I want to override Django-login to make a custom login, but I can't find how.
The reason is that there's an specific situation where I cannot use csrf
authentication, so I want to create a custom login, and afterwards, make a security layer that ensures my custom login is secure.
Any ideas?
To overwrite the django custom admin, you have to create urls path and a view where you check and login/logout the user. Take this for example:
urls.py
url(r'^accounts/auth/$', 'auth_view'),
views.py
from django.contrib import auth
def auth_view(request):
# here you get the post request username and password
username = request.POST.get('username', '')
password = request.POST.get('password', '')
# authentication of the user, to check if it's active or None
user = auth.authenticate(username=username, password=password)
if user is not None:
if user.is_active:
# this is where the user login actually happens, before this the user
# is not logged in.
auth.login(request, user)
...
return ...
else :
return HttpResponseRedirect("Invalid username or password")
Your html form:
<form role="form" action="/accounts/auth/" method="POST">