| 270 | | To log a user in, do the following within a view:: |
|---|
| 271 | | |
|---|
| 272 | | from django.contrib.auth.models import SESSION_KEY |
|---|
| 273 | | request.session[SESSION_KEY] = some_user.id |
|---|
| 274 | | |
|---|
| 275 | | Because this uses sessions, you'll need to make sure you have |
|---|
| 276 | | ``SessionMiddleware`` enabled. See the `session documentation`_ for more |
|---|
| 277 | | information. |
|---|
| 278 | | |
|---|
| 279 | | This assumes ``some_user`` is your ``User`` instance. Depending on your task, |
|---|
| 280 | | you'll probably want to make sure to validate the user's username and password. |
|---|
| | 270 | Depending on your task, you'll probably want to make sure to validate the |
|---|
| | 271 | user's username and password before you log them in. The easiest way to do so |
|---|
| | 272 | is to use the built-in ``authenticate`` and ``login`` functions from within a |
|---|
| | 273 | view:: |
|---|
| | 274 | |
|---|
| | 275 | from django.contrib.auth import authenticate, login |
|---|
| | 276 | username = request.POST['username'] |
|---|
| | 277 | password = request.POST['password'] |
|---|
| | 278 | user = authenticate(username=username, password=password) |
|---|
| | 279 | if user is not None: |
|---|
| | 280 | login(request, user) |
|---|
| | 281 | |
|---|
| | 282 | ``authenticate`` checks the username and password. If they are valid it |
|---|
| | 283 | returns a user object, otherwise it returns ``None``. ``login`` makes it so |
|---|
| | 284 | your users don't have send a username and password for every request. Because |
|---|
| | 285 | the ``login`` function uses sessions, you'll need to make sure you have |
|---|
| | 286 | ``SessionMiddleware`` enabled. See the `session documentation`_ for |
|---|
| | 287 | more information. |
|---|
| | 288 | |
|---|
| | 622 | |
|---|
| | 623 | Other Authentication Sources |
|---|
| | 624 | ============================ |
|---|
| | 625 | |
|---|
| | 626 | Django supports other authentication sources as well. You can even use |
|---|
| | 627 | multiple sources at the same time. |
|---|
| | 628 | |
|---|
| | 629 | Using multiple backends |
|---|
| | 630 | ----------------------- |
|---|
| | 631 | |
|---|
| | 632 | The list of backends to use is controlled by the ``AUTHENTICATION_BACKENDS`` |
|---|
| | 633 | setting. This should be a tuple of python path names. It defaults to |
|---|
| | 634 | ``('django.contrib.auth.backends.ModelBackend',)``. To add additional backends |
|---|
| | 635 | just add them to your settings.py file. Ordering matters, so if the same |
|---|
| | 636 | username and password is valid in multiple backends, the first one in the |
|---|
| | 637 | list will return a user object, and the remaining ones won't even get a chance. |
|---|
| | 638 | |
|---|
| | 639 | Writing an authentication backend |
|---|
| | 640 | --------------------------------- |
|---|
| | 641 | |
|---|
| | 642 | An authentication backend is a class that implements 2 methods: |
|---|
| | 643 | ``get_user(id)`` and ``authenticate(**credentials)``. The ``get_user`` method |
|---|
| | 644 | takes an id, which could be a username, and database id, whatever, and returns |
|---|
| | 645 | a user object. The ``authenticate`` method takes credentials as keyword |
|---|
| | 646 | arguments. Many times it will just look like this:: |
|---|
| | 647 | |
|---|
| | 648 | class MyBackend: |
|---|
| | 649 | def authenticate(username=None, password=None): |
|---|
| | 650 | # check the username/password and return a user |
|---|
| | 651 | |
|---|
| | 652 | but it could also authenticate a token like so:: |
|---|
| | 653 | |
|---|
| | 654 | class MyBackend: |
|---|
| | 655 | def authenticate(token=None): |
|---|
| | 656 | # check the token and return a user |
|---|
| | 657 | |
|---|
| | 658 | Regardless, ``authenticate`` should check the credentials it gets, and if they |
|---|
| | 659 | are valid, it should return a user object that matches those credentials. |
|---|
| | 660 | |
|---|
| | 661 | The Django admin system is tightly coupled to the Django User object described |
|---|
| | 662 | at the beginning of this document. For now, the best way to deal with this is to |
|---|
| | 663 | create a Django User object for each user that exists for your backend (i.e. |
|---|
| | 664 | in your ldap directory, your external sql database, etc.) You can either |
|---|
| | 665 | write a script to do this in advance, or your ``authenticate`` method can do |
|---|
| | 666 | it the first time a user logs in. `django.contrib.auth.backends.SettingsBackend`_ |
|---|
| | 667 | is an example of the latter approach. Note that you don't have to save a user's |
|---|
| | 668 | password in the Django User object. Your backend can still check the password |
|---|
| | 669 | against an external source, and return a Django User object. |
|---|
| | 670 | |
|---|
| | 671 | .. _django.contrib.auth.backends.SettingsBackend: http://code.djangoproject.com/browser/django/branches/magic-removal/django/contrib/auth/backends.py |
|---|
