Django authentication

Asked

Viewed 94 times

-1

good afternoon!

I’m starting in WEB programming and I ended up bumping into a problem with Django in the authentication issue. I’ve read all the documentation that talks about Django’s Custom Auth but I haven’t found a solution yet. Based on the model below I created a form for inclusion of users in the system and it is working normally, but I can not leave this point to authenticate using the model below, because I intend to relate fields of this table later in other functionalities of the system.

Models py.

class User(models.Model):
    ATIVO_CHOICES=[("ATIVO","ATIVO"),("INATIVO","INATIVO")]
    BLOQUEADO_CHOICES=[("BLOQUEADO","BLOQUEADO"),("DESBLOQUEADO","DESBLOQUEADO")]


    user_cod = models.AutoField(primary_key=True)
    user_nome = models.CharField("Nome Completo",max_length=250, blank=False, null=False)
    user_email = models.EmailField("Email",unique=True, blank=False)
    user_ativo = models.CharField("Situação",max_length=25,choices=ATIVO_CHOICES, blank=False, null=False)
    user_bloqueado = models.CharField("Bloqueado?",max_length=25,choices=BLOQUEADO_CHOICES, blank=False, null=False)
    user_cpf = models.CharField("CPF",max_length=11, blank=False, null=False, unique=True, validators=[validate_CPF])
    user_senha = models.CharField("Senha",max_length=250, blank=False, null=False)



    class Meta:
        managed = False
        db_table = 'user'

Forms py.

class UserForm(forms.ModelForm):

    class Meta:
        model = User
        fields = '__all__'
        widgets = {'user_senha': forms.PasswordInput()}

py views.

def user_create(request):
    submitted = False
    if request.method == 'POST':
        form = UserForm(request.POST)
        if form.is_valid():        
            cd = form.cleaned_data
             # assert False
            form.save()
            return HttpResponseRedirect('/userlist')

I wanted to continue using this screen this way, but now I need to authenticate users created and stored in this database without affecting this code.

python django authentication auth

1 answer

0

First be welcome to the web world with Django! would like to point out some things you can do to achieve what you want, first you need rewrite the method save of your model User because it is saving the password in plain text in the database and this is not recommended,to resolve this exists some forms which is basically takes advantage of the model User of Django or implement the method save() using some kind of encryption. If you choose to implement the method save() you need to redirect them to the login screen when the user is not logged in, this logic will stay on view, in its implementation you only check if the form is valid and not if the user who tried to log in actually exists in your database or if the form can be validated but the user may not exist.

an example of what it would be like in your view

if request.method == 'POST':
        form = UserForm(request.POST)
        if form.is_valid():        
            name = form.cleaned_data['user_nome']
            senha = form.cleaned_data['user_senha']
            user = User.objects.filter(user_nome=name,user_senha=senha)
            if user is not None:
                # usuário autenticado
                return HttpResponseRedirect('/userlist')
            else: 
                # usuário não existe
                form.save()
                return HttpResponseRedirect('/userlist')

To learn more about how to make queries look at doc

Browser other questions tagged python django authentication auth

You are not signed in. Login or sign up in order to post.