| 270 | | Depending on your task, you'll probably want to make sure to validate the |
|---|
| 271 | | user's username and password before you log them in. The easiest way to do so |
|---|
| 272 | | is to use the built-in ``authenticate`` and ``login`` functions from within a |
|---|
| 273 | | view:: |
|---|
| 274 | | |
|---|
| 275 | | from django.contrib.auth import authenticate, login |
|---|
| 276 | | username = request.POST['username'] |
|---|
| 277 | | password = request.POST['password'] |
|---|
| 278 | | user = authenticate(username=username, password=password) |
|---|
| 279 | | if user is not None: |
|---|
| 280 | | login(request, user) |
|---|
| 281 | | |
|---|
| 282 | | ``authenticate`` checks the username and password. If they are valid it |
|---|
| 283 | | returns a user object, otherwise it returns ``None``. ``login`` makes it so |
|---|
| 284 | | your users don't have send a username and password for every request. Because |
|---|
| 285 | | the ``login`` function uses sessions, you'll need to make sure you have |
|---|
| 286 | | ``SessionMiddleware`` enabled. See the `session documentation`_ for |
|---|
| 287 | | more information. |
|---|
| 288 | | |
|---|
| | 270 | To log a user in, do the following within a view:: |
|---|
| | 271 | |
|---|
| | 272 | from django.contrib.auth.models import SESSION_KEY |
|---|
| | 273 | request.session[SESSION_KEY] = some_user.id |
|---|
| | 274 | |
|---|
| | 275 | Because this uses sessions, you'll need to make sure you have |
|---|
| | 276 | ``SessionMiddleware`` enabled. See the `session documentation`_ for more |
|---|
| | 277 | information. |
|---|
| | 278 | |
|---|
| | 279 | This assumes ``some_user`` is your ``User`` instance. Depending on your task, |
|---|
| | 280 | you'll probably want to make sure to validate the user's username and password. |
|---|
| 622 | | |
|---|
| 623 | | Other Authentication Sources |
|---|
| 624 | | ============================ |
|---|
| 625 | | |
|---|
| 626 | | Django supports other authentication sources as well. You can even use |
|---|
| 627 | | multiple sources at the same time. |
|---|
| 628 | | |
|---|
| 629 | | Using multiple backends |
|---|
| 630 | | ----------------------- |
|---|
| 631 | | |
|---|
| 632 | | The list of backends to use is controlled by the ``AUTHENTICATION_BACKENDS`` |
|---|
| 633 | | setting. This should be a tuple of python path names. It defaults to |
|---|
| 634 | | ``('django.contrib.auth.backends.ModelBackend',)``. To add additional backends |
|---|
| 635 | | just add them to your settings.py file. Ordering matters, so if the same |
|---|
| 636 | | username and password is valid in multiple backends, the first one in the |
|---|
| 637 | | list will return a user object, and the remaining ones won't even get a chance. |
|---|
| 638 | | |
|---|
| 639 | | Writing an authentication backend |
|---|
| 640 | | --------------------------------- |
|---|
| 641 | | |
|---|
| 642 | | An authentication backend is a class that implements 2 methods: ``get_user(id)`` |
|---|
| 643 | | and ``authenticate(**credentials)``. The ``get_user`` method takes an id, which |
|---|
| 644 | | could be a username, and database id, whatever, and returns a user object. The |
|---|
| 645 | | ``authenticate`` method takes credentials as keyword arguments. Many times it |
|---|
| 646 | | will just look like this:: |
|---|
| 647 | | |
|---|
| 648 | | class MyBackend: |
|---|
| 649 | | def authenticate(username=None, password=None): |
|---|
| 650 | | # check the username/password and return a user |
|---|
| 651 | | |
|---|
| 652 | | but it could also authenticate a token like so:: |
|---|
| 653 | | |
|---|
| 654 | | class MyBackend: |
|---|
| 655 | | def authenticate(token=None): |
|---|
| 656 | | # check the token and return a user |
|---|
| 657 | | |
|---|
| 658 | | Regardless, ``authenticate`` should check the credentials it gets, and if they |
|---|
| 659 | | are valid, it should return a user object that matches those credentials. |
|---|
| 660 | | |
|---|
| 661 | | The Django admin system is tightly coupled to the Django User object described |
|---|
| 662 | | at the beginning of this document. For now, the best way to deal with this is to |
|---|
| 663 | | create a Django User object for each user that exists for your backend (i.e. |
|---|
| 664 | | in your ldap directory, your external sql database, etc.) You can either |
|---|
| 665 | | write a script to do this in advance, or your ``authenticate`` method can do |
|---|
| 666 | | it the first time a user logs in. `django.contrib.auth.backends.SettingsBackend`_ |
|---|
| 667 | | is an example of the latter approach. Note that you don't have to save a user's |
|---|
| 668 | | password in the Django User object. Your backend can still check the password |
|---|
| 669 | | against an external source, and return a Django User object. |
|---|
| 670 | | |
|---|
| 671 | | .. _django.contrib.auth.backends.SettingsBackend: http://code.djangoproject.com/browser/django/branches/magic-removal/django/contrib/auth/backends.py |
|---|
