How to make override Django login

Question

I want to override Django-login to make a custom login, but I can't find how.

The reason is that there's an specific situation where I cannot use csrf authentication, so I want to create a custom login, and afterwards, make a security layer that ensures my custom login is secure.

Any ideas?

Answer 1

The answer is in here:

https://docs.djangoproject.com/en/4.0/topics/auth/default/#how-to-log-a-user-in

The code was something like:

user = authenticate(username=username, password=password)
if user is not None:
    if user.is_active:
        login(request, user)

Answer 2

To overwrite the django custom admin, you have to create urls path and a view where you check and login/logout the user. Take this for example:

urls.py

url(r'^accounts/auth/$', 'auth_view'),

views.py

from django.contrib import auth

def auth_view(request):

    # here you get the post request username and password
    username = request.POST.get('username', '')
    password = request.POST.get('password', '')

    # authentication of the user, to check if it's active or None
    user = auth.authenticate(username=username, password=password)

    if user is not None:
        if user.is_active:
            # this is where the user login actually happens, before this the user
            # is not logged in.
            auth.login(request, user)

            ...
            return ...

    else :
        return HttpResponseRedirect("Invalid username or password")

Your html form:

<form role="form" action="/accounts/auth/" method="POST">

Answer 3

In urls.py

url(r'^$', auth_views.login, {'template_name': 'home/login.html'}, name='login')

In login.html

<form method="post">
{{ form.as_p }}
{{ form.non_field_errors }}
<input type="submit">
</form>