I am using django model forms, the form can be filled even by users who have not signed up, but the submission requires the user being signed up.
Here is my models:
class Study(model.Model):
marksobtained = models.CharField(max_length=5)
highestmarks = models.CharField(max_length=5)
teacher = models.CharField(max_length=300)
class StudyForm():
some customisation stuff.
and then the views.py
form = StudiesForm(request.POST or None,
instance=id and Studies.objects.get(id=id))
if form.is_valid():
form.save()
return render(request, 'calculate.html', {'detail': ret_dict, 'amt': amt})
else:
return render(request, 'forms.html', {'form':form})
else:
return render(request, 'forms.html', {'form':form})
Donot bother about the indentation and other stuff in views, this is just a model of what i am trying to do, as can be seen any anonymous user can submit the form as of now, i want it to further modify, as when an anonymous user submits the form, he should first be signed up and then his data should be added to the models.
How can this be implemented?
If the user is not authenticated then save the form data to session.
Then log the user in the system.
Then pull the form data out of the session and save the information taking the authenticated users information.
Make user FK not required. Save model.
If request.user.is_authenticated() get him a cookie with id of created model. Redirect him on login page.
For each user check if there is a cookie with model id, attach user to model, save.
Related
I have created an app that allows users to create online products - basically a structured form fill with permissions. I'm using Django's basic auth for sign up and login. When a user signs up I want the account to be approved by an admin before they can log in. I know there are modules I can use to do this, but I wondered if there is something I can do to enable this without installing more stuff.
Here's the signup view:
def signup(request):
if request.method == 'POST':
form = SignUpForm(request.POST)
if form.is_valid():
form.save()
username = form.cleaned_data.get('username')
raw_password = form.cleaned_data.get('password1')
user = authenticate(username=username, password=raw_password)
login(request, user)
return redirect('home')
else:
form = SignUpForm()
return render(request, 'signup.html', {'form': form})
If it's not that simple and the best way is to use a module, which one is the best? I've seen a couple but am not sure which one to use, if I have to use one.
If you don't want to install third party module, I think you should extend Django's user model.
This is an official Django documentation about this subject.
https://docs.djangoproject.com/en/1.11/topics/auth/customizing/#extending-the-existing-user-model
Design to record approve status on extended models. When the user logs in, it is likely that the approval status of the extended model is checked together with the Django login result, and the user is allowed to log in or not.
If you want to be notified about new users, you might want to use Django's "post_save" signal feature.
https://docs.djangoproject.com/en/1.11/ref/signals/
Currently I have different Signup and Login Views both implemented as class based view, and are used at diffrent urls. Both use the same form which has two fields email and password.
These two views have different form_valid and thus different logic. So, signup view creates a user, sends verification mail etc. Login view only logs the user in.
The use case has changed to allow both signup and login at the same url using a single form.
I want to have the same view, handle both these conditions. So, when form is submitted, I will check if a user exists in db with the submitted email. If yes then use LoginView logic. If not then use SignupView logic. How can I handle both these conditions in a single view by reusing SignupView and LoginView.
In your case you can use one Form and one view.
This form check if email exist, if it exist, raise a ValidationsError
class LoginOrSignupForm(forms.ModelForm):
email = forms.EmailField()
password = forms.CharField(widget=forms.PasswordInput(render_value=False))
def clean_email(self):
existing = User.objects.filter(email__iexact=self.cleaned_data['email'], username__iexact=self.cleaned_data['email'])
if existing.exists():
raise forms.ValidationError(_("A user with this e-mail already exists."))
return self.cleaned_data['email']
And then in your view
if form.is_valid():
#signup
elif form['email'].errors and form['email'].errors[0] == _("A user with this e-mail already exists."):
#login
user = auth.authenticate(username=form['email'].value(), password=form['password'].value())
auth.login(request, user)
This solution work in function based view. So for your case you want to use CBV, we can just override form_invalid methods in your CBV:
def form_invalid(self, form):
if form['email'].errors and form['email'].errors[0] == _("A user with this e-mail already exists."):
user = auth.authenticate(username=form['email'].value(), password=form['password'].value())
auth.login(request, user)
return HttpRedirect('your page')
return super(YouViewName, self).form_invalid(form)
For the form_valid we don't need to override it, just keep in mind that if your form is valid, it should register a new user. In this case a django.views.generic.CreateView can help.
I have a Client model with a OneToOne relationship to User, to extend the User model.
I need to be able to register a user (with a form that includes both the User and Client fields), and for that I used django-registration. Here is the view for registration, based on some snippets I found:
def register_client(request):
if request.method == 'POST':
userform = UserForm(request.POST, prefix='user')
clientform = ClientForm(request.POST, prefix='client')
if userform.is_valid() and clientform.is_valid():
user = userform.save()
client = clientform.save(commit=False)
client.user = user
client.save()
login(request, user)
return HttpResponseRedirect('/webapp/')
else:
return HttpResponse('error!')
else:
userform = UserForm(prefix='user')
clientform = ClientForm(prefix='client')
t = loader.get_template('register.html')
c = RequestContext(request, {
'userform':userform,
'clientform':clientform,
})
return HttpResponse(t.render(c))
And here are my Forms:
from registration.forms import RegistrationForm
class UserForm(RegistrationForm):
def save(self):
new_user = User.objects.create_user(
username=self.cleaned_data['username'],
email = self.cleaned_data['email'],
password=self.cleaned_data['password1'])
new_user.backend='django.contrib.auth.backends.ModelBackend'
new_user.save()
return new_user
class ClientForm(forms.ModelForm):
class Meta:
model = Client
exclude = ['user']
I implemented the save() method for UserForm, since RegistrationForm doesn't implement one like any typical form.
