3 Things You Need to Authenticate Users in Django

You want to authenticate users but you’re unsure how. The documentation isn’t the most helpful thing in the world. You think, “wow… this documentation assumes I know all this other stuff…”

What are the things you need to authenticate users? There are 3 things you need and I’m going to show you what each looks like.

First: You need some routes

You need authentication routes. I think it makes the most sense to create a separate app for this purpose. (Separate all your login logic from all your other logic)

Let’s look at some login routes:

_loginapp/urls.py

from django.conf.urls import url
from django.conf import settings
from django.conf.urls.static import static

from . import views

urlpatterns = [
    # Session Login
    url(r'^login/$', views.login_user, name='login'),
    url(r'^logout/$', views.logout_user, name='logout'),
    url(r'^auth/$',  views.login_form, name='login_form'),
]

Second: You’ll need some templates

Templates are important. Templates are the HTML representation of your application. For example, at the bare minimum, you’ll need a way to let your users login. How do you do it? It doesn’t have to be pretty because this is JUST HTML.

loginapp/templates/loginapp/login.html

<form method='post' action="{%  url 'loginapp:login' %}">
    <label for="username">Username:</label>
    <input type="text" name="username" />
    <br>
    <label for="password">Password:</label>
    <input type="password" name="password" />
    <br>
    <input type="submit" value="Login" />
</form>

Third: You’ll need some views

The views you’ll need for login will be:
1. The login form view (shows the login form)
2. The POST view that will authenticate a user that is active / exists
3. A view that will log the user out

Let’s start with the login form view (loginapp/auth):

def login_form(request):
    return render(request, 'accounts/login.html', {})

This view simply renders our login.html template that we created above. It’s also possible to make only 2 routes (1 that will detect a POST request and 1 that will detect a GET request) however, I (personally) really like have separate views for each request method.

Here is an example of a view that will detect a username and password and use those credentials to authenticate a user and login the user thus creating a session specifically for that user.

def login_user(request):
    username = request.POST.get('username')
    password = request.POST.get('password')
    user = authenticate(username=username, password=password)
    if user is not None:
        # the password verified for the user
        if user.is_active:
            login(request, user)
            return redirect('/polls/')
    return redirect(settings.LOGIN_URL, request)

This method will get the username and password from the POST request data. Then, we will use the username and password to try to authenticate a user that exists in our database.

If a user exists, we will try to login our user and redirect to our polls application. If the user does not exist we will redirect back to the login form.

How do you logout an authenticated user?

def logout_user(request):
    logout(request)
    return redirect('/polls/')

This method will take the request object and user it to logout the logged in user. Once the user logs out, the application will redirect the user to our polls application.

This is the 3 things that you need to authenticate users in your Django application. (If you want to use Session Authentication with Django REST Framework) this is how you would accomplish this.

I hope that helps you when need to authenticate users in your future web application.