Reputation: 21
why im unable to authenticate other users except the super user in django?
I have used the default path('',include("django.contrib.auth.urls")) in django to perform login,password reset operations for my project,I have thoroughly checked my signup form and the database,everything goes well with the registration part,but I am unable to authenticate all other users except the super user,what might be the reason for this issue?
myproject/urls.py:
from django.contrib import admin
from django.urls import path,include
urlpatterns = [
path('admin/', admin.site.urls),
path('home/', include('home.urls')),
path('accounts/',include('accounts.urls')),
path('',include("django.contrib.auth.urls"))
]
and in templates in registration directory my login form will look like
{% extends 'base.html' %}
{% block title %}Login{% endblock %}
{% block content %}
<h2>Login</h2>
<form method="post">
{% csrf_token %}
{{ form.as_p }}
<button type="submit">Login</button>
</form>
{% endblock %}
my signup view is:
class UserFormView(View):
form_class = RegForm
template_name = 'signup.html'
def get(self, request):
form = self.form_class()
return render(request, self.template_name, {'form': form})
def post(self, request):
form = self.form_class(request.POST)
if (form.is_valid()):
form.save()
return redirect('login')
return render(request, self.template_name, {'form': form})
And then then my form:
class RegForm(forms.ModelForm):
password = forms.CharField(widget=forms.PasswordInput())
confirm_password=forms.CharField(widget=forms.PasswordInput())
class Meta:
model= User
fields=['first_name','last_name','username','email','date_joined','password','confirm_password']
def clean_password(self):
password=self.cleaned_data.get("password")
confirm_password = self.cleaned_data.get("confirm_password")
if(len(password)<8):
raise forms.ValidationError("The length of the password should be minimum 8 characters")
return password
def clean_email(self):
email=self.cleaned_data.get('email')
if(validate_email(email)==False):
raise forms.ValidationError("The Email Format is In Correct")
return email
def clean_confirm_password(self):
password = self.cleaned_data.get("password")
confirm_password = self.cleaned_data.get("confirm_password")
if (password != confirm_password):
raise forms.ValidationError('Password doesn\'t match')
Upvotes: 0
Views: 312
Answers (3)
Reputation: 10136
As I said in comments you need to save the user like this:
def post(self, request):
form = self.form_class(request.POST)
if form.is_valid():
user = form.save(commit=False)
password = form.cleaned_data['password']
user.set_password(password)
user.save()
return redirect('login')
return render(request, self.template_name, {'form': form})
Upvotes: 1
Reputation: 131
This is because you incorrectly save the password. In django it perform a hashing over the password. You either use the django User password field( ref link https://docs.djangoproject.com/en/2.1/ref/contrib/auth/#django.contrib.auth.models.User.password) so your RegForm looks like
class RegForm(forms.ModelForm):
confirm_password=forms.CharField(widget=forms.PasswordInput())
class Meta:
model= User
fields=['first_name','last_name','username','email','date_joined','password','confirm_password']
def clean_password(self):
password=self.cleaned_data.get("password")
confirm_password = self.cleaned_data.get("confirm_password")
if(len(password)<8):
raise forms.ValidationError("The length of the password should be minimum 8 characters")
return password
def clean_email(self):
email=self.cleaned_data.get('email')
if(validate_email(email)==False):
raise forms.ValidationError("The Email Format is In Correct")
return email
def clean_confirm_password(self):
password = self.cleaned_data.get("password")
confirm_password = self.cleaned_data.get("confirm_password")
if (password != confirm_password):
raise forms.ValidationError('Password doesn\'t match')
Or
save the hashed value of input passwor in the post method. So the code look like
def post(self, request):
form = self.form_class(request.POST)
if (form.is_valid()):
user_form = form.save(commit=False)
user_form.set_password(request.POST.get('password'))
user_form.save()
return redirect('login')
return render(request, self.template_name, {'form': form})
Upvotes: 1
Reputation: 29977
Django expects the password field of the User model to contained a hashed password. Your form stores the password in plaintext (which is a big security no-go).
I suggest you have a look at the source code of django.contrib.auth.forms.UserCreationForm on how to properly create a user.
Edit: my guess is that you can sign in with the superuser because you created it with the createsuperuser command.
Upvotes: 1
Related Questions
- User is not authenticated in Django? It shows errors
- Cannot login to Django admin with custom superuser
- Traying to authentication and give user certain permission, depending on the type of user. But noting is happening
- can't authenticate user in django
- Login authenticate is not working in django?
- user authenticate is not working Django
- Creating superuser in django
- Not able to authenticate user in Django?
- Authentication not working in Django?
- user authentication problem in django