//forms.py :
//This is the forms part of my app.
from django import forms
from django.contrib.auth import (
authenticate,
login,
get_user_model,
logout,
)
User=get_user_model()
class UserLoginForm(forms.Form):
username=forms.CharField()
password=forms.CharField(widget=forms.PasswordInput)
def clean(self):
username=self.cleaned_data.get('username')
password=self.cleaned_data.get('password')
user=authenticate(username=username,password=password)
if not user:
raise forms.ValidationError("This user does not exist")
if not user.check_password(password):
raise forms.ValidationError("Incorrect password")
if not user.is_active:
raise forms.ValidationError("This user is no longer active")
return super(UserLoginForm,self).clean()
// views.py :
//views part where in , i used the UserLoginForm created in the form.
from django.shortcuts import render
from django.contrib.auth import (
authenticate,
login,
get_user_model,
logout,
)
from .forms import UserLoginForm
def login_view(request):
if request.method=='POST':
form=UserLoginForm(request.POST or None)
if form.is_valid():
username=form.cleaned_data.get("username")
password=form.cleaned_data.get("password")
return render(request,"accounts/home.html")
else:
form=UserLoginForm()
return render(request,"accounts/login.html",{"form":form})
def register_view(request):
return render(request,"form.html",{})
def logout_view(request):
return render(request,"form.html",{})
//login.html :
//login.html which opens up as home page.
<div>
<form method='POST' action=''>{% csrf_token %}
<input type="text" name="username" placeholder="Username"/>
<input type="password" name="password" placeholder="Password"/>
<input type="submit" value="Login"/>
</form>
</div>
There are no errors, but neither the raise errors show up on invalid //stuff nor the page redirects to home.html on valid user. Please help me fix the problem. I am unable to find the problem.
Please Rendering form error messages to display the error messages...
<form method='POST' action=''>{% csrf_token %}
{{ form.non_field_errors }}
<input type="text" name="username" placeholder="Username"/>
Related
I would like to add captcha on my django login form using Django Simple Captcha found here: http://code.google.com/p/django-simple-captcha/
This works great if you create a new form but I'm using the django.contrib.auth.forms the one that comes with django. Any idea how I might be able to implement captcha with the existing django auth views or any ways? Thank you!
Please do not suggest using Google reCaptcha.
My urls.py
from django.contrib.auth import views as auth_views
urlpatterns = [
path('login/', auth_views.LoginView.as_view(template_name='login.html'), name='login')
,...
]
My login.html
<form class="fadeIn second" method="post">
{% csrf_token %}
{{ form.as_p }}
<button type="submit" class="btn btn-primary"> Login </button>
</form>
My Forms.py
from captcha.fields import CaptchaField
class MyFormCaptcha(forms.Form):
captcha = CaptchaField()
This video and this GitHub project solved my problem. You can customize the project code according to your needs. For me it is as follows.
My urls.py
urlpatterns = [
...
path('captcha/',include('captcha.urls')),
path('submit',submit,name='submit')
]
My forms.py
from captcha.fields import CaptchaField
class MyForm(forms.Form):
captcha=CaptchaField()
My login.html
<form action="/submit" method="post">
{% csrf_token %}
<div>
<label for="fullname">Full Name</label>
<input type="text" id="fullname" name="fullname">
</div>
<br>
<div>
<label for="email">Email</label>
<input type="text" id="email" name="email">
</div> <br>
{{form.captcha}}
<button type="submit">Submit</button>
</form>
My views.py How to log a user in?
from django.contrib.auth import authenticate, login
def test(request):
form=MyForm()
return render(request,'captcha/home.html',{'form':form})
def submit(request):
if request.method == 'POST':
form=MyForm(request.POST)
if form.is_valid():
name=request.POST['fullname']
email=request.POST['email']
print('success')
print(name)
print(email)
user = authenticate(request,username=username,password=password)
if user is not None:
login(request, user)
return redirect('/homepage') # Redirect to a success page.
else:
# Return an 'invalid login' error message.
print('fail')
messages.success( request,f 'login failed! username or passwoed is wrong!'
