开发者

MongoEngine User authentication (django)

I am trying to use MongoEngine in a django project I am writing. I am having difficulty getting (or understanding how) the authentication backend works.

The user object as far as I can tell is not stored in the request.

I have it working but I am not sure if I am doing it in the right/safe way. If someone could look at my code I would be much appreciated.

def login(request):
    user = authenticate(request.POST['username'],request.POST['password'])
    if user is not None:
        request.session['user'] = user
        if user.is_authenticated:
            return HttpResponse(user)
    else:
        return HttpResponse('login failed')

def new_page(request):
    try:
        user = request.session['user']
        if user.is_authenticated:
            return HttpResponse('welcome')
 开发者_如何学C   except:
        return HttpResponse('need be logged in')

in my settings.py I have added at the top of the file:

AUTHENTICATION_BACKENDS = (
    'mongoengine.django.auth.MongoEngineBackend',
)

SESSION_ENGINE = 'mongoengine.django.sessions'

import mongoengine
mongoengine.connect('project')


Not sure if you are seeing any issues because you make no mention of any but I use mongoengine for my auth backend and this is how I would handle it:

from django.contrib.auth import login, User
from mongoengine.queryset import DoesNotExist

def login_view(request):
    try:
        user = User.objects.get(username=request.POST['username'])
        if user.check_password(request.POST['password']):
            user.backend = 'mongoengine.django.auth.MongoEngineBackend'
            login(request, user)
            request.session.set_expiry(60 * 60 * 1) # 1 hour timeout
            return HttpResponse(user)
        else:
            return HttpResponse('login failed')
    except DoesNotExist:
        return HttpResponse('user does not exist')
    except Exception
        return HttpResponse('unknown error')

You say the user is not stored in the request...if you mean it is not available in templates, you need to add the auth template context processor in your settings (in addition to the AUTHENTICATION_BACKENDS setting you have set already):

TEMPLATE_CONTEXT_PROCESSORS = (
    ...
    'django.contrib.auth.context_processors.auth',
    ...
)

To make the user attached to subsequent requests after login, set the AuthenticationMiddleware and the user will be an attribute of the request in all your views:

MIDDLEWARE_CLASSES = (
...
    'django.contrib.auth.middleware.AuthenticationMiddleware',
...
)
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