I am facing a problem while building a Django web app.
I want that if a user logs into his account, his session should be stored and when he agains visits the login page ,he should be redirected to his home page. I have tried using
Here is my code.
Views.py
from django.http import HttpResponse
from django.shortcuts import render_to_response
from django.contrib.auth.decorators import login_required
from django.template import RequestContext
def index(request):
return HttpResponse("Index Page")
#login_required
def home(request):
ctx = {}
return render_to_response('auth/home.html',ctx, context_instance = RequestContext(request))
Urls.py
from django.conf.urls.defaults import *
from django.contrib.auth.views import login, logout
urlpatterns = patterns('',
url(r'^$','apps.auth.views.index'),
)
urlpatterns = patterns('',
url(r'cc/', login, kwargs = {'template_name' : 'auth/cc.html'} , name = 'cc_login'),
url(r'logout/', logout, name = 'cc_logout'),
url(r'home/','apps.auth.views.home', name = 'cc_home'),
)
I ran into the same situation with my django project.
I solved it by making a view that was similar too:
def login_page(request):
if request.user.is_authenticated():
return redirect(<insert your desired page here>)
else:
return render(<whatever the login page is>)
This way, if the user is logged in, they will be redirected to whatever page you want them to be.
EDIT:
In response to the comments below, I am modifying my answer (original is still above).
Here is what I have done to solve your problem.
from django.contrib.auth.views import login
def custom_login(request, **kwargs):
"""
Redirects the user to the desired page if they are authenticated
"""
if request.user.is_authenticated():
return redirect(<whatever page or view you want them to go to>)
else:
return login(request, **kwargs)
For example, your kwargs could be {'template_name': 'your_login_template.html', 'authentication_form': YourCustomRegistrationFormClass}
If you're using the standard login and registration procedures, just leave the kwargs part blank.
I'm fairly new to Django, but have you tried overriding the default login view?
views.py
from django.contrib.auth import views as auth_views
from django.shortcuts import redirect
def login(request, *args, **kwargs):
if request.method == 'POST':
request.session.set_expiry(0) # Remember user session
if request.user.is_authenticated():
return redirect(USER_PAGE_ADDRESS)
return auth_views.login(request, *args, **kwargs)
urls.py
urlpatterns = patterns('',
url(r'cc/', APP_NAME.views.login, kwargs = {'template_name' : 'auth/cc.html'} , name = 'cc_login'),
...
)
Related
I am new to django.In my project,I have many users,how to control the Url access by different user?
eg:
urlpatterns = [
url(r'man/dash/(?P<base>[0-9]{8})/$', man_dash ,name='man_dash')
]
The url can access By User A and B has no permisson.
I will appreciate it if someone can give me a instance...
In your views.py:
from django.contrib.auth.decorators import user_passes_test
def my_check(user):
return user.username == 'A'
#user_passes_test(my_check)
def man_dash(request):
This shouldn't be done on URL level, but view level. In the view that the URL redirects to, you can check if the user has the permissions he/she needs and then either return a site or return a 404 page or 403 forbidden page.
example:
from django.views.generic import TemplateView
from django.http import HttpResponseNotAllowed
class MyView(TemplateView):
template_name = 'sth.html'
def get(self, request, **kwargs):
if request.user.is_superuser():
return super().get(request, **kwargs)
return HttpResponseNotAllowed()
I am trying to implement on my website a simple and friendly address system.
What i'm thinking about is when the user logged in, his username will be displayed in the address bar.
www.example.com/username1 (for home page profile)
www.example.com/username1/about/
www.example.com/username1/gallery/
www.example.com/username2 (for home page profile)
www.example.com/username2/about/
www.example.com/username2/gallery/
And additionally if anyone enter the address www.example.com/username1, will be shown the profile of user1.
I already implemented a register/Login system using Django-Allauth
mySite/urls.py
url(r'^accounts/', include('allauth.urls')),
home/urls.py
url(r'^$', views.index),
home/views.py
def index(request):
return render_to_response('home/index.html', context_instance=RequestContext(request))
I tried to follow some examples like Facing problem with user profile url scheme like example.com/username in django
But i dont have this thing working yet. I dont understand what to do :(
Please, give some advise.
