Best way to manage User creation and login ?

Using Django
1

Hi everyone !

I’m a little bit confused here because I’m working on User registration and connection with Django.

I browsed the documentation here : https://docs.djangoproject.com/en/3.0/topics/auth/

But it seems that there is no real “best way” to manage it.

Some will use UserCreationForm and AuthenticationForm, some others will make their own models some others will use the User Model… I’m just lost to be honest…

Could someone give me a clue of what is the safest and best way to manage users (registration and login) ?

Here is my actual way of doing this :

    from django.shortcuts import render, redirect
    from django.contrib.auth import authenticate, login
    from django.contrib.auth.forms import UserCreationForm, AuthenticationForm

    # Create your views here.
    def user_register(request):
    if request.method == "POST":
        form = UserCreationForm(data=request.POST)

        if form.is_valid():
            form.save()
            return redirect("/")

        else:
            print(form.errors)
    else:
        form = UserCreationForm()

    template_name = "register.html"
    context = {
        "form":form,
    }

    return render(request, template_name, context)

    def user_login(request):
    if request.method == "POST":
        form = AuthenticationForm(data=request.POST)

        if form.is_valid():
            username = form.cleaned_data["username"]
            password = form.cleaned_data["password"]
            user = authenticate(request,username=username,password=password)

            if user is not None:
                login(request,user)
                return redirect("/")
            else:
                print(user.errors)
        else:
            print(form.errors)
    else:
        form = AuthenticationForm()

    template_name = "login.html"
    context = {
        "form":form,
    }

    return render(request, template_name, context)

Thank you in advance :slight_smile:

2

It may seem confusing because there are a couple different contexts involved here.

Your choices among the options should, in part, depend upon a couple of different factors:

  1. Whether users are registering themselves, or if someone else is registering them.
  2. Whether or not the supplied registration forms and templates are sufficient for you.
  3. Whether you’re only using the base User object, or if you’re needing to extend / or replace it with a custom User or user profile object.

Each one of those items may change how you implement your solution. (As one example, if there’s some administrator who is registering users rather than allowing self-registration, you might be able to get by with the standard admin facility for editing the User table.)
So I guess I would be inclined to say that there are “best ways” or “generally acknowledged best practices” to manage it, but they’re conditional based upon the larger context.

Login is a slightly different issue. The only real question is whether or not you’re going to replace the standard login form. There’s enough flexibility in the standard methods that I wouldn’t consider writing a custom login view - I would always be using the standard LoginView.

If I only want to replace the template, I don’t even need to replace anything else. I can create my custom template as registration/login.html and Django will use it.

1 Like