Not able to authenticate user in Django?

Question

I have a custom User model with which I want to validate. The model is use like this:

class GalaxyUser(AbstractBaseUser):
    #id = models.IntegerField(primary_key=True)
    #identifier = models.CharField(max_length=40, unique=True, db_index=True)
    username = models.CharField(max_length=90, unique=True, db_index=True)
    create_time = models.DateTimeField(null=True, blank=True)
    update_time = models.DateTimeField(null=True, blank=True)
    email = models.CharField(max_length=225)
    #password = models.CharField(max_length=120)
    external = models.IntegerField(null=True, blank=True)
    deleted = models.IntegerField(null=True, blank=True)
    purged = models.IntegerField(null=True, blank=True)
    form_values_id = models.IntegerField(null=True, blank=True)
    disk_usage = models.DecimalField(null=True, max_digits=16, decimal_places=0, blank=True)
    #last_login = models.TextField(max_length=255)
    objects = UserManager()
    USERNAME_FIELD = 'email'
    class Meta:
        db_table = u'galaxy_user'

I have custom Authentication Backend:

class AuthBackend:
    def authenticate(self, username=None, password=None):
        if '@' in username:
            kwargs = {'email': username}
        else:
            kwargs = {'username': username}
        try:
            user = User.objects.get(**kwargs)
            if user.check_password(password):
                return user
        except User.DoesNotExist:
            return None

    def get_user(self, user_id):
        try:
            return User.objects.get(pk=user_id)
        except User.DoesNotExist:
            return None

My login_backend function in the views look like this:

def login_backend(request):
    if request.method == 'POST':
        username = request.POST['username']
        password = request.POST['password']
        password = hashlib.sha1(password).hexdigest()
        user = authenticate(username=username, password=password)
        state = "Username or Password Incorrect!"
        if user is not None:
            login(request, user)
            return HttpResponseRedirect('/overview/')
        else:
            return render_to_response('login_backend.html', {'state':state}, context_instance=RequestContext(request))
    else:
        return render_to_response('login_backend.html', context_instance=RequestContext(request))

Despite entering the correct username and password I am not able to login. What's the problem?

Edit:

url(r'^overview/', 'fileupload.views.show_files')

@login_required(login_url='/login_backend/')
def show_files(request):
    try:
        log_id = request.user.id
        username = request.user.username
        b = File.objects.filter(users_id=log_id, flag='F', flag_r='S')  # Get the user id from session .delete() to use delete
        total_files = File.objects.filter(users_id=log_id, flag='F').count()
        total_size = File.objects.filter(users_id=log_id, flag='F')
        a = [str(i.size) for i in total_size]
        x = [convert_byte(i) for i in a]

        if request.GET:
            if request.GET.getlist('page'):
                page = request.GET.getlist('page')
                page = ''.join(page)
                page = int(page)
            else:
                page = 1

            if request.GET.getlist('limit'):
                limit = request.GET.getlist('limit')
                limit = ''.join(limit)
                limit = int(limit)
            else:
                limit = 4
            if request.GET.getlist('page2'):
                page2 = request.GET.getlist('page2')
                page2 = ''.join(page2)
                page2 = int(page2)
            else:
                    page2 = 1

            if request.GET.getlist('limit2'):
                limit2 = request.GET.getlist('limit2')
                limit2 = ''.join(limit2)
                limit2 = int(limit2)
            else:
                limit2 = 4
        else:
            page = 1
            limit = 4
            page2 = 1
            limit2 = 4


        ten = ''
        twenty = ''
        fifty = ''
        hundred = ''
        two_hundred = ''

        if limit == 10:
            ten = 'selected'
        if limit == 20:
            twenty = 'selected'
        if limit == 50:
            fifty = 'selected'
        if limit == 100:
            hundred = 'selected'
        if limit == 200:
            two_hundred = 'selected'


        ten2 = ''
        twenty2 = ''
        fifty2 = ''
        hundred2 = ''
        two_hundred2 = ''

        if limit2 == 10:
            ten2 = 'selected'
        if limit2 == 20:
            twenty2 = 'selected'
        if limit2 == 50:
            fifty2 = 'selected'
        if limit2 == 100:
            hundred2 = 'selected'
        if limit2 == 200:
            two_hundred2 = 'selected'


        if total_size == None:
            total_size = 0
        total_size = humansize(sum(x))
        current_file = Queue.objects.filter(user_id=log_id)

        current_time = (time.time())
        x = [i.time_overview for i in current_file]
        y = [str(i) for i in x]
        durations = [current_time - float(i) for i in y]
        test = [i.size for i in current_file]
        testi = [str(i) for i in test]
        size_overs = [int(i) for i in testi]

        email_notify = [i.flag_email for i in current_file]
        email_notify = [str(i) for i in email_notify]

        zero = [i.replace('0', '') for i in email_notify]
        one = [i.replace('1', 'checked') for i in zero]


        j = [i.file_session for i in current_file]
        k = [str(i) for i in j]
        s = ['/home/zurelsoft/files/'+i+'*' for i in k]
        a =  [os.path.getsize(f) for i in s for f in glob.glob(i+'*')]
        change_size = [int(k) for k in a]

        queue_count = Queue.objects.filter(user_id=log_id).count()
        recent_count = File.objects.filter(users_id=log_id, flag='F', flag_r='S').count()

        return render_to_response('overview.html', {'queue_count':queue_count, 'recent_count':recent_count, 'page2':page2, 'limit2':limit2, 'ten2':ten2, 'twenty2':twenty2, 'fifty2':fifty2, 'hundred2':hundred2, 'two_hundred2':two_hundred2, 'ten':ten, 'twenty':twenty, 'fifty':fifty, 'hundred':hundred, 'two_hundred':two_hundred, 'page':page, 'limit':limit, 'email_notify':one, 'change_size':change_size, 'duration':durations, 'size_over':size_overs, 'overview':current_file, 'overview_files': b, 'total_files':total_files, 'total_size':total_size, 'username': username}, context_instance=RequestContext(request))
    except OSError:
        return render_to_response('overview.html', {'overview_files': b, 'total_files':total_files, 'total_size':total_size, 'username': username}, context_instance=RequestContext(request))

Answer 1

You shouldn't be hashing the submitted password in the view. The backend does that for you when you call the User.check_password method.

Answer 2

Change in your view

def login_backend(request):
    if request.method == 'POST':
        username = request.POST['username']
        password = request.POST['password']
        user = authenticate(username=username, password=password)
        #password = hashlib.sha1(password).hexdigest()
        #user = authenticate(username=username, password=password)
        state = "Username or Password Incorrect!"
        if user is not None:
            login(request, user)
            return HttpResponseRedirect('/overview/')
        else:
            return render_to_response('login_backend.html', {'state':state}, context_instance=RequestContext(request))
    else:
        return render_to_response('login_backend.html', context_instance=RequestContext(request))