In Django why does the is_authenticated method always return True?

Asked

Viewed 376 times

5

I saw that the documentation indicates the method is_authenticated as being responsible for telling templates if there is a logged-in user. I also saw in the method code that it contains only the following:

def is_authenticated(self):
    """
    Always return True. This is a way to tell if the user has been
    authenticated in templates.
    """
    return True

So I do not understand how the system knows if the user is logged in. What is the meaning of this method always return True?

python django authentication login

1 answer

4


Quick response

This method appears in models.Anonymoususer and models.User, and, User objects will only exist if you are authenticated, otherwise you will have an instance of Anonymoususer with default attributes.

Long Answer

Django has a modeling that allows abstracting the visitor to two levels, anonymous user or a person from the system (user), when you are talking about anonymity user is an anyone who is accessing, by default it contains the following configuration:

  • id and always None.
  • is_staff and is_superuser are always False.
  • is_active and always False.
  • groups and user_permissions are always empty.
  • is_anonymous() returns True instead of False
  • is_authenticated() returns False instead of True.
  • set_password(), check_password(), save() and delete() generate exception
  • Notimplementederror.

Which is implemented by models.Anonymoususer

class AnonymousUser(object):
    id = None
    pk = None
    username = ''
    is_staff = False
    is_active = False
    is_superuser = False
    _groups = EmptyManager(Group)
    _user_permissions = EmptyManager(Permission)

See rest here ....

If the user exists (authenticated), it becomes an instance of models. User, which in turn inherits from Abstractuser which in turn inherits from Abstractbaseuser where the is_authenticated method is found, Abstractuser also inherits from Permissionsmixin, who populates Users and makes the call to is_authenticated is Authenticationmiddleware see source on github code

class User(AbstractUser):
    """
    Users within the Django authentication system are represented by this
    model.
    Username, password and email are required. Other fields are optional.
    """
    class Meta(AbstractUser.Meta):
        swappable = 'AUTH_USER_MODEL'

See the rest here ...

Look at this application example, is_authenticated is a user method.

if request.user.is_authenticated():
    # Instancia class models.User, existe por que está autenticado
else:
    # Instancia AnonymousUser

  • Isvaldo, in the case I saw in Django.contrib.auth.models it goes like this: AnonymousUser inherits from Object and its method is_authenticated at all times returns False. Already the class User inherits from AbstractUser who in turn is the son of AbstractBaseUser whose method is_authenticated at all times returns True. The logic would be: If an object User was created, it is because it is authenticated, so it always returns True when the method is_authenticated is called?

  • Who popula User is Authenticationmiddleware, it is called here https://github.com/django/django/blob/b06dfad88fb12a927c86a1eb23064201c9560fb1/django/contrib/auth/middleware.py you are right in your observation, I will try to rephrase the answer.

  • 2

    @Juninhodg The general idea is this, yes. Note that you can create/retrieve an object User via code, and this method will return True - although no user and password have been provided. However, the request.user will only be an instance of User if authentication has been successfully done (by middleware, as commented, or via explicit call from login).

Browser other questions tagged python django authentication login

You are not signed in. Login or sign up in order to post.