Support for user authentication in Django session

Users and authentication

Through the session, we can keep the data in multiple browser requests, the next part is to use the session to process the user login. Of course, we can not rely on the user's word, we believe, so we need certification.

Of course, Django also provides tools to handle such common tasks as other common tasks. The Django user authentication system handles user accounts, groups, permissions, and cookie-based user sessions. This system is generally referred to as the Auth/auth (authentication and authorization) system. The name of the system also indicates a common two-step process for the user. We need

Verify (Authenticate) whether the user is the user he claims to (typically verifying their user name and password by querying the database)

Verify that the user has authorization to perform some action (usually by checking a permission table)

Depending on these requirements, the Django Authentication/authorization system contains the following sections:

User: The person who registered on the website

Permissions: A binary (yes/no) flag that identifies whether a user can perform an operation

Group: A common way to apply tags and permissions to multiple users

Messages: A common method of displaying queue-style system messages to users

If you've already used the admin tool (see Chapter 6th), you'll see most of these tools. If you have edited a user or group in the Admin tool, you have actually edited the database table for the authorization system.
Turn on certification support

Like the session tool, authentication support is also a Django application, placed in Django.contrib, so it needs to be installed. Similar to the session system, it is also installed by default, but if it has been removed, it can be reinstalled by the following steps:

The session framework has been installed according to the earlier part of this chapter. You need to confirm that the user is using cookies so that the Sesson framework is working properly.

Put ' Django.contrib.auth ' in your Installed_apps settings, and then run manage.py syncdb to create the corresponding database table.

Verify that the Middleware_classes settings that follow the sessionmiddleware contain ' django.contrib.auth.middleware.AuthenticationMiddleware ' Sessionmiddleware.

Once this is installed, we can process the user in the view function. Access users in the view, primarily with Request.user; This object represents the currently logged-on user. If the user is not logged in, this is a Anonymoususer object (see below for details).

You can easily determine whether a user is logged in by using the Is_authenticated () method:

If request.user.is_authenticated ():  # do something for authenticated users.else:  # does something for anonymous use Rs.

