Blog with Django (Codemy.com) - 9~10 User Authentication

User Logins with Authentication

Login needed to assign authority

Django authentication system

(terminal)
-'dir' to check we are on the same folder with manage.py.

1. startapp called 'members'

2. add app to setting.py

3. create 'urls.py' folder (in app)

4. add two urls (in project)

path('members/', include('django.contrib.auth.urls')), 
path('members/', include('members.urls')),

• django authentication system has a package 'urls'. This will handle login, logout, registration pages.
• We need two paths. Order of operations is important.
  Django will try to use contrib.auth.urls first, if it sees something else besides that, it needs to know where to go.

5. (project)settings.py

TEMPLATES = [
    { ~
        'DIRS': [BASE_DIR/'templates'],

INSTALLED_APPS = [
    'django.contrib.admin',
       ~
    'users',
]

6. (project) urls.py

from django.contrib import admin
from django.urls import path, include

urlpatterns = [
    path('admin/', admin.site.urls),

    path('users/', include('django.contrib.auth.urls')),
    path('users/', include('users.urls')),
]

Register & Login page

1.template

create new templates dir
create registration dir inside
create login.html file, registration.html

(base.html will find old one in another app.)
Copy and paste one of the form html

login, registrtion both needs form.

< div class="form-group">

<form method="POST">
    {% csrf_token %}
    {{ form.as_p }}
    <br/>
    <button class="btn btn-secondary"> Register </button>
</form>

```

2. view

generic.CreateView
we redirect to login page, after registration, you will want to login.

from django.views import generic
from django.contrib.auth.forms import UserCreationForm
from django.urls import reverse_lazy

class UserRegisterView(generic.CreateView):
    form_class = UserCreationForm
    template_name = 'registration/register.html'
    success_url = reverse_lazy('login') 

3. url

path('register/', UserRegisterView.as_view(), name="register"),

4. Navbar link (base.html)

for login, we don't need to do anythin. simply href {% url 'login' %}
This does magic!
Because we made this auth here.

urlpatterns = [
		~
    path('members/', include('django.contrib.auth.urls'))

<li class="nav-item">
<a class="nav-link active" aria-current="page" 
href="{% url 'register' %}">Register</a>
</li>

<li class="nav-item">
<a class="nav-link active" aria-current="page" 
href="{% url 'login' %}">Login</a>
</li>

5. setting.py

add them at the bottom

LOGIN_REDIRECT_URL = 'home'
LOGOUT_REDIRECT_URL = 'home'

added a new user

---

Logout

0. setting up

• urls.py
  auth django system packge 'urls' will take care of login,logout pages.
  (project)urls.py

urlpatterns = [
    path('members/', include('django.contrib.auth.urls')), 
    path('members/', include('members.urls')),

• setting.py
  LOOUT_REDIRECT_URL = 'home'

1. base.html

1. logout button

<li class="nav-item">
<a class="nav-link active"
	aria-current="page" href="{% url 'logout' %}">Logout</a>
</li>

2. {% user.is_authenticated %}

{% if user.is_authenticated %}
{% else %}
{% endif %}

• navbar reflect we are logged in or logged out
  -when logged in: post and logout
  
  -when not logged in: login or register
  

<ul class="navbar-nav">

	{% if user.is_authenticated %}
        <li class="nav-item">
            <a class="nav-link active" aria-current="page" 
            href="{% url 'add_post' %}">Add Post</a>
          </li>
          <li class="nav-item">
            <a class="nav-link active" aria-current="page" 
            href="{% url 'logout' %}">Logout</a>
          </li>
        
        {% else %}
          <li class="nav-item">
            <a class="nav-link active" aria-current="page" 
            href="{% url 'register' %}">Register</a>
          </li>
          <li class="nav-item">
            <a class="nav-link active" aria-current="page" 
            href="{% url 'login' %}">Login</a>
          </li>

        {% endif %}
        
</ul>

2. apply 'user.is_authenticated' to other pages

add_page, edit, delete

• for example, if someone knew the url for edit (http://127.0.0.1:8000/article/edit/1), they can still access the edit page without authentication.
  -> surround the block with {% if user.is_authenticated %}

{% extends 'base.html' %}
{% block title %} Update Post {% endblock %}

{% block content %}

{% if user.is_authenticated %}
<h1> Update Post </h1>
<br/>

<div class="form-group">
    <form method="POST">
        {% csrf_token %}
        {{ form.as_p }}
        <br/>
        <button class="btn btn-secondary"> Update </button>
    </form>
</div>

{% else %}
You are not allowed here. Please log in. 

{% endif %}

{% endblock %}

3. Bonus: showing snnipet of body text

pipe'|': slice

{{ post.body|slice:"100" }}