I wrote two views as the class in Django in order to do the Registration and Login for my website. But the problem is that the user objects get created successfully. But when I try to authenticate later getting the warning message showing that user with that username already exists in Django
The two views are given below
class RegistrationView(View):
form_class=RegistrationForm
template_name='eapp/user_registration_form.html'
def get(self,request):
form=self.form_class(None)
return render(request,self.template_name,{'form':form})
def post(self,request):
form=self.form_class(request.POST)
if form.is_valid():
user=form.save(commit=False)
#cleaned (normalized) data
username =form.cleaned_data['username']
password =form.cleaned_data['password']
email=form.cleaned_data['email']
user.set_password(password)
user.save()
return render(request,self.template_name,{'form':form,})
class LoginView(View):
form_class=LoginForm
template_name='eapp/user_login_form.html'
def get(self,request):
form=self.form_class(None)
return render(request,self.template_name,{'form':form})
def post(self,request):
form=self.form_class(request.POST)
if form.is_valid():
#cleaned (normalized) data
username =form.cleaned_data['username']
password =form.cleaned_data['password']
#authenticatin
user=authenticate(username=username,password=password)
if user is not None:
if user.is_active:
login(request,user)
return render(request,'eapp/index.html',{})
return render(request,self.template_name,{'form':form,})
here is my forms.py'
from django.contrib.auth.models import User
from django import forms
class RegistrationForm(forms.ModelForm):
password=forms.CharField(widget=forms.PasswordInput)
class Meta:
model=User
fields=['username','email','password']
class LoginForm(forms.ModelForm):
password=forms.CharField(widget=forms.PasswordInput)
class Meta:
model=User
fields=['username','password'
]
How can I solve this? ThankYou
Change your LoginForm for a Form without model:
from django import forms
class LoginForm(forms.Form):
username = forms.CharField(label = 'Nombre de usuario')
password = forms.CharField(label = 'Contraseña', widget = forms.PasswordInput)
This way your form will validate that the fields are entered and will not take validations from the User model
Related
I'm trying to login user by his username and password, but when i'm trying to check form.is_valid(), it returns False. Errorlist contain error: "Please enter a correct username and password. Note that both fields may be case-sensitive.". When i don't specify my own post it's doesn't work either.
I was looking for typo, but didn't found any. In internet nothing helped me at all.
I tried switch form and it's fields, but error was the same.
views.py:
from django.views.generic import *
from django.views.generic import *
from django.contrib.auth.forms import AuthenticationForm
from django.contrib.auth import authenticate, login, logout
...
class RegisterView(CreateView):
form_class = UserRegisterForm
success_url = reverse_lazy('main:homepage')
template_name = "accounts/register.html"
def post(self, request):
form = self.get_form()
if form.is_valid():
user = form.save()
login(request, user)
return redirect("main:homepage")
else:
print(form.errors)
return redirect("accounts:register")
class LoginView(FormView):
form_class = AuthenticationForm
template_name = "accounts/login.html"
def post(self, request):
form = self.get_form()
if form.is_valid():
form.clean()
user = authenticate(
request,
username=form.cleaned_data["username"],
password=form.cleaned_data["password"],
)
login(request, user)
return redirect("main:homepage")
else:
print(form.errors)
print(form.cleaned_data)
return redirect("accounts:login")
forms.py:
from django import forms
from django.contrib.auth import get_user_model, authenticate, login
from django.contrib.auth.forms import UserCreationForm, AuthenticationForm
class UserRegisterForm(UserCreationForm):
email = forms.EmailField()
class Meta:
model = get_user_model()
fields = ['username', 'email', 'first_name']
def save(self):
self.clean()
user = self.Meta.model(
username = self.cleaned_data['username'],
email = self.cleaned_data['email'],
password = self.cleaned_data['password2'],
)
user.save()
return user
login.html:
<div class="wrap">
<form method="POST">
{% csrf_token %}
{{ form.as_p }}
<button type="submit">CONFIRM LOGIN</button>
</form>
</div>
Your code snippets are all correct , but the way of saving the user's password is incorrect in the from via save method , the way you are saving the password , it saves the raw text form of the password to the database , if you want to check , just open your database and check the password fields , they are stored in raw text format ( exapmle : testing123) where as the django saves , retrieves , password using password hashing alogrithm of sha256 until and unless you have not specified it and its hashes to pbkdf2_sha256... this format .
