Django login required view
Prerequisites¶
Login Required View¶
- A login required view is a view that restricts access to authenticated users.
- If an unauthenticated user attempts to access the view, they will be redirected to a login page.
- This feature is useful when you want to secure parts of your application, such as user dashboards, account settings, or any other pages that should only be accessible by logged-in users.
- Django makes this process simple with the LoginRequiredMixin and the @login_required decorator.
Login required settings¶
- LOGIN_URL: URL to the login page (e.g.,
/login/). - LOGIN_REDIRECT_URL: URL to redirect to after successful login (e.g.,
/for the homepage). - LOGOUT_REDIRECT_URL: URL to redirect to after logging out (e.g.,
/login/).
my_project/settings.py
...
LOGIN_URL = "/login/"
LOGIN_REDIRECT_URL = "/"
LOGOUT_REDIRECT_URL = "/login/"
...
Using the @login_required Decorator¶
- The @login_required decorator is the simplest way to ensure that a user is logged in before accessing a view.
- This is typically used for function-based views (FBVs).
- Let's look at the example view
from django.contrib.auth.decorators import login_required
from django.shortcuts import render
@login_required
def dashboard(request):
return render(request, 'dashboard.html')
- In the aboe example, if a user is not logged in and tries to access the
/dashboardview, they will be redirected to the login page.
Customizing the Login URL¶
- By default, Django redirects unauthenticated users to the
settings.LOGIN_URLURL. we can customize this by passing thelogin_urlparameter to the decorator: - Look at the example below.
@login_required(login_url='/custom-login-path/')
def dashboard(request):
return render(request, 'dashboard.html')
Using the LoginRequiredMixin for Class-Based Views¶
- For class-based views (CBVs), the LoginRequiredMixin is the preferred way to implement login-required views.
- It works similarly to the @login_required decorator but is designed specifically for classes.
- Let's look at the example below.
from django.contrib.auth.mixins import LoginRequiredMixin
from django.views.generic import TemplateView
class DashboardView(LoginRequiredMixin, TemplateView):
template_name = 'dashboard.html'
- With LoginRequiredMixin, unauthenticated users are redirected to the login page just as they are with the @login_required decorator.
Customizing the Login URL in Class-Based Views¶
- Similar to the function-based approach, we can also customize the login URL for class-based views:
- Look at the code below.
class DashboardView(LoginRequiredMixin, TemplateView):
template_name = 'dashboard.html'
login_url = '/custom-login-path/'
Common Use Cases for Login Required Views¶
- User Dashboards: Allow users to access personalized dashboards only after authentication.
- Account Settings: Ensure that only authenticated users can modify their account settings.
- Profile Pages: Secure user profile pages to prevent unauthorized access.
- E-commerce Checkouts: Restrict access to the checkout process for logged-in users only.
Add home view to app¶
- open
my_app/view.pyand add below code to it.
from django.contrib.auth.decorators import login_required
from django.shortcuts import render
@login_required
def dashboard(request):
return render(request, 'home.html')
- add template
template/home.htmland below code to it.
<html>
<body>
<h1>Hello, {{ request.user.username }}</h1>
<p>You logged in</p>
</body>
</html>
- open
my_app/urls.pyand add below code to it.
from django.urls import path
from . import views
urlpatterns = [
...
path("/", views.home, name="home"),
...
]
Test the app home view¶
- Open http://127.0.0.1:8000/ to see the home page.
- If user is not logged in then it will redirect the user to
/login/page. - If user is logged in then it will render the home page.