Why does one have to go through all the trouble to implement some backend in order to just save a form?
Is there any problem with this simple way? It does work.
(I also added the new_user.backend='django.contrib.auth.backends.ModelBackend' so I could login the user automatically after registration.)
I'm not sure how to answer your question. If your code works then I don't see a problem. But as zaphod said, django-registration does the saving and activating of the user for you.. If you want to add extra data to your user then use django-profiles like zaphod suggested too.
I myself use django-userena. It is like django-registration and django-profiles in one.
Why do you need to save the User model? django-registration does it for you, unless you need some different functionality.
If you want to store some extra information per user, it might be better to use User profiles.
So the problem is I have extended User model in django. and I have written views for it.
Here is my models code :-
class StudentProfile(User):
batch = models.CharField(max_length=10)
course = models.CharField(max_length=20)
date_of_birth = models.DateField()
answer = models.CharField(max_length=20)
contact = models.CharField(max_length=20)
here is my auth backend file :-
from quizapp.models import StudentProfile
class StudentAuthenticationBackend(object):
def authenticate(self, username=None, password=None):
try:
student = StudentProfile.objects.get(username=username)
if student.check_password(password):
return student
except StudentProfile.DoesNotExist:
pass
return None
def get_user(self, user_id):
try:
return StudentProfile.objects.get(pk=user_id)
except StudentProfile.DoesNotExist:
return None
And I have made changes in seetings.py
AUTHENTICATION_BACKENDS = (
'quizapp.backends.StudentAuthenticationBackend',
'django.contrib.auth.backends.ModelBackend',
)
I'm printing username,password and authentication user. This is what i got :-
When using django created superuser
>> a = authenticate(username="super",password="super")
>> print(a)
>> super
But when using user created by form,
>> b = authenticate(username="test",password="123")
>> print(b)
>> None
I have cross checked username and password and it's true.
So but in auth_user table, username is super and password is encrypted but for test user, username is user and password is 123.
So the problem must be django is taking 123 is encrypted password and using decrypted version of it to authenticate.
Is there any way to solve this?
I have used OneToOneField and added extra fields in StudentProfile model. Now I'm using forms and registering user with it.
This is the view code :-
def register_page(request):
if request.method == 'POST':
form = RegistrationForm(request.POST)
if form.is_valid():
user = StudentProfile.objects.create(
username=form.cleaned_data['username'],
password=form.cleaned_data['password1'],
batch=form.cleaned_data['batch'],
first_name=form.cleaned_data['first_name'],
last_name=form.cleaned_data['last_name'],
course=form.cleaned_data['course'],
date_of_birth=form.cleaned_data['date_of_birth'],
secret_question=form.cleaned_data['secret_question'],
answer=form.cleaned_data['answer'],
contact=form.cleaned_data['contact']
)
return HttpResponseRedirect('/register/success/')
else:
form = RegistrationForm()
variables = RequestContext(request, {'form': form})
return render_to_response('registration/register.html',variables)
And I'm getting IntegrityError at /register/
null value in column "user_id" violates not-null constraint error.
Is there any way to fix this?
From the Django authenication docs section on storing additional information about users:
If you'd like to store additional information related to your users, Django provides a method to specify a site-specific related model -- termed a "user profile" -- for this purpose.
To make use of this feature, define a model with fields for the additional information you'd like to store, or additional methods you'd like to have available, and also add a OneToOneField named user from your model to the User model. This will ensure only one instance of your model can be created for each User.
So you shouldn't subclass User at all -- that's the root of your problem. Instead, you should create another model with a one-to-one relationship with User and add your fields there.
What approach is the best way to make content-types restricted to a user in Django?
Let us say I want all users with the user-role "blogger" to have its own blog.
I have created a weblog app. How do I restrict it so that the user logged in can only post in his "own" blog, and how do I make views that shows only a user's blog?
First your blog entries has to be attached to user, so you know on whos blog display, it, right? models.py:
class BlogEntry(models.Model):
user = models.ForeignKey(User, related_name='blog_entries')
other_field_1 = ...
other_field_2 = ...
Next, skip it in ModelForm, forms.py:
class BlogEntryModelForm(forms.ModelForm):
class Meta:
exclude = ('user',)
Then, when user want to post entry you require he's logged, views.py:
#login_required
def post_blog_entry(request):
....
if request.method == 'POST':
form = BlogEntryModelForm(request.POST)
if form.is_valid():
new_entry = form.save(commit=False)
new_entry.user = request.user
new_entry.save()
When you want display some user blog, views.py:
def view_blog(request, blogger_name):
user = get_object_or_404(User, username=blogger_name)
entries = user.blog_entries.all()
User is django.contrib.auth.models.User
You can add custom role checking to views above to display 404 page or error page if user has no rights to create blog.
Optionally you can replace User from django.contrib.auth with your own User implementation but you'll have to write model, authentication and middleware for it as well...
I didnt try to implement this, but I found another soultion that worked very good. It was easy to implement and did everything i wanted.
Check it out...