dont save user like this :
user = User(username = username , password = password , email = email)
user.save()
save like this
user = User(username = username , email = email)
user.set_password(password)
user.save()
Update your code snippet :
from django import forms
from django.contrib.auth import get_user_model, authenticate, login
from django.contrib.auth.forms import UserCreationForm, AuthenticationForm
class UserRegisterForm(UserCreationForm):
email = forms.EmailField()
class Meta:
model = get_user_model()
fields = ['username', 'email', 'first_name']
def save(self):
self.clean()
user = self.Meta.model(
username = self.cleaned_data['username'],
email = self.cleaned_data['email'],
)
user.set_password(self.cleaned_data['password2'])
user.save()
return user
This will do the required work.
class UserRegisterForm(UserCreationForm):
email = forms.EmailField()
class Meta:
model = get_user_model()
fields = ['username', 'email', 'first_name']
def save(self):
self.clean()
user = self.Meta.model(
username = self.cleaned_data['username'],
email = self.cleaned_data['email'],
)
# Set password with method is solution
user.set_password(self.cleaned_data['password2'])
user.save()
return user
The reason this does not work is because passwords are hashed, and your UserRegisterForm does not hash the password properly. There is however no need to override the .save(…) method. Django's UserCreationForm [Django-doc] already takes care of this properly, since it is a ModelForm [Django-doc], so:
from django.contrib.auth import get_user_model
from django.contrib.auth.forms import UserCreationForm
class UserRegisterForm(UserCreationForm):
email = forms.EmailField()
class Meta:
model = get_user_model()
fields = ['username', 'email', 'first_name']
# no override of save
I am following a tutorial to do this in Django 3.1.7.
The problem I'm having here is I'm being forced to repeat my Profile Model in my Profile Form definition.
I want to use forms.ModelForm in my forms.py to inherit my Profile Model and auto-generate the forms. It seems redundant to have to spell everything out again in forms.py when it is already defined in my Models. But I'm not sure how to do that with this architecture.
I've tried this approach:
https://stackoverflow.com/a/2213802/4144483
But the problem with this is that UserForm is incomplete - 'password1' and 'password2' don't exist for model User. This is not a good solution for user registration. I seem to be bound to using UserCreationForm somehow.
#models.py
from django.db import models
from django.contrib.auth.models import User
from django.db.models.signals import post_save
from django.dispatch import receiver
class Profile(models.Model):
user = models.OneToOneField(User, on_delete=models.CASCADE)
bio = models.TextField(max_length=500, blank=True)
location = models.CharField(max_length=30, blank=True)
birth_date = models.DateField(null=True, blank=True)
#receiver(post_save, sender=User)
def update_user_profile(sender, instance, created, **kwargs):
if created:
Profile.objects.create(user=instance)
instance.profile.save()
#forms.py
rom django import forms
from django.contrib.auth.forms import UserCreationForm
from django.contrib.auth.models import User
class SignUpForm(UserCreationForm):
birth_date = forms.DateField(help_text='Required. Format: YYYY-MM-DD')
class Meta:
model = User
fields = ('username', 'birth_date', 'password1', 'password2', )
#views.py
from django.contrib.auth import login, authenticate
from django.shortcuts import render, redirect
from mysite.core.forms import SignUpForm
def signup(request):
if request.method == 'POST':
form = SignUpForm(request.POST)
if form.is_valid():
user = form.save()
user.refresh_from_db() # load the profile instance created by the signal
user.profile.birth_date = form.cleaned_data.get('birth_date')
user.save()
raw_password = form.cleaned_data.get('password1')
user = authenticate(username=user.username, password=raw_password)
login(request, user)
return redirect('home')
else:
form = SignUpForm()
return render(request, 'signup.html', {'form': form})
I generally use ModelForm instead of CreateUserForm for UserRegistration like this and add password1 and password2 fields in it. also, I check if they both are the same.:
forms.py
class UserRegistrationForm(forms.ModelForm):
password = forms.CharField(label='Password', widget=forms.PasswordInput)
password2 = forms.CharField(label='Repeat Password', widget=forms.PasswordInput)
email = forms.EmailField(label='Email')
date_of_birth = forms.DateField(widget=forms.widgets.DateInput(attrs={'type': 'date'}))
class Meta:
model = User
fields = ['username', 'first_name', 'last_name', 'email',
] #these ordering will be as follow in html form
def clean_password2(self):
cd = self.cleaned_data
if cd['password'] != cd['password2']:
raise forms.ValidationError("Passwords don't match")
return cd['password2']
Then in views, I create a user and their profile and save the password in encrypted form, and link their profile.