Add the following url as the last item of the mySite/urls.py:
urlpatterns = patterns('',
...
url(r'^(?P<username>\w+)/', include('userapp.urls')),
)
Then the username parameter will be passed to the views of your userapp:
userapp/urls.py:
from userapp import views
urlpatterns = patterns('',
url(r'^$', views.profile, name='user_profile'),
url(r'^about/$', views.about, name='user_about'),
url(r'^gallery/$', views.gallery, name='user_gallery'),
)
userapp/views.py:
def profile(request, username):
user = get_object_or_404(User, username=username)
return render(request, 'userapp/profile.html', {'profile_user': user})
def about(request, username):
...
def gallery(request, username):
...
It's almost perfect, but i have a bug. Let me explain. When i login (my login system is: django-allauth) on the http://127.0.0.1:8000/accounts/login/ i return to http://127.0.0.1:8000 with an error 404.
I am not getting the http://127.0.0.1:8000/username/ with the template, when the login botton is clicked.
The instalation of django-allauth require adding to the settings.py
LOGIN_REDIRECT_URL = '/'
How can i redirect to http://127.0.0.1:8000/username/ and show the correct template?
1. Regarding
How can i redirect to
Based on the answer from https://stackoverflow.com/a/20143515/4992248
# settings.py:
ACCOUNT_ADAPTER = 'project.your_app.allauth.AccountAdapter'
# project/your_app/allauth.py:
from allauth.account.adapter import DefaultAccountAdapter
class AccountAdapter(DefaultAccountAdapter):
def get_login_redirect_url(self, request):
return 'request.user.username' # probably also needs to add slash(s)
Would be better to use get_absolute_url, ie return 'request.user.get_absolute_url'. In this case you need to do:
# 1. Add `namespace` to `yoursite/urls.py`
urlpatterns = patterns('',
...
url(r'^(?P<username>\w+)/', include('userapp.urls', namespace='profiles_username')),
)
# 2. Add the code below to the Users class in models.py
def get_absolute_url(self):
# 'user_profile' is from the code shown by catavaran above
return reverse('profiles_username:user_profile', args=[self.username])
2. Regarding
show the correct template
catavaran wrote correct urls which leads to views.profile, so in view.py you need to write:
from django.shortcuts import render
from .models import UserProfile # import model, where username field exists
from .forms import UserProfileForm # import Users form
def profiles(request, username):
user = get_object_or_404(UserProfile, username=username)
return render(request, 'home/profiles.html', {'user_profile_form': user})
In template (i.e. profiles.html) you can show user's data via {{user_profile_form.as_p}}
Currently I use these patterns to log in and out
urlpatterns += patterns("",
(r'^login/$', 'django.contrib.auth.views.login', {'template_name': 'login.html'}),
(r'^logout/$', 'django.contrib.auth.views.logout', {'template_name': 'logout.html'})
)
Inspite of having LOGIN_REDIRECT_URL = '/profile/' in my settings.py, Django does not send me to /profile/ if I want to access /login/ when I'm already logged in...
Can I somehow redirect in the URL patterns of the auth system? I'm reluctant to write a custom view for that.
I use something like this in my urls.py:
from django.contrib.auth.views import login
from django.contrib.auth.decorators import user_passes_test
login_forbidden = user_passes_test(lambda u: u.is_anonymous(), '/')
urlpatterns = patterns('',
url(r'^accounts/login/$', login_forbidden(login), name="login"),
How about riding the Django login view?
Then add this little piece of code in that view:
if request.user.is_authenticated():
# Redirect to profile
If you want to do something else in template itself for the register user:
{% if user.is_authenticated %}
I ended up writing a decorator for such task.
Please take note that I've made it quick & dirty.
from django.conf import settings
from django.shortcuts import redirect
def redirect_if_logged(f=None, redirect_to_url=None):
u"""
Decorator for views that checks that the user is already logged in, redirecting
to certain URL if so.
