background preloader

Django_User

Facebook Twitter

Django sessions – part III: User authentication. In the previous two articles of this series we learned how Django implements sessions, thus allowing the abstraction of persistent state in a web application.

Django sessions – part III: User authentication

The session framework can be employed by developers to implement all kinds of interesting features for their application, but Django also uses it for its own needs. Specifically, Django’s user authentication system relies on the session framework to do its job. The user authentication system allows users to log in and out of the application, and act based on a set of permissions. Borrowing from the Django Book: This system is often referred to as an auth/auth (authentication and authorization) system.

Verify (authenticate) that a user is who he or she claims to be (usually by checking a username and password against a database of users)Verify that the user is authorized to perform some given operation (usually by checking against a table of permissions) Snooping on HTTP traffic username:eliben password:password What is this session? Django Authentication Backends. Posted on August 18, 2010 If you are building a Django frontend for a legacy application chances are you will need to integrate your existing user database table(s) with the the Django authentication system (django.contrib.auth).

Django Authentication Backends

In this tutorial we will look at writing our own authentication backend and plugging it into django.contrib.auth. Getting Started Authentication backends are pure python classes. Given a username and password, they are expected to validate them against an authentication source (such as a database) and return a User object. Writing Our Backend Our backend must have two methods: authenticate and get_user authenticate takes two arguments – username and password. Restricting Access by Group in Django. Django's authentication system provides built-in support for Groups.

Restricting Access by Group in Django

When developing an app, you may want to prevent users in a particular group from accessing part of your app. For example, if you were building a tool to be used by Faculty and Students, it's quite possible that there would be parts of the app you wouldn't want Students to access (like the part that allows a User to change grades!) Luckily, there's a decorator called user_passes_test that allows you to easily perform this sort of thing. Let's see an example: from django.contrib.auth.decorators import login_required, user_passes_test @login_required@user_passes_test(lambda u: u.groups.filter(name='Student').count() == 0, login_url='/myapp/denied/') def some_view(request): # Do whatever this view should do The view above (which lacks any content) actually uses two decorators. We define this function using a python Lambda Expression. Lambda u: u.groups.filter(name='Student').count() == 0.

Django Check and set permissions for a user group. Adding a user to a group in django. Django User Profiles - Simple yet powerful. So you're building a web application, and using the excellent contrib.auth subsystem to manage user accounts.

Django User Profiles - Simple yet powerful

Most probably you need to store additional information about your users, but how? Django profiles to the rescue! Django provides a lightweight way of defining a profile object linked to a given user. The profile object can differ from project to project, and it can even handle different profiles for different sites served from the same database. In a nutshell, using Django profiles consists of 3 steps: Define a model that holds the profile information.

Defining the user profile model The only requirement Django places on this model is that it have a unique ForeignKey to the User model, and is called user. For our example, we'll create 2 user profile fields (url and company). Django Multi-Table Inheritance VS Specifying Explicit OneToOne Relationship in Models. Extending User object in Django: User model inheritance or use UserProfile. Python - Django user registration form best practices. Adding Users to your Django Models. Most of the data in your webapp will be associated with a user (for e.g., I’m the author of this post). django.contrib.auth comes with the User model that handles a lot of basic functionality for dealing with users. Here’s some basic reading. Some people like to subclass User to add their own pieces of data, others prefer to create a separate UserProfile model. This post assumes that you already know how you’re going to deal with user profiles.

What I’ll be talking about is associating models with a specific users. Given that: I wanted a generic way to add a user to any model. Anything that inherits from UserData will have the user field in it. Another variation would be to create a UserDataForm and then inherit your PostForm from it: Interested in hearing how others deal with the same issue. Authentication - Extending the User model with custom fields in Django. Extending the Django User model with inheritance. Update March 2013: Django 1.5 includes a configurable custom user model that makes all this obsolete.

Extra fields for Users Most of the Django projects I’ve worked on need to store information about each user in addition to the standard name and email address held by the contrib.auth.models.User model. The old way: User Profiles The solution in the past was to create a “user profile” model which is associated 1-to-1 with the user. Something like: the model.