An alternate method for current Django versions: {% if user.is_authenticated %} <p>Welcome, {{ user.get_username }}. Thanks for logging in.</p> {% else %} <p>Welcome, new user. Please log in.</p> {% endif %} Note: Use request.user.get_username() in views & user.get_username in templates. Preferred over referring username attribute directly. Source This template context variable is available if a … Read more
Update: Since Django 1.7, users are automatically logged-out when their password changes. On each request, the current password hash is compared to the value saved in their session and if doesn’t match, the user is logged-out. So, a simple password update has the effect of logging the user out. You can then disable the account … Read more
After digging around the Django source code for a while, I found a working soultion. I am not totally happy with this solution, but it seems to work. Feel free to suggest better solutions! Django uses UserAdmin to render the nice admin look for User model. By just using this in our admin.py-file, we can … Read more
You can setup a custom ModelChoiceField that will return whatever label you’d like. Place something like this within a fields.py or wherever applicable. class UserModelChoiceField(ModelChoiceField): def label_from_instance(self, obj): return obj.get_full_name() Then when creating your form, simply use that field UserModelChoiceField(queryset=User.objects.filter(is_staff=False), required = False) More info can be found here
The code that doesn’t work: from django.contrib.auth.models import User from django.test import Client user = User.objects.create(username=”testuser”, password=’12345′) c = Client() logged_in = c.login(username=”testuser”, password=’12345′) Why doesn’t it work? In the snippet above, when the User is created the actual password hash is set to be 12345. When the client calls the login method, the value … Read more
If you are looking to check for permissions in templates, the following code would suffice: {% if perms.app_label.can_do_something %} <form here> {% endif %} Where model refers to the model that the user need permissions to see the form for. Refer to https://docs.djangoproject.com/en/stable/topics/auth/default/#permissions for more examples. The currently logged-in user’s permissions are stored in the … Read more
For the 2nd part of John C’s answer, and Django 1.4+… Instead of extending HttpResponseRedirect, you can change the request.scheme to https. Because Django is behind Nginx’s reverse proxy, it doesn’t know the original request was secure. In your Django settings, set the SECURE_PROXY_SSL_HEADER setting: SECURE_PROXY_SSL_HEADER = (‘HTTP_X_FORWARDED_PROTO’, ‘https’) Then, you need Nginx to set … Read more
Your User object is linked to the Group object through a ManyToMany relationship. You can thereby apply the filter method to user.groups. So, to check if a given User is in a certain group (“Member” for the example), just do this : def is_member(user): return user.groups.filter(name=”Member”).exists() If you want to check if a given user … Read more
Ok, I eventually found a way of doing this, although I’m sure there are better ways. I created a new middleware class called LoginFormMiddleware. In the process_request method, handle the form more or less the way the auth login view does: class LoginFormMiddleware(object): def process_request(self, request): # if the top login form has been posted … Read more
Not sure if this is still needed but thought I would share my solution: 1) Install django-tracking (thankyou for that tip Van Gale Google Maps + GeoIP is amazing!) 2) Add this middleware: from django.contrib.sessions.models import Session from tracking.models import Visitor from datetime import datetime class UserRestrictMiddleware(object): “”” Prevents more than one user logging in … Read more