"""
def _decorator(view_func):
def _wrapped_view(request, *args, **kwargs):
if request.user.is_authenticated():
redirect_url = redirect_to_url
if redirect_to_url is None:
# URL has 'next' param?
redirect_url_1 = request.GET.get('next')
# If not, redirect to referer
redirect_url_2 = request.META.get('HTTP_REFERER')
# If none, redirect to default redirect URL
redirect_url_3 = settings.LOGIN_REDIRECT_URL
redirect_url = redirect_url_1 or redirect_url_2 or redirect_url_3
return redirect(redirect_url, *args, **kwargs)
else:
return view_func(request, *args, **kwargs)
return _wrapped_view
if f is None:
return _decorator
else:
return _decorator(f)
Looking at the source code on Github, the default login view provided by django.contrib.auth will only use LOGIN_REDIRECT_URL if the login form is submitted via a POST request, and it has no next parameter. (The docs mention this too).
The login view doesn't actually do any checking of whether you're authenticated already or not - so an already-authenticated user hitting the page with a standard GET request will see the login form again - just the same as an unauthenticated user.
If you want different behaviour, I'd recommend writing your own login view.
On your projects urls.py file (url_patterns list), add redirect_authenticated_user=True as a parameter in login path like this:
path('admin/', admin.site.urls),
path('login/', auth_views.LoginView.as_view(
template_name='blog_app/login.html',
redirect_authenticated_user=True
), name='login'),
You could use this decorator
def login_excluded(redirect_to):
""" This decorator kicks authenticated users out of a view """
def _method_wrapper(view_method):
def _arguments_wrapper(self, request, *args, **kwargs):
if self.request.user.is_authenticated:
return redirect(redirect_to)
return view_method(request, *args, **kwargs)
return _arguments_wrapper
return _method_wrapper
I'm working on a platform for online labs registration for my university.
Login View [project views.py]
from django.http import HttpResponse, HttpResponseRedirect, Http404
from django.shortcuts import render_to_response
from django.template import RequestContext
from django.contrib import auth
def index(request):
return render_to_response('index.html', {}, context_instance = RequestContext(request))
def login(request):
if request.method == "POST":
post = request.POST.copy()
if post.has_key('username') and post.has_key('password'):
usr = post['username']
pwd = post['password']
user = auth.authenticate(username=usr, password=pwd)
if user is not None and user.is_active:
auth.login(request, user)
if user.get_profile().is_teacher:
return HttpResponseRedirect('/teachers/'+user.username+'/')
else:
return HttpResponseRedirect('/students/'+user.username+'/')
else:
return render_to_response('index.html', {'msg': 'You don\'t belong here.'}, context_instance = RequestContext(request)
return render_to_response('login.html', {}, context_instance = RequestContext(request))
def logout(request):
auth.logout(request)
return render_to_response('index.html', {}, context_instance = RequestContext(request))
URLS
#========== PROJECT URLS ==========#
urlpatterns = patterns('',
(r'^media/(?P<path>.*)$', 'django.views.static.serve', {'document_root': settings.MEDIA_ROOT }),
(r'^admin/', include(admin.site.urls)),
(r'^teachers/', include('diogenis.teachers.urls')),
(r'^students/', include('diogenis.students.urls')),
(r'^login/', login),
(r'^logout/', logout),
(r'^$', index),
)
#========== TEACHERS APP URLS ==========#
urlpatterns = patterns('',
(r'^(?P<username>\w{0,50})/', labs),
)
The login view basically checks whether the logged in user is_teacher [UserProfile attribute via get_profile()] and redirects the user to his profile.
Labs View [teachers app views.py]
from django.http import HttpResponse, HttpResponseRedirect, Http404
from django.shortcuts import render_to_response
from django.template import RequestContext
from django.contrib.auth.decorators import user_passes_test
from django.contrib.auth.models import User
from accounts.models import *
from labs.models import *
def user_is_teacher(user):
return user.is_authenticated() and user.get_profile().is_teacher
#user_passes_test(user_is_teacher, login_url="/login/")
def labs(request, username):
q1 = User.objects.get(username=username)
q2 = u'%s %s' % (q1.last_name, q1.first_name)
q2 = Teacher.objects.get(name=q2)
results = TeacherToLab.objects.filter(teacher=q2)
return render_to_response('teachers/labs.html', {'results': results}, context_instance = RequestContext(request))
I'm using #user_passes_test decorator for checking whether the authenticated user has the permission to use this view [labs view].
