I am trying to use MongoEngine in a django project I am writing. I am having difficulty getting (or understanding how) the authentication backend works.
The user object as far as I can tell is not stored in the request.
I have it working but I am not sure if I am doing it in the right/safe way. If someone could look at my code I would be much appreciated.
def login(request):
user = authenticate(request.POST['username'],request.POST['password'])
if user is not None:
request.session['user'] = user
if user.is_authenticated:
return HttpResponse(user)
else:
return HttpResponse('login failed')
def new_page(request):
try:
user = request.session['user']
if user.is_authenticated:
return HttpResponse('welcome')
开发者_如何学C except:
return HttpResponse('need be logged in')
in my settings.py I have added at the top of the file:
AUTHENTICATION_BACKENDS = (
'mongoengine.django.auth.MongoEngineBackend',
)
SESSION_ENGINE = 'mongoengine.django.sessions'
import mongoengine
mongoengine.connect('project')
Not sure if you are seeing any issues because you make no mention of any but I use mongoengine for my auth backend and this is how I would handle it:
from django.contrib.auth import login, User
from mongoengine.queryset import DoesNotExist
def login_view(request):
try:
user = User.objects.get(username=request.POST['username'])
if user.check_password(request.POST['password']):
user.backend = 'mongoengine.django.auth.MongoEngineBackend'
login(request, user)
request.session.set_expiry(60 * 60 * 1) # 1 hour timeout
return HttpResponse(user)
else:
return HttpResponse('login failed')
except DoesNotExist:
return HttpResponse('user does not exist')
except Exception
return HttpResponse('unknown error')
You say the user is not stored in the request...if you mean it is not available in templates, you need to add the auth template context processor in your settings (in addition to the AUTHENTICATION_BACKENDS setting you have set already):
TEMPLATE_CONTEXT_PROCESSORS = (
...
'django.contrib.auth.context_processors.auth',
...
)
To make the user attached to subsequent requests after login, set the AuthenticationMiddleware
and the user will be an attribute of the request
in all your views:
MIDDLEWARE_CLASSES = (
...
'django.contrib.auth.middleware.AuthenticationMiddleware',
...
)
精彩评论