I am doing a panchayath solid waste management project in django. What I want to do is, only allow Admin to add Panchayath member only if they are logged in. And I gave login_required decorator and its working fine ie when I visit the AddMember view without login in, it is getting redirected. But problem is when Admin log in and goes to AddMember view, it is also redirecting to login page. So anyone explain me the correct working of login_required??
Related
I am rather new to Django and all of the work I have done so far has been with models/views/viewsets.. The site I am working on incorporates Django allauth for authentication. I have successfully edited/styled the login/logout templates, but the page will be accessed by people who are given credentials created in the admin section rather than signing up on their own- so the sign up page is unnecessary. I'd like to just show a 404 page anytime someone lands on the signup page. I have already removed all the links to the signup page from the other templates.
In short- how do I just redirect someone to the Django default page_not_found when they hit /accounts/signup/?
My attempts so far have revolved around editing the URLs.py file to include something like path('account_signup', page_not_found) (after importing it at the top), or some other manipulation of that line. I'm probably missing something really easy, as I have been getting a little frustrated... And I haven't found any stack overflows where someone was desiring a 404 when a user navigated to one of the allauth account pages.
In order to server 404 pages automatically for not found url, create a 404 view and then in main projects urls.py have below code
Read the Official docs
handler404 = 'mysite.views.my_custom_page_not_found_view'
For redirecting use Redirect View in django docs
from django.views.generic.base import RedirectView
url('/accounts/signup/', RedirectView.as_view(url='/', permanent=False),name='index')
Note their is 404 page for developers builts in django, but once you turn debug=False in settings for production apps,it is not visible,
You can simply not use the signup page in your urls.
On the other hand, it is bad practice to use createsuperuser to create users, since by default they will have enough privileges, even to log in to admin and edit things. The right thing to do is to create a user with some method you want, and with the permissions you give them.
This last one will allow you to use a decorator in your signup view that only allows access to that page in case you have an account with a particular privilege, and not any user. There is no point in returning a 404.
I'm using allauth for authentication and django messages work really well throughout all signup, login etc stages.
However, to avoid the 2 step 'are you sure you want to logout?' I have overidden the allauth view as so:
url(r'^accounts/logout/$', 'django.contrib.auth.views.logout',{'next_page': '/', }),
This technique works fine, and the user is redirected to the home page immediately after clicking 'logout.'
However, with this approach I'm no longer able to display a successfully logged out message.
Could anyone give me a tip on how to do this using the messages framework and my current setup?
Thanks in advance,
The simple answer to this is to simply set:
ACCOUNT_LOGOUT_ON_GET to True
The extra url to override accounts/logout isn't necessary..
I'm currently using out-of-the-box django.contrib.auth to handle authentication in my Django app. This means that the user starts at a log in page and is redirected to the app on successful login. I would like to make my app single-page, including this login process, where a redirect doesn't happen, but maybe a "hot" template switch-out or some fancy client-side div magic (that still remains secure). My Google searching turned up pretty short, the closest solution dealing with putting a log in form on every page.
Any direction or ideas here would be much appreciated. I would obviously prefer to work within the existing confines of django.contrib.auth if possible, but I'm open to all solutions.
I'm not sure I understand your question completely. I think you want to have a single page. If so, put logic in your template that checks to see if the user is authenticated. If not, display a login form that POSTS to the appropriate django.contrib.auth view. You can supply an argument to this view to have it redirect back to your page. When you come back, the user will be authenticated, so you won't display the login form.
Have a look at Django-Easy-Pjax https://pypi.python.org/pypi/django-easy-pjax - it works like a charm and is well documented. Everything you like is being made with AJAX requests: links, forms using GET and forms using POST.
Essentially you only need to add a data-pjax="#id_of_the_container_where_the_result_goes" attribute in your a and form tags.
And the great thing about it: It updates the title and location bar of your browser.
One caveat: If you want to upload files in some form, this is not supported by Easy-Pjax, so you might want to use some workaround jQuery library for that.
I have a website, and i've been writing websites on django for a while now, but never encoutered something like this before...
Trouble is that when i login everything seems alright, but as surf random pages , pretty often happens thing, that code between {% if user.is_authenticated %} {%endif %} dissapears as i am not logged in , though i just was .
If i go back to previous page where i was logged, before going to next page , it shows i am logged in again , and it happens completely randomly. It's not like it happens after specific actions.
Often when i try to do it on purpose everything works fine , but as some time passes something like this occurs. Though if go to login page, while it randomly shows i am logged out, it automatically logs me back because like i understand session does exist, for some reason django just does not see it .....
I am very confused what might be wrong. Any possible advice would be great.
1) I am not using any session functions. Basically nothing that can on purpose trigger those events. Just simple logic in views and return render_to_response('template', RequestContext(request, {}))
2) Django is running on nginx and uwsgi
3) Here is the website site, which is currently under development, but you can login with user test, and password test to try ... maybe the same effect occurs and you'll see it.... but i do not guarentee that it will occur immidiately, it is completely random. To try u just have to click random pages..... and eventually u'll see that it shows that you logged out, though you didn't.
Your post does not give us much info to work with, and your page times out.
My best suggestion is to add the login_required decorator to all of your views. If you are in fact being logged out you will be able to see where this occurs.
Add the import to the top of your page, and the decorator above every view like so:
from django.contrib.auth.decorators import login_required
#login_required(login_url='LINK_TO_LOGIN_URL')
def first_view(request):
# Your view code
You will be redirected to your login URL at any point that you are not logged in.
Once you diagnose where you are being logged out, you should be able to troubleshoot much easier. If you are able to access every view, then you can troubleshoot your templates and your is_authenticated code.
Is there a good way to have both the login and register forms for django-registration on one page? I've had trouble finding a way to do it now that the backend system is enforced. Is there a view that can be overwritten that would allow you to add both forms to it? Anyone done this before or can point to an article about this?
Edit: Just to clarify I have the whole django-registration and login system set up and working properly, I'd just like to get both forms on the same page. I do not have access to their views.
Just hard-code your login-form in the registration-html-template. It should work like a charm.
You can always override the default login and registration views/templates. You can take a look at this link and see if this was what you were thinking to do. Then, you can read the Django documentation for further information about making custom login and registration views and templates as well.