OK, so it seems what's happening is that the password is being stored
in `api_qotduser` plain text.
I *believe* Django expects a hashed password?
More strangeness: I switched to using check_password and NOW Django is
querying `api_qotduser`, where before it was querying `auth_user`.
New login view:
def login_result(request):
username = request.POST['u']
password = request.POST['p']
try:
user = QotdUser.objects.get(username = username)
if user.check_password(password):
if user.is_active:
login(request, user)
t = loader.get_template('login/login_success.html')
return HttpResponse(t.render())
else:
t = loader.get_template('login/login_disabled.html')
return HttpResponse(t.render())
else:
# return some error message
except QotdUser.DoesNotExist:
# return appropriate error message
The check_password always fails.
The SQL it executes is:
SELECT `auth_user`.`id`, `auth_user`.`username`,
`auth_user`.`first_name`, `auth_user`.`last_name`,
`auth_user`.`email`, `auth_user`.`password`, [...]
FROM `api_qotduser`
INNER JOIN `auth_user`
ON (`api_qotduser`.`user_ptr_id` = `auth_user`.`id`)
WHERE `auth_user`.`username` = 'ricky'
Thanks,
Jim
On Mar 24, 3:37 pm, Jim N <[email protected]> wrote:
> Hi,
>
> I am writing a basic login routine using django users.
>
> Here is the view:
> def login_result(request):
> username = request.POST['u']
> password = request.POST['p']
> logging.debug("look for user %s / %s" % (username, password))
> user = authenticate(username=username, password=password)
> if user is not None:
> logging.debug("found user %s (%s)" % (username,
> user.username))
> if user.is_active:
> login(request, user)
> t = loader.get_template('login/login_success.html')
> return HttpResponse(t.render())
> else:
> t = loader.get_template('login/login_disabled.html')
> return HttpResponse(t.render())
> else:
> t = loader.get_template('login/login_no_such_user.html')
> u = request.POST['u']
> c = Context({
> 'user': u,
> })
> return HttpResponse(t.render(c))
>
> It generates the following SQL before returning a login_no_such_user
> message (using MySQL backend):
> SELECT `auth_user`.`id`, `auth_user`.`username`,
> `auth_user`.`first_name`, `auth_user`.`last_name`,
> `auth_user`.`email`, `auth_user`.`password`, `auth_user`.`is_staff`,
> `auth_user`.`is_active`, `auth_user`.`is_superuser`,
> `auth_user`.`last_login`, `auth_user`.`date_joined` FROM `auth_user`
> WHERE `auth_user`.`username` = 'ricky'
>
> If I run that SQL manually, I get the result I am after. The
> submitted passwords also match.
>
> I suspect my problem may be my user model, subclassed from
> django.contrib.auth.models User:
> - - - -
> class QotdUser(User):
> alternate_id = models.CharField(max_length=200, null=True)
> identifier = models.CharField(max_length=200, null=True)
> service = models.CharField(max_length=200, null=True)
> location = models.CharField(max_length=200, null=True,
> blank=True)
> profile_url = models.URLField(null=True)
> questions_proposed_cnt = models.IntegerField(default=0)
> questions_published_cnt = models.IntegerField(default=0)
> answers_cnt = models.IntegerField(default=0)
> featured_status = models.BooleanField("Is Featured",
> default=False)
> icon = models.ImageField(upload_to=settings.UPLOAD_PATH,
> blank=True, null=True)
>
> def __unicode__(self):
> return self.identifier
>
> def has_answers(self):
> return self.answers_cnt > 0
>
> def increment_answers(self):
> self.answers_cnt = self.answers_cnt + 1
> self.save()
> logging.debug("increment answers to %d in QotdUser %s" %
> (self.answers_cnt, self.identifier))
>
> def decrement_answers(self):
> self.answers_cnt = self.answers_cnt - 1
> self.save()
> logging.debug("decrement answers to %d in QotdUser %s" %
> (self.answers_cnt, self.identifier))
>
> - - - -
>
> That is the user model that I have defined, but Django is doing
> something I don't understand. It is referring to the auth_user table
> instead. When I create a user using the admin, the user is created in
> both auth_user and the user table for my app, api_qotduser.
>
> Can anyone help me figure out what is going on? Have I subclassed
> User from django.contrib.auth.models wrong?
>
> Thanks,
> Jim
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
