auth module
from django.contrib import auth
django.contrib.auth provides many methods, the next three are mainly introduced: authenticate(), login(HttpRequest, user), logout(request)
authenticate()
Provides user authentication, that is, to verify whether the user name and password are correct, generally requires two keyword parameters of username and password
If the authentication information is valid, a User object will be returned, and authenticate() will set an attribute on the User object to identify the user that the authentication backend has authenticated, and this information is required in the subsequent login process.
When we try to log in to a User object that is taken directly from the database without authenticate(), an error will be reported
user = auth.authenticate(username='name', password='pwd')
login(HttpRequest,user)
This function accepts an HttpRequest object, and an authenticated User object. This function uses django's session framework to attach session id and other information to an authenticated user
from django.contrib import auth def login(request): name = request.POST.get("username") pwd = request.POST.get("pwd") user = auth.authenticate(username=name, password=pwd) if user is not None: auth.login(request,user) return redirect('/index/') else: return HttpResponse('login failed!')
logout(request) to log out the user
This function will accept an HttpRequest object with no return value. When this function is called, all the session information of the current request will be cleared. Even if the user is not logged in, using this function will not report an error.
from django.contrib import auth def logout(request): auth.logout(request) return redirect('/login/')
User object
User object attributes: username, password (required). The password is saved to the database with a hash algorithm
is_staff: Whether the user has the management authority of the website
is_active: Whether to allow the user to log in, set to "false", you can prohibit the user from logging in without deleting the user
is_authenticated()
If it is a real User object, the return value is always True, which is used to check whether the user has passed the authentication. Passing authentication does not mean that the user has any permissions, nor does it even check whether the user is active, it just means that the user with the name of the table has successfully passed the authentication.
Example
from django.contrib.auth.models import User from django.contrib.auth.decorators import login_required #方法一 def index(request): ''' The page cannot be accessed until the user is logged in If the user visits the page without logging in, jump directly to the login page After the user completes the login on the jumped login page, the user will automatically access the previously visited address. ''' if not request.user.is_authenticated(): return redirect( ' %s?next=%s ' % (settings.LOGIN_URL, request.path)) #If the user is not logged in, it will jump to the django default Login URL'/accounts/login/' (this value can be changed in the settings file through LOGIN_URL) #And pass the absolute path of the current access url (after successful login, it will be redirected to this path) return render(request, ' index .html ' ) #Method 2 # Django has designed a decorator for us in this case: login_required() @login_required def index(request): pass
create user
from django.contrib.auth.models import User def reg(request): user = User.objects.create_user(username='lary', password='123') user.save() return HttpResponse('ok')
check_password(password)
When the user needs to change the password, first let him enter the original password, if the given string passes the password check, return True
change Password
from django.contrib.auth.models import User def change_pwd(request): user=User.objects.get(username='lary') user.set_password(password='321') user.save() return HttpResponse('OK')