return redirect('login')
This is a registration page function
def register(request):
if request.method=="POST":
username= request.POST['username']
email= request.POST['email']
password= request.POST['password']
password2= request.POST['password2']
if password == password2:
if User.objects.filter(email=email).exists():
messages.info(request,'Email Already Used')
return redirect('register')
elif User.objects.filter(username=username).exists():
messages.info(request,'Username Already Used')
return redirect('register')
else:
user=User.objects.create_user(username=username,email=email,password=password2) #create_user not working
user.save()
return redirect('login')
else:
messages.info(request,'password not same')
return redirect('register')
else:
return render(request,'register.html')
this is the register.html file
<h1>SIGN UP HERE</h1>
<style>
h5 {
color: red
}
</style>
{% for message in massages %}
<h5>{{message}}</h5>
{% endfor %}
<form method="POST" action="register">
{% csrf_token %}
<p>Username(admission number):</p>
<input type="text" name="username" />
<P>Email</P>
<input type="email" name="email" />
<p>Password:</p>
<input type="password" name="password" />
<p>Repeat password</p>
<input type="password" name="password2" /><br>
<input type="submit" />
</form>
I have imported User model for create_user method
from django.contrib.auth.models import User
but its not working
I don't know why you would want to create a function-based view for User creation. A much simpler way to do this is to build a class-based view using django's User model:
from users.models import User
from .forms import RegisterForm
from django.views import generic
class UserRegistration(generic.CreateView):
form_class = RegisterForm
template_name = 'register.html'
success_url = reverse_lazy('home')
In your forms.py file (in whichever app you are creating the users) you add the RegisterForm:
from django.contrib.auth.models import User
from django import forms
from django.contrib.auth.forms import UserCreationForm
class RegisterForm(UserCreationForm):
email = forms.EmailField()
class Meta:
model = User
fields = ('username', 'email', 'password1', 'password2')
username, password1, and password2 are already built in fields for django Users, so it's already done for you.
Then in your register.html file all you need is to add the from:
<h1>SIGN UP HERE</h1>
<style>
h5 {
color: red
}
</style>
{% for message in massages %}
<h5>{{message}}</h5>
{% endfor %}
<form method="POST" action="register">
{% csrf_token %}
{{form.as_p}}
</form>
{{form.as_p}} renders all the fields in the order they appear in in your RegisterForm.
I do know that this is a repeated question. I did refer those answers but still I couldn't get my issue fixed. Kindly do help. Registration works just fine. The registered users gets added to the DB fine. Logout works fine. The issue is with login. Whenever I try logging in , I keep getting the response "Invalid login details".
views.py
from django.shortcuts import render, redirect
from . forms import *
from django.http import HttpResponse
from django.contrib.auth import authenticate, login, logout
from django.contrib.auth.decorators import login_required
# USER LOGIN
def user_login(request):
if request.method == 'POST':
username = request.POST.get('username')
password = request.POST.get('password')
user =authenticate( username=username, password=password)
if user is not None:
if user.is_active:
login(request,user)
return redirect('home')
else:
return HttpResponse("Account not active")
else:
return HttpResponse("Invalid login details") #whenever I try to login, I always gets this response.
else:
return render(request, 'basic_app/login.html')
#USER LOGOUT
#login_required
def user_logout(request):
logout(request)
return redirect('login')
urls.py(application).
from django.urls import path
from . import views
urlpatterns = [
path('',views.index, name='home'),
path('register/',views.register, name='register'),
path('login/',views.user_login, name='login'),
path('logout/',views.user_logout, name='logout'),
]
login.html
{% extends 'basic_app/base.html' %}
{% block body_block %}
<div class='jumbotron'>
<h2>User Login</h2>
<form action="{% url 'login' %}" method="post">
{% csrf_token %}
<label for="username">Username:</label>
<input id="username" type="text" placeholder="Enter Username">
<label for="password">Password</label>
<input id="password" type="password" placeholder="Enter Password">
<input type="submit" value="Login">
</form>
</div>
{% endblock %}
settings.py
LOGIN_URL = '/basic_app/login/'
Try this:-
Make a copy of your Project in another folder. AND delete the current database and
create a new Database as usual like :- IN Terminal - Create Superuser command is :-
python manage.py createsuperuser.
