login or login_decorator issue

[mapapage]

I wrote a somehow custom login that works when the user inserts his credentials. He is simply redirected to a page with url:

url(r'^(?P<user_id>\d+)/$', 'auth.views.main', name='main'),

Now that I try to add @login_decorators but I'm facing problems.

For example, I have the view def main(request,user_id): where the redirected template after the login listens.

When I add @login_required(login_url='/login/') to that main, when the user tries to login nothing happens, I remain to the login page and in the terminal I get:

 "GET /1000/ HTTP/1.1" 302 0

 "GET /login/?next=/1000/ HTTP/1.1" 200 6201

What happens?

[Anton Baklanov]

On Wed, Aug 8, 2012 at 11:15 AM, mapapage <mapa...@gmail.com> wrote:

I wrote a somehow custom login that works when the user inserts his credentials.

 

can give us more details on how did you implement login?

 

He is simply redirected to a page with url:

url(r'^(?P<user_id>\d+)/$', 'auth.views.main', name='main'),

Now that I try to add @login_decorators but I'm facing problems.

For example, I have the view def main(request,user_id): where the redirected template after the login listens.

When I add @login_required(login_url='/login/') to that main, when the user tries to login nothing happens, I remain to the login page and in the terminal I get:

 "GET /1000/ HTTP/1.1" 302 0

 "GET /login/?next=/1000/ HTTP/1.1" 200 6201

What happens?

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To view this discussion on the web visit https://groups.google.com/d/msg/django-users/-/T4a3yrBm140J.
To post to this group, send email to django...@googlegroups.com.
To unsubscribe from this group, send email to django-users...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.

--

Regards,

Anton Baklanov

[mapapage]

 for the login I do (username must be the id field(pk) of an 'owners' table and password is a  field of the same table):

 

def login_user(request):

    c = {}

    c.update(csrf(request))

    state = ""

     

    if request.POST:

        password = request.POST.get('password')

        id = request.POST.get('id')

        try: 

            user = Owners.objects.get(id = id)

            if user:

                if user.simple_check_password(password):

                    url = reverse('main', kwargs={ 'user_id': user.id })

                    return HttpResponseRedirect(url) 

                else:

                    state = 'Incorrect username or password'

            else:

                state = 'Incorrect username or password'

    except Exception as e: 

            state = 'Incorrect username or password'

    print state

 return render_to_response('index.html', locals(), context_instance= RequestContext(request))

and I also define:

def set_password(self, raw_password):

        self.password = make_password(raw_password)

    def check_password(self, raw_password):

        """

        Returns a boolean of whether the raw_password was correct. Handles

        hashing formats behind the scenes.

        """

        def setter(raw_password):

            self.set_password(raw_password)

            self.save()

        return check_password(raw_password, self.password, setter=None)

    def simple_check_password(self,raw_password):

        

        return raw_password == self.password

and at least it seems to me that it works, I mean the user logs in to the main.html page.

 

[Jian Chang]

what's your  '@login_required(login_url='/login/')'?

seems like the decorator leads to the redirection.

2012/8/8 mapapage <mapa...@gmail.com>

 

--

You received this message because you are subscribed to the Google Groups "Django users" group.

To view this discussion on the web visit https://groups.google.com/d/msg/django-users/-/oPmX_2NBchQJ.

[Anton Baklanov]

1) i can't see in your code where you are creating some kind of session and set some cookies to save auth state between requests.

2) is it login_required from django.contrib.auth? if yes - use login from django.conrib.auth or create your own decorator to check user auth. 

anyway - django provides ready for use user auth mechanism and maybe it's better to use it https://docs.djangoproject.com/en/dev/topics/auth/

--

Regards,

Anton Baklanov

[Pengfei Xue]

I think what you need is a new auth backend which return a user object

-- 

Sincerely,

Pengfei Xue

已使用 Sparrow

已使用 Sparrow

在 2012年8月8日星期三，下午6:17，mapapage 写道：I

--

You received this message because you are subscribed to the Google Groups "Django users" group.

To view this discussion on the web visit https://groups.google.com/d/msg/django-users/-/oPmX_2NBchQJ.

[mapapage]

I wrote this custom authentication backend:

from django.contrib.auth.models import User, check_password

from auth.models import Owners

class AuthBackend(object):

   

    

    def authenticate(self, username=None, password=None):

       

        try:

            user = Owners.objects.get(id=username)

            #if user.check_password(password):

            if user.password == password:

                return user

        except User.DoesNotExist:

            return None 

    def get_user(self, user_id):

        """ Get a User object from the user_id. """

        try:

            return User.objects.get(pk=user_id)

        except User.DoesNotExist:

            return None

but still the decorator doesn't work..even if a user is not logged in he can access another's page just by modifying the  url(r'^(?P<user_id>\d+)/$', 'auth.views.main', name='main'),(putting his id)

[Pengfei Xue]

-- 

Sincerely,

Pengfei Xue

已使用 Sparrow

已使用 Sparrow

在 2012年8月9日星期四，下午2:33，mapapage 写道：

I wrote this custom authentication backend:

from django.contrib.auth.models import User, check_password

from auth.models import Owners

class AuthBackend(object):

   

    

    def authenticate(self, username=None, password=None):

       

        try:

            user = Owners.objects.get(id=username)

what's your definition for user, that's your user model 

            #if user.check_password(password):

            if user.password == password: 

you should user user.check_password instead of simple string comparison,  user.password is a encrypted string other than plain text

                return user

        except User.DoesNotExist:

            return None 

    def get_user(self, user_id):

        """ Get a User object from the user_id. """

        try:

            return User.objects.get(pk=user_id)

        except User.DoesNotExist:

            return None

but still the decorator doesn't work..even if a user is not logged in he can access another's page just by modifying the  url(r'^(?P<user_id>\d+)/$', 'auth.views.main', name='main'),(putting his id)

have you followed the django's documentation about how to use the login_requried decorator? have you installed the required app in setting ? 

--
You received this message because you are subscribed to the Google Groups "Django users" group.

To view this discussion on the web visit https://groups.google.com/d/msg/django-users/-/HsS1FtrjJ5IJ.

[mapapage]

 I'm working with a legacy database so I should use another model (Owners) instead of the default Djangoconstrib.auth.models.User for authentication.

That's why I wrote my own and custom authentication backend. 

My model has an id field (id = models.DecimalField(...)) that is used for username and a field for password(password = models.CharField(...))

 What's more, the password that is stored in the Owners.password is not an encrypted string but plain text and when I use if user.check_password(password): I get 

Unknown password hashing algorithm '123'. Did you specify it in the PASSWORD_HASHERS setting?  That seems to be some kind of bug.

If I didn't misunderstood sth, I don't know what to do and therefore I'm asking for a guideline..

[mapapage]

[Pengfei Xue]

http://www.djangobook.com/en/2.0/chapter14/ 

take a quick look at this article, i think it will help you out

-- 

Sincerely,

Pengfei Xue

已使用 Sparrow

已使用 Sparrow

--

You received this message because you are subscribed to the Google Groups "Django users" group.

To view this discussion on the web visit https://groups.google.com/d/msg/django-users/-/WmODCM0Zj2sJ.

[mapapage]

I saw it but I think that this isn't what I need for what I wanna do. I shouldn't use django's authentication module. I should make my own backend work.