如何在 Django 中启用非超级用户从前端登录？

Question

I've created a view for login but Django only authenticates the superuser. The non-superusers are not able to log in. I only want non-superuser to login from the frontend

def logingin(request):
    if request.method == 'POST':
        username = request.POST.get('username','')
        password = request.POST.get('password','')
        user = authenticate(request, username=username, password=password)
        if user is not None:
            login(request, user)
            return redirect('/')
        else:
            return redirect('/signup')

    return render(request, 'login.html')

Can any tell me what modifications I need to do in my codes?

Answer 1

You didn't show us how you are crearting the new user (the one that cant login).

You can go to admin panel and check if your password is properly hashed:

If its not, you will se a message:

"django Invalid password format or unknown hashing algorithm"

By default, saving form does not hash your password properly. To properly create a user do something like:

user = form.save(commmit=False)
user.set_password(user.password)
user.save()

Then you're fine:)

Answer 2

your is_active flag of non-superusers must be set to false

https://docs.djangoproject.com/en/2.2/ref/contrib/auth/#django.contrib.auth.models.User.is_active

below is the excerpt

This doesn't necessarily control whether or not the user can log in. Authentication backends aren't required to check for the is_active flag but the default backend (ModelBackend) and the RemoteUserBackend do. You can use AllowAllUsersModelBackend or AllowAllUsersRemoteUserBackend if you want to allow inactive users to login. In this case, you'll also want to customize the AuthenticationForm used by the LoginView as it rejects inactive users. Be aware that the permission-checking methods such as has_perm() and the authentication in the Django admin all return False for inactive users.

https://stackoverflow.com/a/18209379/3053228