Django login() without authenticate()
Question
I'm failing to understand what does authenticate() and login() are supposed to do. For example, in view like this:
class HomeView(FormView):
template_name = 'home/index.html'
form_class = AuthenticationForm
success_url = '/'
@method_decorator(csrf_protect)
@method_decorator(never_cache)
def dispatch(self, *args, **kwargs):
return super(HomeView, self).dispatch(*args, **kwargs)
def get_context_data(self, **kwargs):
context = super(HomeView, self).get_context_data(**kwargs)
if 'next' in self.request.GET:
context['next'] = self.request.GET['next']
return context
def form_valid(self, form):
if form.data['next']:
self.success_url = form.data['next']
login(self.request, form.get_user())
return super(HomeView, self).form_valid(form)
I've tested with active and inactive user, it behaves like I don't need authenticate() (ie. I can login if user is active, but not if inactive). Why is it so? Thanx!
2 answers
solution1
0 2014-08-25 14:02:53
You can understand it quickly digging django source code (also with django docs):
Authenticate check for user and password:
def authenticate(self, username=None, password=None, **kwargs):
UserModel = get_user_model()
if username is None:
username = kwargs.get(UserModel.USERNAME_FIELD)
try:
user = UserModel._default_manager.get_by_natural_key(username)
if user.check_password(password):
return user
except UserModel.DoesNotExist:
# Run the default password hasher once to reduce the timing
# difference between an existing and a non-existing user (#20760).
UserModel().set_password(password)
Login :
"""
Persist a user id and a backend in the request. This way a user doesn't
have to reauthenticate on every request. Note that data set during
the anonymous session is retained when the user logs in.
"""
As you can see, it is not a good idea to login user without authenticate it.
solution2
0 2014-08-25 15:06:09
authenticate()
This will check your password against the given username/email/whatever if it is valid it will return the user object
login()
will create a session id for the user and persist(save session in db/cache/etc backends) the user so that you don't have to authenticate() every time a request is sent by that user.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.