自定义认证通过email登录Django

Question

I am trying to understand login methods in Django. So because I want to login with email not username. I wrote a custom authentication backend and exposed it in settings.py

AUTHENTICATION_BACKENDS = (
  'accounts.backend.EmailAuthenticationBackend',
  'django.contrib.auth.backends.ModelBackend',
)

class EmailAuthenticationBackend(ModelBackend):
  def authenticate(self, request, email=None, password=None, **kwargs):
    try:
      user = Account.objects.get(email=email)
      if user.check_password(password):
        return user
    except user.DoesNotExist:
      pass

And in view user_login how I authenticate the user. And it's actually works. I mean kind of...

def user_login(request):
  next = request.GET.get("next")

  form = UserLoginForm(request.POST or None)
  if form.is_valid():
    email = form.cleaned_data.get("email")
    password = form.cleaned_data.get("password")
    user = authenticate(email=email, password=password)
    login(request, user)
    if next:
      return redirect(next)

    return redirect("/")

  context = {
    "form": form
  }

  return render(request, "accounts/user_login.html", context)

the authenticate() method is returns the user. But redirect() is not working because in browser thinks user not logged in. I am not sure about how to handle the session part.

and custom UserLoginForm

class UserLoginForm(forms.Form):
  email = forms.CharField()
  password = forms.CharField()

  def clean(self, *args, **kwargs):
    email = self.cleaned_data.get("email")
    password = self.cleaned_data.get("password")

    if email and password:
      user = authenticate(email=email, password=password)
      if not user:
        raise forms.ValidationError("user not exist")

      if not user.check_password(password):
        raise forms.ValidationError("incorrect password")

    return super(UserLoginForm, self).clean(*args, **kwargs)

The second issue is if email or password wrong. it doesn't raise any error.

what is the best common way to handle custom login with email.

Answer 1

1. I think the reason, it doesn't redirect is you've assigned the request.GET.get("next") into nxt variable, however you are checking the next variable for redirecting, probably you should change the variable nxt to next .
2. The reason that it doesn't raise any error is, you've put try and except to handle the thrown errors in the authenticate() method and you just put pass in the excpetion part. If you want the error to be thrown, just remove the try and except part from authenticate() .