged in
def my_view(request): if not request.user.username: return redirect('%s?next=%s' % (settings.LOGIN_URL, request.path))
Method 3:
Django has designed a decorator for us for this situation: login_requierd()
from django.contrib.auth.decorators import login_required @login_required def my_view(request): ...
If the user is not logged in, it will jump Go to django's default login URL '/accounts/login/ ' (this value can be modified in the settings file through LOGIN_URL). And pass the absolute path of the current access URL (after successful login, you will be redirected to this path).
user object
User object attributes: username, password (required) password is saved to the database using a hash algorithm
is_staff: Whether the user has administrative rights to the website.
is_active: Whether the user is allowed to log in, set to ``False``, you can prohibit the user from logging in without deleting the user
2.1. is_authenticated()
If it is a real User object, the return value is always True. Used to check whether the user has passed the authentication.
Passing authentication does not mean that the user has any permissions, nor does it even check whether the user is active. It just means that the user has successfully passed the authentication. This method is very important. Use request.user.is_authenticated() in the background to determine whether the user has logged in. If true, you can display request.user.name
2.2 and create a user
Use the create_user auxiliary function to create a user:
from django.contrib.auth.models import User user = User.objects.create_user(username='',password='',email='')
2.3, check_password(passwd)
user = User.objects.get(username=' ') if user.check_password(passwd): ......
When the user needs to change the password, he must first enter the original password. If the given string passes the password check, return True
Use set_password() To change the password
user = User.objects.get(username='') user.set_password(password='') user.save
2.5, simple example
Registration:
def sign_up(request): state = None if request.method == 'POST': password = request.POST.get('password', '') repeat_password = request.POST.get('repeat_password', '') email=request.POST.get('email', '') username = request.POST.get('username', '') if User.objects.filter(username=username): state = 'user_exist' else: new_user = User.objects.create_user(username=username, password=password,email=email) new_user.save() return redirect('/book/') content = { 'state': state, 'user': None, } return render(request, 'sign_up.html', content)
Change password:
@login_required def set_password(request): user = request.user state = None if request.method == 'POST': old_password = request.POST.get('old_password', '') new_password = request.POST.get('new_password', '') repeat_password = request.POST.get('repeat_password', '') if user.check_password(old_password): if not new_password: state = 'empty' elif new_password != repeat_password: state = 'repeat_error' else: user.set_password(new_password) user.save() return redirect("/log_in/") else: state = 'password_error' content = { 'user': user, 'state': state, } return render(request, 'set_password.html', content)
##Create the User table yourself
It should be noted that all the above operations are for the auth_user table automatically created by django. We can take a look at the structure of this table This is Django gives us a user table automatically created, and if you want to use the auth module, you must use (or inherit) this table.继承表的好处是我们可以增加一些自己需要的字段,并且同时可以使用auth模块提供的接口、方法
下面就讲一下继承auth的方法:
1、导入AbstractUser类,并且写一个自定义的类,继承AbstractUser类,如下:
from django.contrib.auth.models import AbstractUser class UserInfo(AbstractUser): """ 用户信息 """ nid = models.AutoField(primary_key=True) telephone = models.CharField(max_length=11, null=True, unique=True) ......
需要注意的是,UserInfo表里就不需要有auth_user里重复的字段了,比如说username以及password等,但是还是可以直接使用这些字段的,并且django会自动将password进行加密
2、这样写完之后,还需要在setting.py文件里配置:
AUTH_USER_MODEL = 'blog.UserInfo'
这样,django就知道从blog项目下的models去查找UserInfo这张表了
相关推荐:
The above is the detailed content of Detailed explanation of Django's auth module (user authentication). For more information, please follow other related articles on the PHP Chinese website!