Now that I try to add @login_decorators but I'm facing problems. For example, I have the view def main(request,user_id): where the redirected template after the login listens. When I add @login_required(login_url='/login/') to that main, when the user tries to login nothing happens, I remain to the login page and in the terminal I get: "GET /1000/ HTTP/1.1" 302 0 "GET /login/?next=/1000/ HTTP/1.1" 200 6201
On Wed, Aug 8, 2012 at 11:15 AM, mapapage <mapap...@gmail.com> wrote:
> I wrote a somehow custom login that works when the user inserts his
> credentials.
can give us more details on how did you implement login?
> Now that I try to add @login_decorators but I'm facing problems.
> For example, I have the view def main(request,user_id): where the
> redirected template after the login listens.
> When I add @login_required(login_url='/login/') to that main, when the
> user tries to login nothing happens, I remain to the login page and in the
> terminal I get:
> "GET /1000/ HTTP/1.1" 302 0
> "GET /login/?next=/1000/ HTTP/1.1" 200 6201
> What happens?
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/django-users/-/T4a3yrBm140J.
> To post to this group, send email to django-users@googlegroups.com.
> To unsubscribe from this group, send email to
> django-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/django-users?hl=en.
for the login I do (username must be the id field(pk) of an 'owners' table and password is a field of the same table):
def login_user(request): c = {} c.update(csrf(request)) state = ""
if request.POST: password = request.POST.get('password') id = request.POST.get('id') try: user = Owners.objects.get(id = id) if user: if user.simple_check_password(password): url = reverse('main', kwargs={ 'user_id': user.id }) return HttpResponseRedirect(url) else: state = 'Incorrect username or password' else: state = 'Incorrect username or password' except Exception as e: state = 'Incorrect username or password' print state return render_to_response('index.html', locals(), context_instance= RequestContext(request))
> To post to this group, send email to django-users@googlegroups.com.
> To unsubscribe from this group, send email to
> django-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/django-users?hl=en.
1) i can't see in your code where you are creating some kind of session and
set some cookies to save auth state between requests.
2) is it login_required from django.contrib.auth? if yes - use login from
django.conrib.auth or create your own decorator to check user auth.
On Wed, Aug 8, 2012 at 1:37 PM, Jian Chang <changjia...@gmail.com> wrote:
> what's your '@login_required(login_url='/login/')'?
> seems like the decorator leads to the redirection.
>> To post to this group, send email to django-users@googlegroups.com.
>> To unsubscribe from this group, send email to
>> django-users+unsubscribe@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/django-users?hl=en.
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To post to this group, send email to django-users@googlegroups.com.
> To unsubscribe from this group, send email to
> django-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/django-users?hl=en.
> def check_password(self, raw_password):
> """
> Returns a boolean of whether the raw_password was correct. Handles
> hashing formats behind the scenes.
> """
> def setter(raw_password):
> self.set_password(raw_password)
> self.save()
> return check_password(raw_password, self.password, setter=None)
> def simple_check_password(self,raw_password):
> return raw_password == self.password
> and at least it seems to me that it works, I mean the user logs in to the main.html page.
> --
> You received this message because you are subscribed to the Google Groups "Django users" group.
> To view this discussion on the web visit https://groups.google.com/d/msg/django-users/-/oPmX_2NBchQJ.
> To post to this group, send email to django-users@googlegroups.com (mailto:django-users@googlegroups.com).
> To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com (mailto:django-users+unsubscribe@googlegroups.com).
