How do i check user authentication on application level Django - django

How do check the user is authenticated or not when some one try to access a page through url.
ex: http://127.0.0.1/test
when some one types the url i want to check in the page that url redirects, that user is authenticated or not.?

If you're doing it inside view, you can check request.user.is_authenticated(). In some methods of Class-based views, this is not provided as parameter, so you can access it using self.request.
If you're trying to do it inside template:
{% if request.user.is_authenticated %}
You're authenticated!
{% else %}
You're not authenticated :(
{% endif %}
but request must be passed into context, by context processor or by hand, inside your view function.

Related

Pass same dynamic data (user type) to all render request in django

I am creating my first web app using django and I have a custom model which has the user type of each user stored and I want the menu options off my html to be customized based on the user type. I am implementing that by using the if django template tag butfor that I require the user type of the user requesting the page to be passed whenever I call the render function. So is there any method through which this data is sent automatically to all the requests?
You can access request object within your template which has a reference to the current user through request.user. Use it in your template:
{% if request.user.type == <UserType1> %}
# some logic
{% elif request.user.type == <UserType1> %}
# etc.
{% endif %}

Django - check if user has been redirected to current page

I am using Django 1.5 and I want to check if the user has been redirected to my login page because he tried to access another page which required a login without being logged in. Suppose there is this view called 'securityPage' and suppose that view is called when I visit the
/securityInfo/
URL. Assuming this is the securityPage view:
#login_required
def securityPage(request):
#some code
Now when I visit that URL, it redirects me to the login.html page, which is correct (since the user - me - is not logged into any account). This is my login.html:
{% if 'next' in request.GET %}
<p>You must first login into your account before having access to the page you were trying to view.</p>
{% endif %}
for some reason, even though I am being redirected and the URL of the login page I am redirected to is
http://127.0.0.1:8000/login/?next=/securityInfo/
, the line
{% if 'next' in request.GET %}
evaluates to false even when 'next' is in the URL. Any idea why?
i don't think request object is part of the default context values.
check your template_context_processors in your settings and if you add django.core.context_processors.request in that list then the current request will be added to every requestcontext. or just pass the request manually for that view.
https://docs.djangoproject.com/en/1.5/ref/templates/api/#django-core-context-processors-request

django context_processor not understood in templates

i cant quite find it so i hope someone can help me out.
I found the option of using the
TEMPLATE_CONTEXT_PROCESSORS = ("django.contrib.auth.context_processors.auth" )
In django (1.5). But now its not clear for me how i should use it. Should i still put the request in my views, or can i with this enabled use the user_object in my template without sending an extra variably with the Requestcontect
For example:
My view at the moment:
def user_characters(request, user_id):
characters = Character.objects.filter(user=user_id)
user = User.objects.get(id=user_id)
return render_to_response('characters.html',
{'characters': characters, "user": user},
context_instance=RequestContext(request))
My template:
{% extends "base.html" %}
{% block mainframe %}
{% if characters|length < 3 %}
<p>New Character(WN)</p>
{% endif %}
And then the rest of my view.
I notice in almost every view i make i want the user_object send with it.
Can someone please give me an example of how this works?
With kind regards
Hans
django.contrib.auth.context_processors.auth context processor is enabled by default, you don't have to add anything. When you use RequestContext(), a context variable user is available in all templates that you can use. To get id {{userd.id}}.
To check user is authenticated or not, do
{% if user.is_authenticated %}
{# handle authenticated user #}
{%else%}
{# handle anonymous non-authenticated users #}
{%endif%}
You should not expose the user id in the url, you wont need it anyway, if you use django sessions- and the authentication framework. You can always check the logged in user via request.user in your serverside view. With the context processor your should be able to access the user with user.desiredattribute, but you should not need it for the url you try to create.
The docs on this seem pretty clear to me:
https://docs.djangoproject.com/en/dev/ref/templates/api/#django.template.RequestContext
If you want context processors to function, you must ensure that you're using a RequestContext instance. You can do that by explicitly creating it in your views, as you show, or (more conveniently, in my opinion) by using the render shortcut rather than render_to_response as documented here:
https://docs.djangoproject.com/en/dev/topics/http/shortcuts/#render
With the django.contrib.auth.context_processors.auth context processor in place, the user will always be available in the context variable user. At least, assuming your template is being rendered with a RequestContext instance.
You absolutely should not trust a variable obtained from the URL to determine the user if you have any kind of controlled information. With the system you have shown, anyone can view anyone's data simply by editing the URL. That might be OK for a totally insecure application, but it's much more normal to look at request.user.

Showing the logged-in user inside base.html (django)

Is there a way to access the logged in user's firstname inside the base.html file?
I'm trying to do this, because i want to display who is currently logged in on the navigation bar, but it won't access the user's information, nor will it correctly check if the user is authenticated.
html inside base.html
Hi there,
{% if user.is_authenticated %}
{{user.first_name}}
{% else %}
Stranger
{% endif %}
request.user gives you the user object that is currently logged in. So you have full access to all the attributes and methods the User class has. To get the first_name, you can do {{ request.user.first_name }}. To get the full name you use {{ request.user.get_full_name }}.
If you use [RequestContext][1], by default you get user instance in your templates so you can use it as for its attributes as {{user.first_name}} and others. The user will be same a currently authenticated user which is also available in request.user in the views.
The RequestContext by default adds some default template contexts defined in TEMPLATE_CONTEXT_PROCESSORS in your settings.py.
In your view, you can use it as
#your view code
....
#send response by rendering the template and use Requestcontext while rendering template
return render_to_response('polls/detail.html', {'poll': p},
context_instance=RequestContext(request))
Reference - Django Tutorial 04

Django authentication logic

Where is the appropriate place to distinguish between logged in and not logged in users?
ie. Should there be separate templates for logged in and not logged in users? or one template with if/else statements?
Generally, only small bits of the page will be different for logged in users (though this depends completely on the type of site or system you're building). So the most common situation is to do it as a conditional in the template, e.g.:
{% if user.is_authenticated %}
Show this
{% else %}
Show that
{% endif %}
If you wanted to distinguish in the view logic, e.g. sending different data to the template, it would be something like:
if request.user.is_authenticated:
foo="bar"
else:
foo="baz"