*************************
Setting Up Frontend Login
*************************
"Django comes with a user authentication system. It handles user accounts,
groups, permissions and cookie-based user sessions."
-- :djangodocs:`User authentication in Django | Django documentation `
So far you can only create and edit bookmarks with the admin site. The
next steps will show you how to set up a login form in the frontend.
.. index:: Authentication, Login
Django comes with an app named ``django.contrib.auth`` which includes
everything necessary to authenticate a user. The core element is the
model ``User`` that you :ref:`already used ` to store the
owner in the ``Bookmark`` model. It contains fields to store username,
password and email. You can find a full list of its fields in the
:djangodocs:`documentation `.
.. _login-process:
The authentication works this way:
If a user logs in, a cookie with a unique session id is set. The browser
will send this cookie with every request. With the session id the
according user is mapped to the request and you can access the ``User``
object with ``request.user`` like :ref:`already done ` in
the ``bookmark_user`` view.
We'll create two views to allow users to login without using the admin
site.
URLconf
=======
First, you have to add the import of the ``reverse_lazy()`` function at the top
and two additional URLs to the end of URLconf :file:`mysite/urls.py`.
.. literalinclude:: ../src/mysite/mysite/urls.py
:linenos:
:emphasize-lines: 18,23-26
The function ``reverse_lazy()`` is similar to the ``url`` template tag you have
used in the :ref:`previous chapter `. It returns a link to
the URL passed to it as the first argument, but can even be executed before
your project’s URLConf is loaded.
The URLs ``/login/`` and ``/logout/`` are linked here with the
corresponding views. These views are included in Django and don't have
to be created. You just have to configure the template for the login
view and the redirect of the logout view.
.. _login-url-settings:
Configuration
=============
Next, you create three new constants at the end of file :file:`settings.py`:
.. literalinclude:: ../src/mysite/mysite/settings.py
:lines: 110-112
:lineno-start: 110
.. doctest::
:hide:
>>> settings.LOGIN_URL == 'mysite_login'
True
>>> settings.LOGOUT_URL == 'mysite_logout'
True
>>> settings.LOGIN_REDIRECT_URL == 'marcador_bookmark_list'
True
These constants configure the automatic redirect after the login and the
logout. For example if a user who is not authenticated wants to access a
protected page, she'll be automatically redirected to ``/login/`` where she can
log in because this is the URL where ``mysite_login`` refers to. The constants
should either be simple strings which match a named URL pattern from the
URLconf or URLs relative to the current domain.
Since this template uses some functionality provided by ``crispy_forms`` we
will add it to ``INSTALLED_APPS`` in the settings file:
.. literalinclude:: ../src/mysite/mysite/settings.py
:lines: 31-42
:emphasize-lines: 11
:lineno-start: 31
``crispy_forms`` comes with a template pack for :ref:`Bootstrap 3
`. As this is not the default template pack we have to configure
``crispy_forms`` to use it by adding the following line to the end of the
file :file:`settings.py`:
.. literalinclude:: ../src/mysite/mysite/settings.py
:lines: 114
:lineno-start: 114
.. index:: Forms inside a template
Templates
=========
The main login template
-----------------------
Now you can create the template for the login form
:file:`mysite/templates/login.html`.
.. literalinclude:: ../src/mysite/templates/login.html
:language: html+django
:linenos:
First we create a form in the block ``content``. The ``