Auth module
First, what is auth module
Django Auth module is built-in user authentication module
Django Auth module is built-in user authentication module can be implemented include user registration, user login, user authentication, log off, change passwords and other functions. Default auth_user table to store user data.
Two, Auth module
1. Create a super user (createsuperuser)
Create a super user data is inserted in auth_user table, the password is encrypted.
Created in the Run manage.py Task
createsuperuser
2. Query User (authenticate ())
Verify the user name and password are correct, it normally takes username, password two key parameters. If authentication is successful (valid user name and password are correct), it will return a User object
from django.contrib import auth user_obj = auth.authenticate(request, username=name, password=pwd)
You can not use this query filter method, because the user table is stored encrypted password
models.User.objects.filter(username=username,password=password).first()
3. logged-in user (login ())
This function takes an HttpRequest object and a query through certified user_obj
After logging in, the user will be recorded in the session state
from django.contrib import auth auth.login(request,user_obj)
4. Log success
As long as the implementation of the above sentence logged in, you can get by request.user to the current user object anywhere in the backend
user_obj = request.user
The determination whether the user is logged (is_authenticated)
Used to determine whether the current request by the authentication, if the pass is true, false and vice versa
request.user.is_authenticated
6. login authentication decorator
Login to add a quick check of a view.
If the user is not logged, it will jump to the django default login URL '/ accounts / login /', and passing the current url to access the absolute path (after successful login, will be redirected back to the path)
If you customize the login URL, you need to log in the path set by LOGIN_URL in settings.py file
from django.contrib.auth.decorators Import login_required @login_required (LOGIN_URL = '/ XXX /') # partially disposed directly write a log in the path inside the decorator DEF index (Request): Pass
# global configuration settings file write LOGIN_URL = ' / xxx / ' after the set decorator @login_required write directly on it
7. registered super user and ordinary users
Wrong way: User.objects.create (username = username, password = password) # create a user name and then use the time do not create a User.objects.create_user (username = username, password = password) # Create a regular user User. objects.create_superuser (username = username, password = password, Email = ' [email protected] ' ) # create a super user Email (required)
8. passcode (check_password ())
# Passcode request.user.check_password (old_password)
9. Change Password (set_password ())
Note: change the password, be sure to save save, it would not take effect
request.user.set_password(new_password)
request.user.save()
10. Log (logout ())
When the function is called, the current session information request will be clear, the equivalent of request.session.flush (). Even if the user is not logged in, do not use this function error
auth.logout(request)
Other property 11.User objects
# On-line site before the is_active and is_staff set to False is_active # banned from the site (user exists, the title) is_staff # have administrative rights on the site (can not log ADMIN) request.user.is_active = False request.user. is_staff = False
Third, custom table auth_user
1. Method One: Defining a table model, associated with one User (not recommended)
from django.contrib.auth.models Import the User class UserDetail (models.Model): Phone = models.CharField (MAX_LENGTH = 32 ) # one auth_user Correlative with table # If the model table is introduced from the outside, is not added quotes # if quoted, just looking at the current Model the User = models.OneToOneField (= to the User)
2. Option two: class inheritance, (AbstractUser)
from django.contrib.auth.models Import AbstractUser class Userinfo (AbstractUser): # Do not follow the original fields in the table can only repeat Innovation Phone = models.BigIntegerField () Avatar = models.CharField (max_length = 32)
note:
1 . Once we achieve the expansion auth_user table through inheritance, do database migration, since there is no auth_user the table, after authentication component with the table is UserInfo. Where the original use of all auth_user table model with a new table model --UserInfo 2 . Tell django auth default table is no longer used, but the use of custom tables you need to set in settings.py in AUTH_USER_MODEL = 'app01. UserInfo ' ' application name. class name '