Django login required view

Prerequisites

Login Required View

  • A login required view is a view that restricts access to authenticated users.
  • If an unauthenticated user attempts to access the view, they will be redirected to a login page.
  • This feature is useful when you want to secure parts of your application, such as user dashboards, account settings, or any other pages that should only be accessible by logged-in users.
  • Django makes this process simple with the LoginRequiredMixin and the @login_required decorator.

Login required settings

  • LOGIN_URL: URL to the login page (e.g., /login/).
  • LOGIN_REDIRECT_URL: URL to redirect to after successful login (e.g., / for the homepage).
  • LOGOUT_REDIRECT_URL: URL to redirect to after logging out (e.g., /login/).

my_project/settings.py

...
LOGIN_URL = "/login/"
LOGIN_REDIRECT_URL = "/"
LOGOUT_REDIRECT_URL = "/login/"
...

Using the @login_required Decorator

  • The @login_required decorator is the simplest way to ensure that a user is logged in before accessing a view.
  • This is typically used for function-based views (FBVs).
  • Let's look at the example view
from django.contrib.auth.decorators import login_required
from django.shortcuts import render

@login_required
def dashboard(request):
    return render(request, 'dashboard.html')
  • In the aboe example, if a user is not logged in and tries to access the /dashboard view, they will be redirected to the login page.

Customizing the Login URL

  • By default, Django redirects unauthenticated users to the settings.LOGIN_URL URL. we can customize this by passing the login_url parameter to the decorator:
  • Look at the example below.
@login_required(login_url='/custom-login-path/')
def dashboard(request):
    return render(request, 'dashboard.html')

Using the LoginRequiredMixin for Class-Based Views

  • For class-based views (CBVs), the LoginRequiredMixin is the preferred way to implement login-required views.
  • It works similarly to the @login_required decorator but is designed specifically for classes.
  • Let's look at the example below.
from django.contrib.auth.mixins import LoginRequiredMixin
from django.views.generic import TemplateView

class DashboardView(LoginRequiredMixin, TemplateView):
    template_name = 'dashboard.html'

Customizing the Login URL in Class-Based Views

  • Similar to the function-based approach, we can also customize the login URL for class-based views:
  • Look at the code below.
class DashboardView(LoginRequiredMixin, TemplateView):
    template_name = 'dashboard.html'
    login_url = '/custom-login-path/'

Common Use Cases for Login Required Views

  • User Dashboards: Allow users to access personalized dashboards only after authentication.
  • Account Settings: Ensure that only authenticated users can modify their account settings.
  • Profile Pages: Secure user profile pages to prevent unauthorized access.
  • E-commerce Checkouts: Restrict access to the checkout process for logged-in users only.

Add home view to app

  • open my_app/view.py and add below code to it.
from django.contrib.auth.decorators import login_required
from django.shortcuts import render

@login_required
def dashboard(request):
    return render(request, 'home.html')
  • add template template/home.html and below code to it.
<html>
  <body>
    <h1>Hello, {{ request.user.username }}</h1>
    <p>You logged in</p>
  </body>
</html>
  • open my_app/urls.py and add below code to it.
from django.urls import path
from . import views

urlpatterns = [
    ...
    path("/", views.home, name="home"),
    ...
]

Test the app home view

  • Open http://127.0.0.1:8000/ to see the home page.
  • If user is not logged in then it will redirect the user to /login/ page.
  • If user is logged in then it will render the home page.