Django login() 在 HttpResponseRedirect 后不存在

Question

I have custom Django login forms that, since upgrading from Django 1.8 to 2.2 , no longer keep user logged in after HttpResponseRedirect . Here's is a generalized sample of the code:

@render_with('users/login.html')
def login_view(request, campaign_id=None):

    if request.method == 'POST':
        form = LoginForm(request.POST)
        if form.is_valid():
            email = form.cleaned_data['email']
            password = form.cleaned_data['password']

            # Login user
            user = authenticate(request, email=email, password=password)
            if user:
                if user.is_active:
                    login(request, user)
                    return HttpResponseRedirect('/redirect-user/')

I know that login() is working properly because if I use render instead of HttpResponseRedirect , the user is logged in. However, I want to redirect the user to a different view after login. What is the best way to do this?

UPDATE

It appears that the culprit is my custom authenticate backend EmailOrUsernameModelBackend . Any ideas what I am doing wrong?

settings.py

AUTHENTICATION_BACKENDS = (
  'social_core.backends.open_id.OpenIdAuth',
  'social_core.backends.google.GoogleOpenId',
  'social_core.backends.facebook.FacebookOAuth2',
  'social_core.backends.google.GoogleOAuth2',
  'social_core.backends.linkedin.LinkedinOAuth2',
  'users.backends.EmailOrUsernameModelBackend',
  'django.contrib.auth.backends.ModelBackend',
)

__init__.py

class EmailOrUsernameModelBackend(object):

    supports_object_permissions = False
    supports_anonymous_user = False
    supports_inactive_user = False

    def authenticate(self, request, email=None, password=None):
        if '@' in email:
            kwargs = {'email': email.lower() }
        else:
            kwargs = {'username__iexact': email.lower() }
        try:
            user = User.objects.get(**kwargs)
            if user.check_password(password):
                return user
        except User.DoesNotExist:
            return None

Also, if I change the code and logout/login again to test, it works the 1st test and fails on subsequent tests with the same user.

Answer 1

Thanks to @Sayse's suggestion about middleware/backends causing the issue. Removing 'users.backends.EmailOrUsernameModelBackend' fixed the issue in the question above, but consequently broke my login after a new user registers. In order to get both login and registration working, I switched the other of EmailOrUsernameModelBackend and ModelBackend :

AUTHENTICATION_BACKENDS = (
  'django.contrib.auth.backends.ModelBackend',
  'users.backends.EmailOrUsernameModelBackend',
)

Per Django docs :

The order of AUTHENTICATION_BACKENDS matters, so if the same username and password is valid in multiple backends, Django will stop processing at the first positive match.

I am still not sure what is wrong with the EmailOrUsernameModelBackend causing it to break my login, but this did fix the issue. If anybody has a better fix for the root cause (ie what is wrong with this backend), I will accept as the best answer.

Answer 2

I had the same problem, but reordering the backends in settings did not help.

login(request, user) can take a third argument, the backend to use, eg

backend = `django.contrib.auth.backends.ModelBackend'
login(request, user, backend)

If you remove django.contrib.auth.backends.ModelBackend from settings.AUTHENTICATION_BACKENDS, inside django/contrib/auth/__init__.py -> get_user is:

        if backend_path in settings.AUTHENTICATION_BACKENDS:
            ...
        else:
            return None

So if you specify the backend, but its not in your settings.AUTHENTICATION_BACKENDS , your user will never authenticate.