In your views.py, in the user_login function you are checking if the user.is_active.
Instead try checking if the user is authenticated in the if statement.
Because I think that the user would probably be inactive before being logged in or authenticated.
For example, this is from the documentation:
if request.user.is_authenticated:
# Do something for authenticated users.
...
else:
# Do something for anonymous users.
...
Check the documentation here
Edit
Sorry, I was lookin at the wrong if block.
You don't seem to have assigned anything to the user variable. That maybe why the user is returned as none.
Also you can try:
user = request.user
Do you have any security concerns with what I've done being implemented in a production web app? Either in the Django HTML Template or my views logic?
I would prefer to have the form in actual html rather than using {{ form }}. Is it ok to allow the user to implement very basic passwords?
views.py is:
from django.shortcuts import render, redirect
from django.contrib.auth import get_user_model
User = get_user_model()
from django.contrib.auth import authenticate, login as auth_login
from django.contrib import auth
from memberships.models import UserMembership
from django.contrib.auth.decorators import login_required
from companies.models import Profile
# Create your views here.
def register(request):
if request.method == "POST":
# User has info and wants an account now!
if request.POST['password1'] == request.POST['password2']:
try:
user = User.objects.get(email=request.POST['email'])
return render(request, 'accounts/register.html', {'error': 'Email has already been taken'})
except User.DoesNotExist:
user = User.objects.create_user(request.POST['email'], password=request.POST['password1'])
auth.login(request, user)
company = Profile()
company.businessperson = request.user
company.first_name = request.POST['firstname']
company.last_name = request.POST['lastname']
company.company_name = request.POST['companyname']
company.phone_number = request.POST['phonenum']
company.save()
return redirect('memberships:payment')
else:
return render(request, 'accounts/register.html', {'error': 'Passwords must match'})
# User wants to enter info
return render(request, 'accounts/register.html')
def login(request):
if request.method == "POST":
user = authenticate(email=request.POST["email"], password=request.POST["password"])
if user is not None:
# Our backend authenticated the credentials
auth_login(request, user)
return redirect('dashboard')
else:
# Backend did not authenticate the credentials
return render(request, 'accounts/login.html', {"error": "Incorrect email and or password"})
else:
return render(request, 'accounts/login.html')
def logout(request):
if request.method == "POST":
auth.logout(request)
return redirect('login')
forms in login.html and register.html:
<!-- login.html -->
<form action="{% url 'login' %}" method="POST">
{% csrf_token %}
<div class="form-group">
<input type="email" name="email" id="exampleInputEmail">
</div>
<div class="form-group">
<input type="password" name="password" id="exampleInputPassword" >
</div>
<input type="submit" value="Login">
</form>
<!-- register.html -->
<form action="{% url 'register' %}" method="POST" >
{% csrf_token %}
<input type="text" name="firstname" id="exampleFirstName" >
<input type="text" name="lastname" id="exampleLastName" >
<input type="text" name="companyname" id="exampleInputCompany" >
<input type="tel" name="phonenum" id="exampleInputPhone" placeholder="Phone Number">
<input type="email" name="email" id="exampleInputEmail" placeholder="Email" required>
<input type="password" name="password1" id="exampleInputPassword" placeholder="Password" required>
<input type="password" name="password2" id="exampleRepeatPassword" placeholder="Repeat Password" required>
<input type="submit" value="Register Account">
</form>
my forms.py:
from django import forms
from django.contrib.auth import authenticate, get_user_model
from django.contrib.auth.models import User
from django.forms import ModelForm
from django.utils.text import capfirst
from .models import Classname, Sectionname, Teachername, Attendancename
class AuthenticationForm(forms.Form):
username = forms.CharField(max_length=20)
password = forms.CharField(widget=forms.PasswordInput)
error_messages = {
'invalid_login': ("Please enter a correct %(username)s and password."
