Labs ICT
โญ Pro Login

Authentication

Login, logout, and user management.

The User Model

Django's built-in User model provides the foundation for authentication. It includes fields like username, password, email, first_name, and last_name.


from django.contrib.auth.models import User

user = User.objects.create_user(
    username='johndoe',
    email='john@example.com',
    password='securepass123'
)

Always use create_user() instead of create() โ€” it handles password hashing automatically.

Logging In and Out

Django provides login(), logout(), and authenticate() functions for managing user sessions.


from django.contrib.auth import authenticate, login, logout

def login_view(request):
    if request.method == 'POST':
        username = request.POST['username']
        password = request.POST['password']
        user = authenticate(request, username=username, password=password)
        if user is not None:
            login(request, user)
            return redirect('home')
        else:
            return render(request, 'login.html', {'error': 'Invalid credentials'})
    return render(request, 'login.html')

def logout_view(request):
    logout(request)
    return redirect('login')

The authenticate() function returns the user object if credentials are valid, or None if they're not.

Try it Yourself โ†’

Protecting Views

Use decorators or mixins to restrict access to authenticated users.


from django.contrib.auth.decorators import login_required
from django.contrib.auth.mixins import LoginRequiredMixin

@login_required
def dashboard(request):
    return render(request, 'dashboard.html')

class ProfileView(LoginRequiredMixin, View):
    def get(self, request):
        return render(request, 'profile.html')

Unauthenticated users are redirected to the login page. You can set login_url to customize the redirect URL.

Registration and Password Reset

Django includes views and forms for user registration and password management.


from django.contrib.auth.forms import UserCreationForm

def register_view(request):
    if request.method == 'POST':
        form = UserCreationForm(request.POST)
        if form.is_valid():
            form.save()
            return redirect('login')
    else:
        form = UserCreationForm()
    return render(request, 'register.html', {'form': form})

For password reset, Django provides email-based workflows. You can customize the templates and views to match your design.

Accessing the Current User

The request.user object gives you access to the currently logged-in user.


def profile_view(request):
    user = request.user
    if user.is_authenticated:
        return render(request, 'profile.html', {'user': user})
    return redirect('login')

You can access user attributes directly: request.user.username, request.user.email, etc. Use is_authenticated to check if a user is logged in.

๐Ÿงช Quick Quiz

How do you make a view require login?

โ† Django Admin
Permissions โ†’