The Project | About Us | Contribute | Donations | License
HOME My courses Completed
◄ Previous

User Authentication

Next ►

User authentication is a critical aspect of web development, ensuring that users can securely log in and access their accounts. In this section, we will cover the basics of user authentication in Django, including setting up user registration, login, and logout functionalities.

Key Concepts

  1. Authentication vs. Authorization:

    • Authentication: Verifying the identity of a user (e.g., login).
    • Authorization: Determining what an authenticated user is allowed to do (e.g., access control).

  2. Django's Built-in Authentication System:

    • Django provides a robust authentication system out of the box, including models, views, and forms for user management.

Setting Up User Authentication

  1. Creating a User Registration Form

First, let's create a user registration form using Django's built-in UserCreationForm.

# forms.py
from django import forms
from django.contrib.auth.forms import UserCreationForm
from django.contrib.auth.models import User

class RegisterForm(UserCreationForm):
    email = forms.EmailField(required=True)

    class Meta:
        model = User
        fields = ['username', 'email', 'password1', 'password2']

  1. Creating Views for Registration, Login, and Logout

Next, we need to create views to handle user registration, login, and logout.

# views.py
from django.shortcuts import render, redirect
from django.contrib.auth import login, authenticate, logout
from django.contrib.auth.forms import AuthenticationForm
from .forms import RegisterForm

def register_view(request):
    if request.method == 'POST':
        form = RegisterForm(request.POST)
        if form.is_valid():
            user = form.save()
            login(request, user)
            return redirect('home')
    else:
        form = RegisterForm()
    return render(request, 'register.html', {'form': form})

def login_view(request):
    if request.method == 'POST':
        form = AuthenticationForm(request, data=request.POST)
        if form.is_valid():
            username = form.cleaned_data.get('username')
            password = form.cleaned_data.get('password')
            user = authenticate(username=username, password=password)
            if user is not None:
                login(request, user)
                return redirect('home')
    else:
        form = AuthenticationForm()
    return render(request, 'login.html', {'form': form})

def logout_view(request):
    logout(request)
    return redirect('home')

  1. Creating Templates for Registration, Login, and Logout

Create HTML templates for the registration, login, and logout views.

<!-- register.html -->
<!DOCTYPE html>
<html>
<head>
    <title>Register</title>
</head>
<body>
    <h2>Register</h2>
    <form method="post">
        {% csrf_token %}
        {{ form.as_p }}
        <button type="submit">Register</button>
    </form>
</body>
</html>
<!-- login.html -->
<!DOCTYPE html>
<html>
<head>
    <title>Login</title>
</head>
<body>
    <h2>Login</h2>
    <form method="post">
        {% csrf_token %}
        {{ form.as_p }}
        <button type="submit">Login</button>
    </form>
</body>
</html>

  1. Configuring URLs

Add URL patterns to map the views to URLs.

# urls.py
from django.urls import path
from .views import register_view, login_view, logout_view

urlpatterns = [
    path('register/', register_view, name='register'),
    path('login/', login_view, name='login'),
    path('logout/', logout_view, name='logout'),
]

  1. Protecting Views with Login Required

To restrict access to certain views, use the login_required decorator.

# views.py
from django.contrib.auth.decorators import login_required

@login_required
def protected_view(request):
    return render(request, 'protected.html')
# urls.py
from .views import protected_view

urlpatterns += [
    path('protected/', protected_view, name='protected'),
]

Practical Exercise

Exercise: Implement User Authentication

  1. Objective: Implement user registration, login, and logout functionalities in a Django project.
  2. Steps:
    • Create a new Django project and app.
    • Set up the user registration form.
    • Create views for registration, login, and logout.
    • Create templates for the views.
    • Configure URLs.
    • Protect a view with the login_required decorator.

Solution

Follow the steps outlined in the sections above to implement the user authentication system.

Common Mistakes and Tips

  • Common Mistake: Forgetting to include {% csrf_token %} in forms.

    • Tip: Always include {% csrf_token %} in your forms to prevent CSRF attacks.

  • Common Mistake: Not redirecting users after login or registration.

    • Tip: Use redirect('home') or another appropriate URL to redirect users after successful login or registration.

Conclusion

In this section, we covered the basics of user authentication in Django, including setting up user registration, login, and logout functionalities. We also learned how to protect views using the login_required decorator. In the next module, we will dive deeper into more advanced topics such as class-based views and form handling.

◄ Previous
Next ►
The Project | About Us | Contribute | Donations | License
© Copyright 2024. All rights reserved