> For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
try: user = Owners.objects.get(id=username) #if user.check_password(password): if user.password == password: return user except User.DoesNotExist: return None
def get_user(self, user_id): """ Get a User object from the user_id. """ try: return User.objects.get(pk=user_id) except User.DoesNotExist: return None
but still the decorator doesn't work..even if a user is not logged in he can access another's page just by modifying the url(r'^(?P<user_id>\d+)/$', 'auth.views.main', name='main'),(putting his id)
what's your definition for user, that's your user model
> #if user.check_password(password):
> if user.password == password:
you should user user.check_password instead of simple string comparison, user.password is a encrypted string other than plain text
> return user
> except User.DoesNotExist:
> return None
> def get_user(self, user_id):
> """ Get a User object from the user_id. """
> try:
> return User.objects.get(pk=user_id)
> except User.DoesNotExist:
> return None
> but still the decorator doesn't work..even if a user is not logged in he can access another's page just by modifying the url(r'^(?P<user_id>\d+)/$', 'auth.views.main', name='main'),(putting his id)
have you followed the django's documentation about how to use the login_requried decorator? have you installed the required app in setting ?
> --
> You received this message because you are subscribed to the Google Groups "Django users" group.
> To view this discussion on the web visit https://groups.google.com/d/msg/django-users/-/HsS1FtrjJ5IJ.
> To post to this group, send email to django-users@googlegroups.com (mailto:django-users@googlegroups.com).
> To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com (mailto:django-users+unsubscribe@googlegroups.com).
> For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
> I'm working with a legacy database so I should use another model (Owners) > instead of the default Djangoconstrib.auth.models.User for authentication.
That's why I wrote my own and custom authentication backend.
> My model has an id field (id = models.DecimalField(...)) that is used for > username and a field for password(password = models.CharField(...))
What's more, the password that is stored in the Owners.password is not an encrypted string but plain text and when I use if user.check_password(password): I get Unknown password hashing algorithm '123'. Did you specify it in the PASSWORD_HASHERS setting? That seems to be some kind of bug<https://code.djangoproject.com/ticket/18182#comment:8> . If I didn't misunderstood sth, I don't know what to do and therefore I'm asking for a guideline..
On Thursday, August 9, 2012 10:39:07 AM UTC+3, mapapage wrote:
> I'm working with a legacy database so I should use another model (Owners) >> instead of the default Djangoconstrib.auth.models.User for >> authentication.
> That's why I wrote my own and custom authentication backend.
>> My model has an id field (id = models.DecimalField(...)) that is used >> for username and a field for password(password = models.CharField(...))
> What's more, the password that is stored in the Owners.password is not an > encrypted string but plain text and when I use if > user.check_password(password): I get > Unknown password hashing algorithm '123'. Did you specify it in the > PASSWORD_HASHERS setting? That seems to be some kind of bug<https://code.djangoproject.com/ticket/18182#comment:8> > . > If I didn't misunderstood sth, I don't know what to do and therefore I'm > asking for a guideline..
> On Thursday, August 9, 2012 10:39:07 AM UTC+3, mapapage wrote:
> > > I'm working with a legacy database so I should use another model (Owners) instead of the default Djangoconstrib.auth.models.User for authentication.
> > That's why I wrote my own and custom authentication backend.
> > > My model has an id field (id = models.DecimalField(...)) that is used for username and a field for password(password = models.CharField(...))
> > What's more, the password that is stored in the Owners.password is not an encrypted string but plain text and when I use if user.check_password(password): I get
> > Unknown password hashing algorithm '123'. Did you specify it in the PASSWORD_HASHERS setting? That seems to be some kind of bug (https://code.djangoproject.com/ticket/18182#comment:8).
> > If I didn't misunderstood sth, I don't know what to do and therefore I'm asking for a guideline..
> --
> You received this message because you are subscribed to the Google Groups "Django users" group.
> To view this discussion on the web visit https://groups.google.com/d/msg/django-users/-/WmODCM0Zj2sJ.
> To post to this group, send email to django-users@googlegroups.com (mailto:django-users@googlegroups.com).
> To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com (mailto:django-users+unsubscribe@googlegroups.com).
> For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
I saw it but I think that this isn't what I need for what I wanna do. I shouldn't use django's authentication module. I should make my own backend work.
