authenticate only superuser

Asked by At

authenticate() function is only authenticating superuser

I had tried using simple search but it's not gonna use login() function then and not gonna check that user is active or not

'''

def Login_View(request):
    if request.method == "POST":
        username = request.POST['username']
        paswrd = request.POST['pwd']
        user = authenticate(username=username, password=paswrd)

        if user is not None:
            if user.is_active:
                login(request, user)
                name = User.objects.get(username=request.user)
                request.session['username'] = username
                return redirect('/dashboard/',{'name':name.username})
                # return render(request,'dashboard_app/index.html',{'name':name.username})
            else:
                 return render(request, 'login_app/index.html', {'error_message': 'Your account has been disabled'})
        else:
            return render(request, 'login_app/index.html', {'error_message': 'Invalid login'})
    return render(request, 'login_app/index.html')

'''

I want to login all user that is in the database either they are simple user or superuser

2 Answers

0
Daniel Roseman On Best Solutions

This code is mostly unnecessary. In particular, this line makes no sense:

user.set_password(user.password)

This takes the already-hashed password and hashes it again. So now it will never validate on authentication.

You should remove most of this code. The forms do it for you already. You should just have:

    if user_form.is_valid() and profile_form.is_valid():
        user = user_form.save()
        profile = profile_form.save(commit=False)
        profile.t_teacher = user
        profile.save()
        return redirect('/')
0
Community On

Daniel Roseman this is code form.py '''

class UserRegisterForm(UserCreationForm):
    password1=forms.CharField(widget=forms.PasswordInput(attrs={'class':'form-control','placeholder':'Enter Password'}),label='Password')
    password2=forms.CharField(widget=forms.PasswordInput(attrs={'class':'form-control','placeholder':'Confirm Password'}),label='Confirm Password')
    class Meta:
        model= User
        fields= ('username','first_name','last_name','email',    'password1', 'password2',)
        widgets={
        'first_name': forms.TextInput(attrs={'class': 'form-control','placeholder':'First Name'}),
        'last_name': forms.TextInput(attrs={'class': 'form-control','placeholder':'Last Name'}),
        'username': forms.TextInput(attrs={'class': 'form-control','placeholder':'Username'}),
        'email': forms.TextInput(attrs={'class': 'form-control','placeholder':'Email'}),
        }
class Profile(forms.ModelForm):
    class Meta:
        model= Teacher
        exclude=['t_teacher']
        labels= {'t_gender':'Gender','t_departmant':'Department'}
        widgets={
        't_gender': forms.Select(choices="gender_list",attrs={'class': 'form-control'}),
        't_departmant': forms.Select(choices="department_list",attrs={'class': 'form-control'}),
        }

''' view.py '''

def Reg_View(request):
    registered = False
    if request.method == 'POST':
        user_form = UserRegisterForm(data=request.POST)
        profile_form=Profile(request.POST)
        if user_form.is_valid() and profile_form.is_valid():
            user = user_form.save()
            user.refresh_from_db()
            user.set_password(user.password)
            user.first_name=user_form.cleaned_data.get('first_name')
            user.last_name=user_form.cleaned_data.get('last_name')
            user.email=user_form.cleaned_data.get('email')
            user.save()
            user.refresh_from_db()
            name=User.objects.get(username=user.username)
            p_save=profile_form.save()
            p_save.refresh_from_db()
            p_save.t_gender = profile_form.cleaned_data.get('t_gender')
            p_save.t_departmant=profile_form.cleaned_data.get('t_departmant')
            p_save.t_teacher=name
            p_save.save()
            registered = True
            return redirect('/')
        else:
            print(user_form.errors, profile_form.errors)
    else:
        user_form = UserRegisterForm()
        profile_form=Profile()
    return render(request,'Login_app/regform.html',{'user_form':user_form, 'profile_form':profile_form ,'registered':registered })

'''