Introduction
Django's authentication system handles user accounts, groups, and permissions.
User Model
from django.contrib.auth.models import User
# Create user
user = User.objects.create_user(
username="john",
email="john@email.com",
password="secret"
)
# Check password
user.check_password("secret")
# Authenticate
from django.contrib.auth import authenticate
user = authenticate(username="john", password="secret")
Login and Logout
from django.contrib.auth import login, logout
from django.contrib.auth.decorators import login_required
def login_view(request):
user = authenticate(username="john", password="secret")
if user:
login(request, user)
return redirect("home")
@login_required
def logout_view(request):
logout(request)
return redirect("home")
Permissions
from django.contrib.auth.decorators import permission_required
from django.contrib.auth.models import Permission
# Check permission
user.has_perm("app.add_model")
user.has_perm("app.change_model")
user.has_perm("app.delete_model")
# Add permission
perm = Permission.objects.get(codename="can_publish")
user.user_permissions.add(perm)
Practice Problems
- Create login/logout views
- Password change functionality
- User registration
- Permission-based access control
- Custom user model