How to make override Django login

Sascuash picture Sascuash · May 9, 2014 · Viewed 10.7k times · Source

I want to override Django-login to make a custom login, but I can't find how.

The reason is that there's an specific situation where I cannot use csrf authentication, so I want to create a custom login, and afterwards, make a security layer that ensures my custom login is secure.

Any ideas?

Answer

To overwrite the django custom admin, you have to create urls path and a view where you check and login/logout the user. Take this for example:

urls.py

url(r'^accounts/auth/$', 'auth_view'),

views.py

from django.contrib import auth

def auth_view(request):

    # here you get the post request username and password
    username = request.POST.get('username', '')
    password = request.POST.get('password', '')

    # authentication of the user, to check if it's active or None
    user = auth.authenticate(username=username, password=password)

    if user is not None:
        if user.is_active:
            # this is where the user login actually happens, before this the user
            # is not logged in.
            auth.login(request, user)

            ...
            return ...

    else :
        return HttpResponseRedirect("Invalid username or password")

Your html form:

<form role="form" action="/accounts/auth/" method="POST">