Django Login Page for Non-admin Dashboard

Question

I am trying to make a login page for a dashboard that users can access but they cannot access the main admin page. I set the permissions up I needed and the groups. And I wanted to use the built in login view, but I couldn't figure out how to change the template location, so I copied the view from django/contrib/auth/views to auth_views in my own project. I then overwrote the template to the correct location. Everything is working fine at this point, I get to the login page and I type in my credentials. But instead of redirecting to the dashboard I get redirected back to the login page, and form.is_valid() returns false for some reason.

I also tried this by just importing django.contrib.auth.views as auth_views and moving my template to where they want it but I have the same issue.

Here is my code:

urls.py:

urlpatterns = [
    url(_(r'^dashboard/'), views.dashboard, name="dashboard"),
    url(_(r'^dashboard-login/'), auth_views.login, name="dashboard-login"), 
]

views.py:

def in_client_group(user):
    if user:
        return user.groups.filter(name='Clients').count() == 0
    return False

@user_passes_test(in_client_group, login_url='/dashboard-login/')
#@permission_required('client.is_client', login_url='/dashboard-login/')
def dashboard(request):
    current_client = request.client
    files = ClientUpload.objects.filter(client__icontains=current_client)

    if request.method == 'POST':
        form = UploadFileForm(request.POST, request.FILES)
        if form.is_valid():
            new_file = UploadFile(file = request.FILES['file'])
            new_file.save()

        return HttpResponsePermanentRedirect('/dashboard/')
    else:
        form = UploadFileForm()

    data = {'form': form, 'client': current_client, 'files': files}
    return render_to_response('dashboard.html', data, context_instance=RequestContext(request))

dashboard_login.html:

{% extends "base.html" %}
{% load i18n %}

{% block title %}XXXX - {% trans 'Login to Dashboard' %}{% endblock title %}

{% block extra_css %}
{% endblock extra_css %}

{% block content %}

{% block page_header %}{% endblock page_header %}

{% if form.errors %}
<p>{% blocktrans %}Your username and password didn't match. Please try again.{% endblocktrans %}</p>
{% endif %}

<form method="post" action="{% url 'dashboard-login' %}">
{% csrf_token %}
<table>
<tr>
    <td>{{ form.username.label_tag }}</td>
    <td>{{ form.username }}</td>
</tr>
<tr>
    <td>{{ form.password.label_tag }}</td>
    <td>{{ form.password }}</td>
</tr>
</table>

<input type="submit" value="{% trans 'Login' %}" style="margin-top: 10px; margin-right: 5px;" />
<input type="hidden" name="next" value="{{ next }}" />
</form>
<p>isvalid={{ valid }}  user={{ user }}</p>
{% endblock %}

{% block extra_js %}
{% endblock extra_js %}

I can't figure out why the form keeps failing validation, all it should be is a login form. The user is not staff nor superuser, but is active. What could possibly be the reason that I just keep getting redirected back to the login page? I know next is set correctly as I checked it, the username seems to be logged in as it starts off with AnonymousUser and after login and redirecting back to the login page it says the user's username, but still says form.is_valid() is false. If it is logging the user in, why isn't it letting me redirect to the dashboard, even if I try to manually enter the URL I am brought back the login page as should happen when the decorators don't pass. But the user is in the Clients group, and does have the permission clients.is_client. I've tried both and can't get it to work.

Any ideas?

Also how can I change the template location for the built in login view without having to copy the entire views file over and change it that way? It does work when I remove the decorators but that defeats the point of it all.

Thanks for any help

Answer 1

1. Log in user

   login form:

    class AuthenticationForm(forms.Form): """ Login form """ email = forms.EmailField(label="Email") password = forms.CharField(widget=forms.PasswordInput()) 
    class Meta: fields = ['email', 'password'] 

   login view

    redirect_to = 'your url' if request.method == 'POST': form = AuthenticationForm(data=request.POST) if form.is_valid(): user = authenticate(email=request.POST['email'], password=request.POST['password']) if user is not None: if user.is_active: django_login(request, user) messages.add_message(request, messages.SUCCESS, "You are now logged in!") return HttpResponseRedirect(redirect_to) ... 

Once the user is logged in, the user will be able to submit your form.

If you are using username in stead of email login, just just those values.

Obviously the above is kind of dirty way and you should validate all the logins etc the standard Django way. Validate the user in the form, use clean_data etc.

All I'm trying to say is, log in the user first before you let them do anything else.

Edit:

Try to check the permissions with something like this:

The permissions may be wrong user group etc. Test it is something like this:

`Permission.objects.filter(
    user=request.user, codename='perm_name' ).exists()`

also make sure you import:

from django.contrib.auth.decorators import login_required, user_passes_test, permission_required