Changes between Initial Version and Version 3 of Ticket #36204


Ignore:
Timestamp:
Feb 21, 2025, 7:50:13 AM (23 hours ago)
Author:
Tim Graham
Comment:

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #36204

    • Property Summary How Do I submit a Ticket?Request to Add User Login & Authentication Example to the Official Django First Steps tutorial
    • Property Component UncategorizedDocumentation
    • Property Type UncategorizedNew feature

  • Ticket #36204 – Description

    initial v3  
    1 I'm trying to write a legitimate ticket yet I keep getting:
     1A new user starts a Django project. What's the first thing they do? Look at the documentation? No, the documentation is a bit overwhelming. They first thing they want is a simple example. The first thing they do is to walk through the tutorial ( https://docs.djangoproject.com/en/5.1/intro/tutorial01/ ) and try to imitate it.
    22
    3     SpamBayes determined spam probability of 79.88%
    4     StopForumSpam says this is spam (ip [0.43])
     3However, there is a problem. The tutorial has a huge hole: there's no information how to create user accounts for the website. What dynamic website does *not* have user accounts? There are precious few cases where you'd want a dynamic, python-, database-powered website which does not have users. Yet, the tutorial---surprisingly---omits this. Tutorial 5 is already delving into automated testing. What Django user would care about the advanced topic of writing automated testing before the basic necessity of creating users? Every Django developer needs this. It should be included in the tutorial.
    54
    6 How can I submit a ticket?
     5The page https://docs.djangoproject.com/en/5.1/ even has examples of ‘Part 7: Customizing the admin site’ and ‘Part 8: Adding third-party packages’. As a long time Django user, I’ve never once had the faintest desire to customize the admin site. Not to say it shouldn’t be included—the more examples the better—but the priorities seem misplaced. Contrast this state of affairs to, say, Ruby on Rails (https://guides.rubyonrails.org/security.html#authentication) :
     6
     7"Authentication is often one of the first features implemented in a web application. It serves as the foundation for securing user data and is part of most modern web applications... Starting with version 8.0, Rails comes with a default authentication generator, which provides a solid starting point for securing your application by only allowing access to verified users."
     8
     9I couldn't have said it better myself. Rails foregrounds this, while in Django it seems like an ugly secret hidden behind a curtain.
     10
     11Further evidence: as of this writing, the first hit on Google for "django tutorial" is the official docs: "Writing your first Django app, part 1" ( https://docs.djangoproject.com/en/5.1/intro/tutorial01/ ), as it should be. However, the first hit on Google for "django users tutorial" or "django users login tutorial" is Mozilla's "Django Tutorial Part 8: User authentication and permissions" ( https://developer.mozilla.org/en-US/docs/Learn/Server-side/Django/Authentication ), not the Django page itself.
     12
     13Aside from the tutorial omission, the user login/logout/authentication setup in Django seems clunky. My suspicion is that this is the real reason it's left out of the Django tutorial. For example, to do something every user needs, like password rest, in your own project you have to borrow it from 'site-packages/django/contrib/admin/templates/registration/password_reset_done.html'. Copying stuff from deep in contrib/admin and repurposing it doesn't seem like it should be a first choice. Maybe all of this is supposed to be outsourced to Django AllAuth, or something, but it seems like a big shortcoming to me — especially given how delicate authentication matters are. Or maybe I have this all wrong, and this is not the way to proceed. But I don't know because there's no simple example to follow in the tutorial!
     14
     15I could even try writing this portion of the tutorial myself and filing a pull request if you would like. But I'm not sure I'd get it right. (And forgive my polemical style --- it's out of love!)
Back to Top