Django provides a comprehensive authentication system that includes user authentication, login/logout functionalities, password management, and user registration.
Django’s authentication system handles user accounts, groups, permissions, and cookie-based user sessions. It is designed to make web development both fast and secure.
To use Django’s authentication system, you need to ensure that 'django.contrib.auth' and 'django.contrib.contenttypes' are included in your INSTALLED_APPS setting:
INSTALLED_APPS = [
...
'django.contrib.auth',
'django.contrib.contenttypes',
...
]
Migrate your database to create the necessary tables:
python manage.py makemigrations
python manage.py migrate
Django provides a built-in view to handle user login. To use it, include the following in your urls.py:
from django.urls import path
from django.contrib.auth import views as auth_views
urlpatterns = [
path('login/', auth_views.LoginView.as_view(), name='login'),
]
Create a template named registration/login.html:
{% block content %}
<h2>Login</h2>
<form method="post">
{% csrf_token %}
{{ form.as_p }}
<button type="submit">Login</button>
</form>
{% endblock %}
Similar to login, Django provides a built-in view for logout:
urlpatterns = [
path('logout/', auth_views.LogoutView.as_view(), name='logout'),
]
Create a template named registration/logged_out.html:
{% block content %}
<h2>Logged Out</h2>
<p>You have been logged out.</p>
{% endblock %}
For password management, include the following URLs:
urlpatterns = [
path('password_change/', auth_views.PasswordChangeView.as_view(), name='password_change'),
path('password_change/done/', auth_views.PasswordChangeDoneView.as_view(), name='password_change_done'),
path('password_reset/', auth_views.PasswordResetView.as_view(), name='password_reset'),
path('password_reset/done/', auth_views.PasswordResetDoneView.as_view(), name='password_reset_done'),
path('reset/<uidb64>/<token>/', auth_views.PasswordResetConfirmView.as_view(), name='password_reset_confirm'),
path('reset/done/', auth_views.PasswordResetCompleteView.as_view(), name='password_reset_complete'),
]
Ensure you have the following templates:
registration/password_change_form.htmlregistration/password_change_done.htmlregistration/password_reset_form.htmlregistration/password_reset_done.htmlregistration/password_reset_confirm.htmlregistration/password_reset_complete.htmlTo create a user registration form, follow these steps:
Create a form in forms.py:
from django import forms
from django.contrib.auth.models import User
from django.contrib.auth.forms import UserCreationForm
class RegisterForm(UserCreationForm):
email = forms.EmailField()
class Meta:
model = User
fields = ['username', 'email', 'password1', 'password2']
Create a view in views.py:
from django.shortcuts import render, redirect
from django.contrib.auth import login
from .forms import RegisterForm
def register(request):
if request.method == 'POST':
form = RegisterForm(request.POST)
if form.is_valid():
user = form.save()
login(request, user)
return redirect('home')
else:
form = RegisterForm()
return render(request, 'registration/register.html', {'form': form})
Include the view in your urls.py:
urlpatterns = [
path('register/', views.register, name='register'),
]
Create a template named registration/register.html:
{% block content %}
<h2>Register</h2>
<form method="post">
{% csrf_token %}
{{ form.as_p }}
<button type="submit">Register</button>
</form>
{% endblock %}