Django-为什么内置的auth登录功能在成功登录URL后没有将有关用户的信息传递给

Question

Hi I used the django inbult auth urls and views for my project and now have finished the initial user account creation/login/reset password process.

Now, the user can log in and be redirected to the after successful login url accounts/profile/.

I have several doubts on the django login function. For convenience, I've copy paste the django inbuilt login function code below.

@sensitive_post_parameters()
@csrf_protect
@never_cache
def login(request, template_name='registration/login.html',
          redirect_field_name=REDIRECT_FIELD_NAME,
          authentication_form=AuthenticationForm,
          current_app=None, extra_context=None):
    """
    Displays the login form and handles the login action.
    """
    redirect_to = request.REQUEST.get(redirect_field_name, '')

    if request.method == "POST":
        form = authentication_form(request, data=request.POST)
        if form.is_valid():

            # Ensure the user-originating redirection url is safe.
            if not is_safe_url(url=redirect_to, host=request.get_host()):
                redirect_to = resolve_url(settings.LOGIN_REDIRECT_URL)

            # Okay, security check complete. Log the user in.
            auth_login(request, form.get_user())

            return HttpResponseRedirect(redirect_to)
    else:
        form = authentication_form(request)

    current_site = get_current_site(request)

    context = {
        'form': form,
        redirect_field_name: redirect_to,
        'site': current_site,
        'site_name': current_site.name,
    }
    if extra_context is not None:
        context.update(extra_context)
    return TemplateResponse(request, template_name, context,
                            current_app=current_app)

My questions are:

1 Is the REDIRECT_FIELD_NAME in the function set as '/profile/' in django.contrib.auth ?

I could see this variable is imported from django.contrib.auth

from django.contrib.auth import REDIRECT_FIELD_NAME, login as auth_login, logout as auth_logout, get_user_model

I don't have any setting for this variable, but after user successfully logged in, the page will be directed to /accounts/profile/

2 Has the login function passed the account info about the user? If yes, how can I access it?

From the code, if user successfully logged in, page will be redirected: return HttpResponseRedirect(redirect_to)

in my case, redirected to accounts/profile/ , initially the view for the url was simply a

HttpResponse("You have logged in successfully")

now when I am trying to implement the view function, I realize that no info about the user has been passed.

I've tried to print request in the view function, but there is no info about the user in the message printed in the server terminal, all I get is a long list of system settings or other info. However, the login should pass the info of who has just successfully logged in to the successful log in urls right?

Thank you very much for explaining.

Answer 1

After the login, you can access the user info by referring request.user in views and just {{user}} in templates. All you need to make sure is you're passing the RequestContext in the HttpResponse for the future request.

Yes, REDIRECT_FIELD_NAME is defined in __init__.py of django.contrib.auth which is simply a "next" what you passed from the login form.

In Django, there are more than one ways to force a user to login. By decorating a view function with @login_required , by calling the build-in login view for an user defined URL and etc., Refer about the login settings variables here . You'll get some more ideas.

Building custom login page . That link gives you an example for custom login implementaion. Consider you have decorated a view with @login_required and it's corresponding URL is /login_test/ . Then the {{next}} context variable in the login form will be rendered with /login_test/ . So after you login,

<input type="hidden" name="next" value="{{ next }}" />

This element's value will be taken for redirecting as per the REDIRECT_FIELD_NAME . Though I suspect that that example is missing the setting of settings.LOGIN_URL to the URL login/ . Never mind, it's being passed as an argument in the decorator itself.

Answer 2

To override this behavior just put following in settings.py of your app :

LOGIN_REDIRECT_URL = "/"

This will redirect to your home page. You can change this url to preferred url.

Answer 3

Once the user is redirected to accounts/profile/ the view for that link will be returned. You can access information about the currently logged in user there as per this post by using request.user . Also tip to see what information you have access to in your views. Use import pbd; pdb.set_trace() import pbd; pdb.set_trace() . This pops you into a python prompt with access to all of the current variables. To see all the defined variables call locals() , though this will print out a ton of junk along with it. In the template you can display a "you can't access this page" message if the user isn't logged in.