Opened 41 hours ago
Last modified 31 hours ago
#36204 closed New feature
Request to Add User Login & Authentication Example to the Official Django First Steps tutorial — at Version 3
| Reported by: | dj-user-10 | Owned by: | |
|---|---|---|---|
| Component: | Documentation | Version: | 5.1 |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description (last modified by )
A new user starts a Django project. What's the first thing they do? Look at the documentation? No, the documentation is a bit overwhelming. They first thing they want is a simple example. The first thing they do is to walk through the tutorial ( https://docs.djangoproject.com/en/5.1/intro/tutorial01/ ) and try to imitate it.
However, there is a problem. The tutorial has a huge hole: there's no information how to create user accounts for the website. What dynamic website does *not* have user accounts? There are precious few cases where you'd want a dynamic, python-, database-powered website which does not have users. Yet, the tutorial---surprisingly---omits this. Tutorial 5 is already delving into automated testing. What Django user would care about the advanced topic of writing automated testing before the basic necessity of creating users? Every Django developer needs this. It should be included in the tutorial.
The page https://docs.djangoproject.com/en/5.1/ even has examples of ‘Part 7: Customizing the admin site’ and ‘Part 8: Adding third-party packages’. As a long time Django user, I’ve never once had the faintest desire to customize the admin site. Not to say it shouldn’t be included—the more examples the better—but the priorities seem misplaced. Contrast this state of affairs to, say, Ruby on Rails (https://guides.rubyonrails.org/security.html#authentication) :
"Authentication is often one of the first features implemented in a web application. It serves as the foundation for securing user data and is part of most modern web applications... Starting with version 8.0, Rails comes with a default authentication generator, which provides a solid starting point for securing your application by only allowing access to verified users."
I couldn't have said it better myself. Rails foregrounds this, while in Django it seems like an ugly secret hidden behind a curtain.
Further evidence: as of this writing, the first hit on Google for "django tutorial" is the official docs: "Writing your first Django app, part 1" ( https://docs.djangoproject.com/en/5.1/intro/tutorial01/ ), as it should be. However, the first hit on Google for "django users tutorial" or "django users login tutorial" is Mozilla's "Django Tutorial Part 8: User authentication and permissions" ( https://developer.mozilla.org/en-US/docs/Learn/Server-side/Django/Authentication ), not the Django page itself.
Aside from the tutorial omission, the user login/logout/authentication setup in Django seems clunky. My suspicion is that this is the real reason it's left out of the Django tutorial. For example, to do something every user needs, like password rest, in your own project you have to borrow it from 'site-packages/django/contrib/admin/templates/registration/password_reset_done.html'. Copying stuff from deep in contrib/admin and repurposing it doesn't seem like it should be a first choice. Maybe all of this is supposed to be outsourced to Django AllAuth, or something, but it seems like a big shortcoming to me — especially given how delicate authentication matters are. Or maybe I have this all wrong, and this is not the way to proceed. But I don't know because there's no simple example to follow in the tutorial!
I could even try writing this portion of the tutorial myself and filing a pull request if you would like. But I'm not sure I'd get it right. (And forgive my polemical style --- it's out of love!)
Change History (2)
comment:2 by , 36 hours ago
| Resolution: | → invalid |
|---|---|
| Status: | new → closed |
| Summary: | How Do I submit a Ticket? → Ticket rejected as spam |
comment:3 by , 31 hours ago
| Component: | Uncategorized → Documentation |
|---|---|
| Description: | modified (diff) |
| Resolution: | invalid |
| Status: | closed → new |
| Summary: | Ticket rejected as spam → Request to Add User Login & Authentication Example to the Official Django First Steps tutorial |
| Type: | Uncategorized → New feature |
I'm sorry that you encountered this. The spam filter are not perfect, but there is not much we can do. We have a really small number of such reports and valid tickets rejected.
In terms of your particular ticket, perhaps submit with the title and a summary paragraph with maximum 1 external link.
If that submits successfully, you might be able to edit the description and incrementally add more detail.
Please note that new features should be discussed first on the Django forum.
(Tim edit: I retrieved the ticket details from the spam log and repurposed this ticket.)