By Syed Rizwan

Implementing a basic authentication system in Django

Implementing a Basic Authentication System in Django

Django, a high-level Python web framework, is known for its simplicity and robustness, especially when it comes to building web applications that require user authentication. In this article, we will delve into the process of implementing a basic authentication system in Django. We'll cover the definitions, use cases, and provide you with actionable insights through step-by-step instructions and code snippets.

What is Authentication in Django?

Authentication is the process of verifying the identity of a user who is trying to access a system. In Django, authentication is an essential aspect of creating secure web applications. It allows developers to manage users, handle login/logout processes, and restrict access to certain parts of the application based on user permissions.

Use Cases for Authentication in Django

  • User Registration and Login: Allow users to create accounts and log in to access personalized content.
  • Admin Interface: Secure the Django admin interface to prevent unauthorized access.
  • Role-Based Access Control: Differentiate user roles (admin, editor, viewer) for better content management.
  • API Security: Protect endpoints in Django REST framework applications.

Setting Up a Basic Authentication System

Step 1: Create a New Django Project

To begin, ensure you have Django installed. If you haven't installed Django yet, you can do so using pip:

pip install django

Now, create your Django project:

django-admin startproject myproject
cd myproject

Step 2: Create a New Django App

Next, create a new app within your project where you will handle authentication:

python manage.py startapp accounts

Step 3: Update Settings

Open settings.py and add your new app to the INSTALLED_APPS list:

INSTALLED_APPS = [
    ...,
    'accounts',
]

You may also want to configure the login redirection URL:

LOGIN_REDIRECT_URL = '/'
LOGOUT_REDIRECT_URL = '/'

Step 4: Create User Registration

In the accounts app, create a form for user registration. Create a file named forms.py:

from django import forms
from django.contrib.auth.models import User

class UserRegistrationForm(forms.ModelForm):
    password = forms.CharField(widget=forms.PasswordInput)
    password_confirm = forms.CharField(widget=forms.PasswordInput)

    class Meta:
        model = User
        fields = ['username', 'email', 'password']

    def clean(self):
        cleaned_data = super().clean()
        if cleaned_data.get('password') != cleaned_data.get('password_confirm'):
            raise forms.ValidationError("Passwords do not match.")

Step 5: Create Views for Registration and Login

Now, let's create views for handling user registration and login in views.py:

from django.shortcuts import render, redirect
from django.contrib.auth import login, authenticate
from .forms import UserRegistrationForm

def register(request):
    if request.method == 'POST':
        form = UserRegistrationForm(request.POST)
        if form.is_valid():
            user = form.save(commit=False)
            user.set_password(form.cleaned_data['password'])
            user.save()
            login(request, user)
            return redirect('home')
    else:
        form = UserRegistrationForm()
    return render(request, 'accounts/register.html', {'form': form})

def login_view(request):
    if request.method == 'POST':
        username = request.POST['username']
        password = request.POST['password']
        user = authenticate(request, username=username, password=password)
        if user is not None:
            login(request, user)
            return redirect('home')
    return render(request, 'accounts/login.html')

Step 6: Create URLs for the Views

In accounts/urls.py, define the URLs for your views:

from django.urls import path
from .views import register, login_view

urlpatterns = [
    path('register/', register, name='register'),
    path('login/', login_view, name='login'),
]

Include these URLs in your main project's urls.py:

from django.contrib import admin
from django.urls import path, include

urlpatterns = [
    path('admin/', admin.site.urls),
    path('accounts/', include('accounts.urls')),
]

Step 7: Create HTML Templates

Create HTML templates for registration and login in accounts/templates/accounts/:

register.html

<form method="post">
    {% csrf_token %}
    {{ form.as_p }}
    <button type="submit">Register</button>
</form>

login.html

<form method="post">
    {% csrf_token %}
    <input type="text" name="username" placeholder="Username" required>
    <input type="password" name="password" placeholder="Password" required>
    <button type="submit">Login</button>
</form>

Step 8: Testing the Authentication System

To test your new authentication system, run the Django development server:

python manage.py runserver

Navigate to http://127.0.0.1:8000/accounts/register/ to create a new user account, and then go to http://127.0.0.1:8000/accounts/login/ to log in.

Troubleshooting Common Issues

  • Password Mismatch: Ensure the passwords match during registration.
  • User Already Exists: Handle duplicate usernames by adding validation in the form.
  • Redirects Not Working: Check your LOGIN_REDIRECT_URL settings.

Conclusion

Implementing a basic authentication system in Django is straightforward and essential for securing your web applications. By following the steps outlined in this article, you now have a functional user registration and login system. As you develop more complex applications, consider looking into Django's built-in authentication views and customizing them further to suit your needs. Happy coding!

SR
Syed
Rizwan

About the Author

Syed Rizwan is a Machine Learning Engineer with 5 years of experience in AI, IoT, and Industrial Automation.