The problem I'm having with the current logic is that once Django authenticates a teacher user he has access to all teachers profiles basically by typing the teachers username in the url.
Once a teacher finds a co-worker's username he has direct access to his data.
Any suggestions would be much appreciated.
A simple way would be to modify the view to add an extra check:
#user_passes_test(user_is_teacher, login_url="/login/")
def labs(request, username):
if username != request.user.username:
return HttpResponseNotAllowed()
... and so on ...
Assuming you have a variable called 'teacher' that represents the profile of the teacher whose profile you're viewing, just do something like this early in the view:
if request.user.get_profile() != teacher:
..redirect, throw 404, whatever you fancy
Just a short hint.
...
user = request.user
enrollment = get_object_or_404(Enrollment, id=enrollment_id)
profile = get_object_or_404(Profile, user=user)
if not (enrollment.profile == profile or user.is_staff):
raise Http404
...
enrollment.delete()
We used such if statements to determine, whether the actual user and the action he requested match. In the example above, only the profile who create an enrollment is allowed to delete it (or someone with staff priviledges).
I'm trying to redirect a user to a url containing his username (like http://domain/username/), and trying to figure out how to do this. I'm using django.contrib.auth for my user management, so I've tried using LOGIN_REDIRECT_URL in the settings:
LOGIN_REDIRECT_URL = '/%s/' % request.user.username # <--- fail..
but it only seems to accept fixed strings, rather than something that'll be determined after the user is logged in. How can I still accomplish this?
A solution, is to redirect to a static route like '/userpage/' and have that redirect to the final dynamic page.
But I think the real solution is to make a new view that does what you really want.
from django.contrib.auth import authenticate, login
from django.http import HttpResponseRedirect
def my_view(request):
username = request.POST['username']
password = request.POST['password']
user = authenticate(username=username, password=password)
if user is not None:
if user.is_active:
login(request, user)
HttpResponseRedirect('/%s/'%username)
else:
# Return a 'disabled account' error message
else:
# Return an 'invalid login' error message.
http://docs.djangoproject.com/en/dev/topics/auth/#authentication-in-web-requests
for more information about rewriting the view. This is how the docs say to override this kind of thing.
With the class-based django.contrib.auth.views.LoginView, you can now simply override get_success_url:
urls.py:
url(r'^login$', MyLoginView.as_view(), name='login'),
url(r'^users/(?P<username>[a-zA-Z0-9]+)$', MyAccountView.as_view(), name='my_account'),
views.py
class MyLoginView(LoginView):
def get_success_url(self):
return reverse('my_account', args=[self.request.user.username])
Wrap the auth view in your own custom view and redirect to wherever you want if authentication succeeded.
from django.http import HttpResponseRedirect
from django.contrib import auth
from django.core.urlresolvers import reverse
def login(request):
template_response = auth.views.login(request)
if isinstance(template_response, HttpResponseRedirect) and template_response.url == '/accounts/profile/':
return HttpResponseRedirect(reverse('user', args=(request.user.username,)))
return template_response
Another alternative is to use the query param next to indicate where to redirect to after the login.
sign in
I use django-two-factor-auth login view which provides OTP features for login.
Hence I extend from two_factor's LoginView.
In main urls.py:
from two_factor.urls import urlpatterns as tf_urls
urlpatterns = [
# make sure login is before default two_factor (tf_urls) urls
# coz first url has higher preference
path('account/login/', MyLoginView.as_view(), name='login'),
path('', include(tf_urls)),
]
In views.py:
from two_factor.views.core import LoginView
from two_factor.utils import default_device
class MyLoginView(LoginView):
def get_success_url(self):
if self.is_otp_setup() is True:
return reverse('homepage:homepage')
# otp not setup. redirect to OTP setup page
else:
return reverse('two_factor:setup')
def is_otp_setup(self):
if self.request.user and \
self.request.user.is_authenticated and \
default_device(self.request.user):
return True
else:
return False