views.py
def register(request):
u_form = UserRegistrationForm(data=request.POST or None)
p_form = ProfileForm(data=request.POST or None, files=request.FILES or None)
if u_form.is_valid() and p_form.is_valid():
new_user = u_form.save(commit=False)
new_user.set_password(u_form.cleaned_data['password']) #this saves password in encrypted form instead of raw password
new_user.save()
profile = p_form.save(commit=False)
profile.user = new_user
profile.save()
return render(request, 'accounts/register_done.html', {'new_user': user})
return render(request, 'accounts/register.html', {'user_form': u_form, 'profile_form':p_form})
You can modify it as you like.
I am using my own custom User model, but I'm inheriting off of django.contrib.auth User model. I have a username, email, and password field. I don't explicitly add the password field because it gets added by default by the inheritance. When I try to create a superuser through the command line, the normal default Django password validation is working correctly. However, when I have a sign up form, it is not. Email and username validation are working properly when I click submit, but there is no password validation. I can enter whatever I want and it would accept the password.
Here's my forms.py
class RegisterForm(forms.ModelForm):
class Meta:
model = User
fields = ['username', 'email', 'password']
username = forms.CharField(label='Username', widget=forms.TextInput(attrs={'placeholder': 'Username:'}))
email = forms.EmailField(label='Email', widget=forms.EmailInput(attrs={'placeholder': 'Email:'}))
password = forms.CharField(label='Password', widget=forms.PasswordInput(attrs={'placeholder': 'Password:'}))
Here's my view:
class RegisterView(SuccessMessageMixin, View):
form_class = RegisterForm
template_name = 'oauth/auth_form.html'
success_message = "You have successfully created an account!"
# Display blank form
def get(self, request):
form = self.form_class(None)
return render(request, self.template_name, {'form': form})
def post(self, request):
form = self.form_class(request.POST)
if form.is_valid():
user = form.save(commit=False) # Do not save to table yet
username = form.cleaned_data['username']
password = form.cleaned_data['password']
user.set_password(password)
user.save()
# Let's try to login the user
user = authenticate(username=username, password=password)
if user is not None:
login(request, user)
return redirect('profiles: index')
return render(request, self.template_name, {'form': form})
How can I make it so that the password field gets validated correctly with the default password validation from Django?
Django has some utils to integrate password validation. The easiest would be to call the validate_password function in the field specific clean_password method of the form, but since you need a user instance for some validators, I shall demonstrate its use in the view:
from django.contrib.auth.password_validation import validate_password
from django.core.exceptions import ValidationError
class RegisterView(SuccessMessageMixin, View):
# ...
def post(self, request):
if form.is_valid():
user = form.save(commit=False) # Do not save to table yet
username = form.cleaned_data['username']
password = form.cleaned_data['password']
try:
validate_password(password, user)
except ValidationError as e:
form.add_error('password', e) # to be displayed with the field's errors
return render(request, self.template_name, {'form': form})
# ...
return render(request, self.template_name, {'form': form})
def sign_in(request):
#we need to handle all the data that was just typed, we'll add a condition for that
form = NameForm(request.POST)
if form.is_valid():
post = form.save()
post.save()
username = request.POST.get('username')
password = request.POST.get('password')
#auth = authenticate(username=username, password=password)
# If the username and password are provided try to auth them
if username and password:
print username, password
user = authenticate(username=username, password=password)
# if it authenticates successfully, check if the user is not an admin, log them in
if user:
if not user.is_staff:
login(request,user)
return HttpResponseRedirect('success')
else:
form = NameForm()
return render(request, 'checkin/sign_in_new.html', {'form': form})
EDIT: Changed code to work with backend. Added user.is_staff but it still won't return any web page, it just stays on the same one
models.py:
