Skip to content

pyracle/Custom-Django-Session-Authentication

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

45 Commits
assets/images
assets/images
 
 
authentication
authentication
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Custom Django Session Authentication

Introduction

The Django application offers a simple yet fully-functional authentication system where users can login, logout, create accounts and reset their password. It comes with many security features out of the box including a password reset method that utilizes the user's E-Mail to reset it. If the user didn't attempt to reset the password himself he can confirm that it was not him resulting in the deletion of a token associated with the process. Now if someone tried to reset the password with the link in the E-Mail, he will receive an HTTP 404 error.

Note

The E-Mail as well the hints for creating a secure password have to be modified for each specific use case.

The User Interface

Login

Login Page

Logout

Logout Page

Create Account

Account Creation Page

Reset Password

E-Mail Input Page
Login Page
Login Page
Login Page

Installation

Clone the project and install the required dependencies.

$ git clone https://github.com/pyracle/Custom-Django-Session-Authentication

$ pip install -r requirements.txt

Add the following apps and settings to your settings.py file.

# settings.py

INSTALLED_APPS = [
    ...,
    "rest_framework",
    "method_override",
    "authentication",
    ...
]

AUTH_USER_MODEL = "authentication.User"

AUTHENTICATION_BACKENDS = [
    "django.contrib.auth.backends.ModelBackend",
    "authentication.backends.EMailBackend"
]

Configure the following endpoints in your settings file.

# settings.py

LOGIN_REDIRECT_URL = "/"
LOGOUT_REDIRECT_URL = "/"
ADMIN_URL = "/admin/"

The shown E-Mail settings have to be provided. For production usage hide them with environment variables.
Install smtp4dev to test the system for development servers. If set up the E-Mail provider will be available on http://localhost:3000.

# settings.py

EMAIL_HOST = os.getenv("EMAIL_HOST")
EMAIL_HOST_USER = os.getenv("EMAIL_HOST_USER")
EMAIL_HOST_PASSWORD = os.getenv("EMAIL_HOST_PASSWORD")
EMAIL_PORT = os.getenv("EMAIL_PORT")
DEFAULT_FROM_EMAIL = os.getenv("<your-website>@<email>.com")

Install Redis and Celery and add the following setting.

# settings.py

CELERY_BROKER_URL = os.getenv("CELERY_BROKER_URL")  # usually redis://localhost:6379/1 on development servers

Finally, configure the paths for the authentication app.

# urls.py

from django.contrib import admin
from django.conf import settings
from django.urls import path, include
from authentication.views import LoginView


admin_url = settings.ADMIN_URL[1:]

urlpatterns = [
    ...,
    path("auth/", include("authentication.urls")),
    path(f"{admin_url}login/", LoginView.as_view()),
    path(f"{admin_url}", admin.site.urls),
    ...
]

About

Django Session Authentication Implementation

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages