4

Here is my problem, I want to authenticate a custom AbstractBaseUser in.

if request.POST: username = request.POST['username'] password = request.POST['password'] user = auth.authenticate(username=username, password=password) print user if user is not None: ...

My user's informations are username: tom, password: tom. When I check in the shell, I have a SimpleUser with these informations, so it exits. Now when I print user in the django console, it prints None. But, when I look at the informations Django has, it says 

{'username': u'tom', u'csrf_token': <django.utils.functional.__proxy__ object at 0x7fbb681fc650>, 'errors': ['Username/password error'], 'password': u'tom'}

So from what I see, username and password are correct. What's wrong ?

Edit : Creation of SimpleUser : 

class SimpleUser(AbstractBaseUser): username = models.TextField(max_length=40, unique=True) firstname = models.TextField(max_length=40) lastname = models.TextField(max_length=40) email = models.EmailField() society = models.TextField(max_length=255) objects = UserManager() USERNAME_FIELD = 'username' REQUIRED_FIELDS = ['password', 'society', 'email']

Edit 2 : Register view in views.py :

def registerview(request): firstname = "" lastname = "" username = "" password01 = "" password02 = "" email = "" society = "" errors = [] hlinks = [("http://localhost:8000/", "Index"), ("http://localhost:8000/login", "Login"), ("http://localhost:8000/register", "Register"), ] if request.POST: firstname = request.POST['firstname'] lastname = request.POST['lastname'] username = request.POST['username'] password01 = request.POST['password01'] password02 = request.POST['password02'] email = request.POST['email'] society = request.POST['society'] if (password01 != "" and password01 == password02 and firstname != "" and lastname != "" and username != "" and email != "" and society != ""): try: SimpleUser.objects.get(username=username) except SimpleUser.DoesNotExist: try: SimpleUser.objects.get(email=email) except SimpleUser.DoesNotExist: u = SimpleUser(firstname=firstname, lastname=lastname, username=username, password=password01, email=email, society=society) u.save() return HttpResponseRedirect('/login/') errors.append( "invalide user/pass") else: errors.append("fill all fields") c = { 'headerlinks': hlinks, 'footerlinks': footerlinks, 'firstname': firstname, 'lastname': lastname, 'username': username, 'email': email, 'society': society, 'errors': errors, } c.update(csrf(request)) return jinja_render_to_response('registerview.jhtml', c)

Edit 3 : Add my backends.py :

from models import SimpleUser class SimpleUserAuth(object): def authenticate(self, username=None, password=None): try: user = SimpleUser.objects.get(username=username) if user.check_password(password): return username except SimpleUser.DoesNotExist: return None def get_user(self, user_id): try: user = SimpleUser.objects.get(pk=user_id) if user.is_active: return user return None except SimpleUser.DoesNotExist: return None
Improve this question
6
  • 1
    How did you create that user? Commented May 31, 2013 at 9:15
  • 1
    Can you login with this user and password to your django site via builtin authentification? If no - then you have wrong username/password. Also if you have password tom in db in password field - that is wrong too, there should be hashed password.. Commented May 31, 2013 at 9:18
  • I edited with the code of the creation of the SimpleUser Commented May 31, 2013 at 9:20
  • Also, I don't hash the passwords for now because I'm just experimenting. Commented May 31, 2013 at 9:21
  • 1
    Django hash passwords when it do authentificate. You cant store password without hash. So if you password appear in database as tom - then it will not work. So how do you create this tom/tom user? Commented May 31, 2013 at 9:22

1 Answer 1

Reset to default
3

This is not working because when you are creating new user you are providing password as it is. So its stored as plain text in database, not as hashed value. And when you call authenticate function it will check against hashed value. In your register you should either use objects.create_user or set password with set_password(password)

Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

All right, I understood, thanks :) I just did use set_password(). But now I have another error. Now I can register without any problem, and when I check in the admin pannel, I can see the hashed password provided by Django. But I cannot login with these informations. I can login... With my Django superuser username and password.
All right, I created an authentication backend and added it in settings.py. Now my error is : AttributeError at /login/ 'unicode' object has no attribute 'backend'. I edit the question to add my authenthication backend
Well, nvm, when I use my authenticate backend I even have this error when trying to log in the admin pannel... And also, I'm forced to log in the admin pannel with my Simple User informations... Not my supe ruser informations. Gosh I'm lost ! :(
Your backend problem is because you return username but should return user
Oh thanks, Now I can log on my site. But I still have this problem : if I want to log on the admin panel, I need to enter SimpleUser informations. Which leads me to another error : 'SimpleUser' object has no attribute 'is_staff', which is normal. How can I specify to Django that I can only log to the admin panel with my superuser informations ?
|

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.