- Password provision and confirmation
- Define additional columns in
UserCreationForm - Check if they match in save logic
- Define additional columns in
- Encrypted password storage
User.objects.create_user(username, email=None, password=None)user.set_password(password)
Is the user a logged in person?
- Each request is an independent event
cookieconnects this!
from django.contrib.auth.models import User- core of the authentication system
'superusers'or admin'staff'users are just user objects with special attributes set, not different classes of user objects
AbstractBaseUserAbstractUserUser
usernamepasswordemailfirst_namelast_name
from django.contrib.auth.models import User
user = User.objects.create_user('chloe', 'email-address@gmail.com', 'password-goes-here')
# At this point, user is a User object that has already been saved to the database.
# You can continue to change its attributes, if you want to change other fields.
user.last_name = 'kim'
user.save()$ python manage.py changepassword haha
Changing password for user 'haha'
Password:
Password (again): In [6]: ha = User.objects.get(username='haha')
In [7]: ha
Out[7]: <User: haha>
In [8]: ha.set_password('dkgkgkgk')
In [9]: ha.save() - use it to verify a set of credentials
- takes credentials as keyword arguments
- username and password for the default cases
- returns
Userobject if credentials are valid for a backend
from django.contrib.auth import authenticate
user = authenticate(username='chloe', password='dkgkgkgk')
if user is not None:
# A backend authenticated the credentials
else:
# No backend authenticated the credentialsShopping Cart
- User ---> Shopping Cart ---> Coupang
- User <--- Cookie <--- Coupang
- Shopping Cart ==
cookie - Purchase History ==
data
Login == create
Logout == delete
from django.contrib.auth.forms import UserCreationForm, AuthenticationFormAuthenticationFormis not a ModelForm but just a Form!
from django.contrib.auth import get_user_model, logindef signin(request):
if request.method == 'POST':
# Value sent by user -> form
form = AuthenticationForm(request, request.POST)
# Validation
# -> Login when validation is complete
if form.is_valid():
login(request, form.get_user())
return redirect('accounts:index')
else:
form = AuthenticationForm()
context = {
'form':form
}
return render(request, 'accounts/signin.html', context)- Filter POST first with the first
ifto handleelsestatement smoothly- why?
- If you filter GET first, when POST doesn't pass
.is_valid()and falls toelse, you have to write code to render again! - That is, use POST first for code economy!
- If you filter GET first, when POST doesn't pass
- why?
+
- Code conciseness
- REST API support
- Currently we only support GET & POST, but when configuring methods RESTfully later, multiple methods like GET/POST/PUT/DELETE will come, and handling GET method at the end allows for the most concise code configuration!
new
-> Post writing page (form)
create
-> Save to DB
-> render
-> redirect(success status)
-> redirect('articles:index')
HTTP is a repetition of request and response!
- stateless
- Once a request is sent, the state (past) cannot be known
- All requests & responses are one-time
- HTTP is a disconnected protocol
- connectionless
- It's meaningful to pass the previous state to the next
Request&Response- Fallback Storage
- If Cookie doesn't work, use Session
- Fallback Storage
Article CRUD
- title, content, created_at, updated_at
User CRUD (Manual < Django)
+
-
in memory cache -> Think of it as cache loaded into ram
- memcached
- redis
-
Google ad ID......gdpr
-
macaddress = device information