"Note that both fields may be case-sensitive."),
'inactive': ("This account is inactive"),
}
def __init__(self, request=None, *args, **kwargs):
self.request = request
self.user_cache = None
super(AuthenticationForm, self).__init__(*args, **kwargs)
UserModel = get_user_model()
self.username_field = UserModel._meta.get_field(UserModel.USERNAME_FIELD)
if self.fields['username'].label is None:
self.fields['username'].label = capfirst(self.username_field.verbose_name)
def clean(self):
username = self.cleaned_data.get('username')
password = self.cleaned_data.get('password')
if username and password:
self.user_cache = authenticate(username=username, password=password)
if self.user_cache is None:
raise forms.ValidationError(
self.error_messages['invalid_login'],
code='invalid_login',
params={'username': self.username_field.verbose_name},
)
else:
self.confirm_login_allowed(self.user_cache)
return self.cleaned_data
def confirm_login_allowed(self, user):
if not user.is_active:
raise forms.ValidationError(
self.error_messages['inactive'],
code='inactive',
)
def get_user_id(self):
if self.user_cache:
return self.user_cache.id
return None
def get_user(self):
return self.user_cache
views.py:
#csrf_protect
#never_cache
def login(request, template_name='login.html',
authentication_form=AuthenticationForm,
extra_context=None):
if request.method == "POST":
form = authentication_form(request, data=request.POST)
if form.is_valid():
return HttpResponseRedirect(reverse('student:mains'))
else:
print(form.errors)
else:
form = authentication_form(request)
context = {
'form': form,
}
return TemplateResponse(request, template_name, context)
my login template:
<html>
<head><title>Login</title></head>
<strong> Mysite Login </strong>
<br><br>
<h3> Please Enter your credentials carefully </h3>
<body>
{% if form.errors %}
<p>NOT VALID</p>
{% for errors in form.errors %}
{{ errors }}
{% endfor %}
{% endif %}
<form method="post">
{% csrf_token %}
<label>Username: </label>
<input type="text">
<br>
<label>Password: </label>
<input type="password">
<br>
<input type="submit" value="Login">
</form>
</body>
</html>
my urls.py:
from django.conf.urls import url, patterns
from django.contrib.auth import views as auth_views
from . import views
urlpatterns = [
url(r'^register/$', views.register, name='register'),
url(r'^login/$', views.login, name='login'),
url(r'^logout/$', views.logout, name='logout'),
url(r'^password_change/$', auth_views.password_change, {'template_name': 'password_change_form.html', 'post_change_redirect': '/stu/password_change/done/'}, name="password_change"),
url(r'^password_change/done/$', auth_views.password_change_done, {'template_name': 'password_change_done.html'}, name="password_change_done"),
url(r'^restricted/', views.restricted, name='restricted'),
url(r'^mains/', views.mains, name = 'mains'),
]
I'm trying to implement django-authentication on my project. I have read some docs and made the above authentication views and forms.
The problem is that when I'm submitting my login form with correct credentials it doesn't redirect me to the redirect location as specified in my views. It doesn't do anything.
Is it the correct way in which I'm trying to do it? As I'm not using here model form.
Please suggest me the way to correct it...
Thanks! in Advance...
Still facing the same issue...
Change this:
<form method="post">
<label>Username: </label>
<input name="name">
<label>Password: </label>
<input name="phone">
to,
<form method="post" action="{% url 'login_url_name' %}">
<label>Username: </label>
<input name="username">
<label>Password: </label>
<input name="password">
Debugging suggestions:
Make sure you’re hitting the correct view when you submit the form. How? Add debug logging1 at the beginning of login(). If you don’t see the logging when you submit then make sure to set <form>’s action attribute to proper URL.
Make sure your form passes is_valid() test. Add debug logging inside if form.is_valid(): branch in your view. If it doesn’t work, make sure credentials are correct. Dump request.POST to see what might be wrong with data submitted by the form.
1 Debug logging may be a simple Exception("HEYY!!") in your code. The purpose is simply to see if your code reaches the branch in question. You’ll be sure it does if you see Django yelling at you.