from __future__ import unicode_literals
from django.db import models
from django import forms
from django.forms import ModelForm
# Create your models here.
class Question(models.Model):
question_text = models.CharField("What is your ID?", max_length=100, null=True)
#pub_date = models.DateTimeField('date published')
id_text = models.CharField("", max_length=200, null=True)
def __str__(self):
return self.question_text
forms.py:
from django.forms import ModelForm
from .models import Question
#put the form here
class NameForm(ModelForm):
class Meta:
model = Question
fields = ['question_text', 'id_text']
class IdForm(ModelForm):
class Meta:
model = Question
fields = ['id_text']
Edit 2 These are my model and form files, should these not effect the naming of certain parameters in my backend?
Django authentication system.
I think you are familiar with saving the user data with models
you can use the authentication backend for solving this problem please refer following steps. create custom backends. in project root
backends/staff_backends.py
from project_app_path.staffs.models import MODEL_NAME
from django.contrib.auth.hashers import check_password
from django.contrib.auth.models import User
class StaffBackend:
def authenticate(self, username=None, password=None):
try:
user = MODEL_NAME.objects.get(username=username)
if check_password(password, user.password):
return user
else:
return None
except MODEL_NAME.DoesNotExist:
return None
def get_user(self, user_id):
try:
return MODEL_NAME.objects.get(pk=user_id)
except MODEL_NAME.DoesNotExist:
return None
Include the backends with project settings.
AUTHENTICATION_BACKENDS = [
'django.contrib.auth.backends.ModelBackend',
'backends.staff_backends.StaffBackend',
]
in views.py
from django.contrib.auth import authenticate, login ,logout
def any_view(request):
rg = request.POST.get
username = rg('username')
password = rg('password')
if username and password:
print username,password
user = authenticate(username=username,password=password)
if user:
if not user.is_staff:
login(request,user)
### Redirect where you want , you can use this code in to you signupage also.
This is how I do it, and it works... but I create users automatically, so no form input, but you should get the idea:
user, created = User.objects.get_or_create(username=user_email, email=user_email)
if created:
secret = str(uuid4())
user.set_password(secret)
user.save()
user = User.objects.get(username=user_email)
user.backend = 'django.contrib.auth.backends.ModelBackend'
login(request, user)
so for you, you could probably just use User.objects.get_or_create... instead of create_user
and you would obviously have to add the auth step.
I have the following error:
AttributeError: 'User' object has no attribute 'set_password'
The problem is I didn't override the class User:
My model.py:
class User(models.Model):
username = models.CharField(max_length=30)
password = models.CharField(max_length=30)
email = models.EmailField()
def __str__(self):
return self.username
My view.py:
def post(self, request):
form = self.form_class(request.POST)
if form.is_valid():
user = form.save(commit=False)
print type(user)
# Cleaning and normalizing data
username = form.cleaned_data['username']
password = form.cleaned_data['password']
user.set_password(password)
user.save()
# returns User objects if the credential are correct
user = authenticate(username=username, password=password)
if user is not None:
if user.is_active:
login(request, user)
return redirect('website:home')
return render(request, self.template_name, {'form': form})
And this is my form.py:
class UserForm(forms.ModelForm):
password = forms.CharField(widget=forms.TextInput(attrs={'class': 'form-control',
'type': 'password',
'placeholder': 'Enter your password'}))
class Meta:
model = models.User
I don't really know also if I should override the User class. In which case I should and in which case I shouldn't?
You need to inherit from AbstractUser to get access to set_password attribute. Instead of using models.Model use:
from django.contrib.auth.models import AbstractUser
class User(AbstractUser):
...
Your User model is not the same as django's User model.
Reference custom user model
from django.contrib.auth.hashers import make_password
replace
user.set_password(password) by user.password = make_password('password')
it clear and work for me.
The User model in Django has .set_password but if you made your own you should try OneToOneField(User) from there you just have to make sure you save both in the views.
user_form = UserForm(data=request.POST)
if user_form.is_valid():
user = user_form.save()
user.set_password(user.password)
profile = user.userprofile
profile.bio = request.POST['bio']
profile.save()