Django Authentication: Creation of objects by users before registration - django

I am working on a Django site where people create articles. I'd like for people to be able to create an article as part of the registration process. Here's the steps:
User hits "create article" without being registered or logged in.
User is directed to "create article" page that displays the form for creating the article.
After hitting the "submit" button on the "create article" form, the user is redirected to the registration / login page.
After the registration process or login, the article is saved under the user's ID.
I'm pretty new to Django, so here are the complications so far as I'm concerned:
Do I save the object with an AnonymousUser as the author until after the login process? How would I find the object again so that I can save it to the User after they're logged in or registered? Is there any kind of unique identifier in an AnonymousUser object?
Should I pass the object through the registration process using URLs until the registration has taken place (to then save it)? How does one do that?

There are a couple of ways to do what you're wanting to do. I would exclude the user from your create Article form, and set user to blank=True, null=True.
It's really up to you as to whether or not you just hold the article in session until after you create your user, or persist it to the database and assign the user after.
One benefit of holding it in session is that if the user abandons the registration process, you don't have a record in the database. I would recommend going this way, as it's easy to do, and you don't have to have any logic to clean up your db, should the user abandon the session.
To specifically answer your question about an anonymous user...no, there is not a unique identifier for an anonymous user. You can use sessions in Django to persist objects between views.

"Should I pass the object through the registration process using URLs until the registration has taken place (to then save it)? How does one do that?"
The above suggestion that you have been made is the better solution but don't pass it to url. There are two ways to successfully do that.
You can pass the object through session variable so that no one will ever notice it instead of passing it to url.
You can determine which object you must get throught their IP address.

Related

How to check session for all views in Django?

I set the session["UserID"] for user login status in view login page after pass the verify of username and password.
Then I need to check if the user is logged in within every other views, such as home page, shopping bag page and so on.
My question is, can I check it just for one time and where should I write it? Are there some methods triggered before the views called?
My question is, can I check it just for one time and where should I write it?
You do check it one time, providing you are using django's built in authentication method then the whole handling of users is done for you, you don't need session user id's since django handles the user through requests with its auth middleware.
Once logged in there will be a user as part of the request object which will either be a AnonymousUser if not logged in, or an instance of your user class if you are logged in.
Are there some methods triggered before the views called?
Yes, middlewares, which you could write your own custom middleware but I don't really think you need it.
I check the login status within the MASTER PAGE in ASP.NET and it can control all the other page which import it.
I haven't really used asp.net but again, you don't need to do this, django handles its users for you (providing your using built in auth tools).
See Limiting access to logged-in users and the functions and properties available on the user class

How to keep form data through login process?

To optimize my page I want users to be able to fill out forms without being logged in, but then ask them for their password upon submission. I already know I can use &next= to redirect the user, but then all the POST data of the form is lost. Is there any built in way to have the user login and then resume to where he has been including post data he just sent?
If you have also file in form, then session is not useful for you.
Second solution is save data into models and after login, you can use saved data to link with logged in user as said by #doniyor.
The best way is to use django-formwizard.
Django comes with an optional “form wizard” application that splits forms across multiple Web pages. It maintains state in one of the backends so that the full server-side processing can be delayed until the submission of the final form.
Here the link.
https://docs.djangoproject.com/en/1.7/ref/contrib/formtools/form-wizard/

Django: what are some good strategies for persisting form input across login?

I have a webapp that allows authenticated as well as anonymous users to start entering some form data. If a user is happy with his/her input, he/she can save that form to the server. This is a very similar problem to a shopping cart application that does not require login until checkout time.
For the authenticated user, implementing a save button is trivial. However for the anonymous user, the form data need to be stored somewhere while authentication is taking place, then correctly retrieved after logged in. Can someone please suggest some general strategies to go about this?
I found this link that is promising but I want to be thorough about this topic.
I think the correct way of doing this is to use django sessions. Basically each user (anonymousUser included) has a session during its stay on the website (or even more).
If you have a form that you want to store for a specific session, you can do it by using
request.session['myform'] = form
you get it by
request.session['myform']
and you can delete it using
del request.session['myform']
Basically Django pickles a dictionary of the session and saves it in a place (typically the database, but can be on other place as explained in django sessions).

Basic django app - app design issue

To learn Django, I was making a very basic app which does the following:
Takes a user's login (checks id password in a database).
If user exists and password is right, give user option to either insert,delete or update.
If insert, user can insert an entry into a common table.
Similarly for delete or update.
I was cruising through this but I just got stuck.
My Login page is /index/.
Option for insert/delete/update is at /application/.
Now next, page is displayed according to insert/delete/update at /application/action/
Now the problem is that after completing one insertion, I want to return to /application to carry on my next operation.
But if I do that, I get this error
"Key 'userid' not found in <QueryDict: {}>"
So the view for /application/ is expecting the userid and password in request.POST.
How do I get around this without using external user login modules. I just want a very basic login system just to learn.
Django comes with user authentication built in. I don't think it is external as it is included in django.contrib.
If you use the built in user authentiaction and User model, you will not have to pass the userid to each view. Django will automatically retrieve the logged in user from the session and make it available as a property of the request object.
So using built in user and authentiaction, after logging in a user, you can access that user at
request.user

django save a form for a user that has not registered yet

I need some advice / ideas if someone is inclined to help: I have a javascript interface for manipulating pictures. Basically it's about moving photos around. Once it's done the position of images is saved into a Django form and then saved to database with the owner saved as the current user. Now the trick is that I would like to be able to allow non registered users to play with this interface and then if they like the result they hit save and are redirected to an account registration page and only then the form is actually saved with their user as the owner.
What comes to my mind now is to keep the values of the form in session but I don't know what will happen to the session once the anonymous user registers and becomes another user. I was also thinking of using a 'next' parameter in the registration process with the url filled with get parameters that would be the content of the form but then I don't know if userena is ready to allow that.
Any light on this is welcome.
Well, we did similar thing on our site.
When unregistered user attach photos we save objects to database and assign unique hash which was generated when user came to the page with form. When user hit submit we pass this hash in url and on the next step, when user wants to register, we just get objects from database by this hash and assign user_id to them.
Also we have a cron job which do clean up and removes all lost objects
P.S. Sorry for my english i hope you'll get my point
Save the object without the user and store a reference of that object in the session (or (signed) cookie). If if the user registers, update all the objects with the newly created user.
Another approach would be to store the data in the browser (html5 localstorage and fallbacks, or similar) and only insert it into the database once the user has signed up. You would need to make sure both things happen inside the same browser 'instance', but things would be easier in the server side.