This time we are going to implement our own User management on top of Django.
Keep in mind that Django has a fairly complex Authentication system that is the prefered choice when we want to have users.
But this time, we want to implement our own system.
Here are the key parts:
We want a dead-simple user model:
class User(models.Model):
email = models.CharField(max_length=140, primary_key=True)
password = models.CharField(max_length=140)We need to have a way to register our users.
- Make a registration form that can be accessed at
/registerurl. - Make a login form that can be accessed at
/loginurl.
Once a user has logged in, keep him logged in until he decides to log out. In order to to that, you will need sessions
Create a simple /profile page that can only be accessed from a logged user.
If someone tries to access this page without a login, redirect him to registration
In the profile page, have a logout button.
Add the following redirect scenarios:
- If logged user tries to access
/register, redirect him to/profile - If logged user tries to access
/login, redirect him to/profile - If annon user tries to access
/profile, redirect him to/login
In order to achieve that, in your app, in a file called decorators.py implement the following decorators:
from .decorators import login_required, annon_required
@annon_required(redirect_url='/profile')
def register(request):
...
@annon_required(redirect_url='/profile')
def login(request):
...
@login_required(redirect_url='/login')
def profile(request):
...In the original Django auth system, there is a request.user, which is very helpful to access the user if the user is logged in.
Implement a middleware that sets request.user to the actual logged in user or None if there isn't any.