I am using django-al auth for user authentication. When I provide the login form with either euser name / password or email / password credentials, each cases it reports that either of user name or password does not match.
Relevant settings:
# django-allauth specific settings for regular accounts not including the social authentication part.
ACCOUNT_AUTHENTICATION_METHOD="username_email"
ACCOUNT_CHANGE_EMAIL=True
ACCOUNT_CONFIRM_EMAIL_ON_GET=False
ACCOUNT_EMAIL_REQUIRED=True
ACCOUNT_EMAIL_VERIFICATION="mandatory"
ACCOUNT_UNIQUE_EMAIL=True
ACCOUNT_DEFAULT_HTTP_PROTOCOL="https"
ACCOUNT_MAX_EMAIL_ADDRESSES=2
ACCOUNT_LOGOUT_ON_PASSWORD_CHANGE=True
ACCOUNT_LOGIN_ON_PASSWORD_RESET=True
ACCOUNT_SESSION_REMEMBER=True
ACCOUNT_USERNAME_REQUIRED=False
ACCOUNT_SIGNUP_PASSWORD_ENTER_TWICE=False
# Our specific signup form to include special fields like newsletter subscription and referrer, ip address
ACCOUNT_FORMS = {'signup': 'user_profile.forms.CustomSignupForm',
'login': 'user_profile.forms.CustomLoginForm'}
My custom login form is created only for css related reason:
from allauth.account.forms import LoginForm
class CustomLoginForm(LoginForm):
def __init__(self,*args, **kwargs):
super().__init__(*args, **kwargs)
# The parent class does similar. The only reason we had to make custom loginform
# to handle bootstrap css
self.fields["login"].widget.attrs.update({"class": TEXT_INPUT_CLASS})
if app_settings.AuthenticationMethod == AuthenticationMethod.USERNAME:
self.fields["login"].widget.attrs.update({"placeholder": "Felhasználónév",
"autocomplete": "username"})
elif app_settings.AuthenticationMethod == AuthenticationMethod.EMAIL:
self.fields["login"].widget.attrs.update({"placeholder": "Email cím",
"autocomplete": "email"})
else:
self.fields["login"].widget.attrs.update({"placeholder": "Email cím / felhasználónév",
"autocomplete": "email"})
self.fields["password"].widget.attrs.update({"class": TEXT_INPUT_CLASS,
"placeholder": "Add meg a jelszavad",
"autocomplete": "password"})
Practically all the logic of user authentication was left unchanged. These are the executed SQL queries reported by DBT:
SELECT "auth_user"."id",
"auth_user"."password",
"auth_user"."last_login",
"auth_user"."is_superuser",
"auth_user"."username",
"auth_user"."first_name",
"auth_user"."last_name",
"auth_user"."email",
"auth_user"."is_staff",
"auth_user"."is_active",
"auth_user"."date_joined"
FROM "auth_user"
WHERE "auth_user"."username" = '''1@example.com'''
LIMIT 21
SELECT "account_emailaddress"."id",
"account_emailaddress"."user_id",
"account_emailaddress"."email",
"account_emailaddress"."verified",
"account_emailaddress"."primary"
FROM "account_emailaddress"
WHERE "account_emailaddress"."email" LIKE '''1@example.com''' ESCAPE '\'
SELECT "auth_user"."id",
"auth_user"."password",
"auth_user"."last_login",
"auth_user"."is_superuser",
"auth_user"."username",
"auth_user"."first_name",
"auth_user"."last_name",
"auth_user"."email",
"auth_user"."is_staff",
"auth_user"."is_active",
"auth_user"."date_joined"
FROM "auth_user"
WHERE "auth_user"."id" IN ('4')
SELECT "auth_user"."id",
"auth_user"."password",
"auth_user"."last_login",
"auth_user"."is_superuser",
"auth_user"."username",
"auth_user"."first_name",
"auth_user"."last_name",
"auth_user"."email",
"auth_user"."is_staff",
"auth_user"."is_active",
"auth_user"."date_joined"
FROM "auth_user"
WHERE "auth_user"."username" LIKE '''1@example.com''' ESCAPE '\'
LIMIT 21
I do not understand while DBT put extra quotation marks in the queries. But the main quesition why authentication is not working if the user can be found in the database.