Login issue 'Please enter a correct username and password'

I created a dedicated app to handle the authentication and in this app I created a login.html.
In the urls.py for this new app I added path('accounts/', include('django.contrib.auth.urls')).
When I enter the URL, I can normally see the login page.
But when I enter credentials and try to login, I always get Please enter a correct username and password. Note that both fields may be case-sensitive. in form.errors.
So I went into Django Admin and created additional user with superuser+active+staff and additionally I assigned to this user all possible permissions - but I still have the same issue (I’m typing the correct password - this is not the issue).
Do you have any clue (based on what I described above), what could be the real issue behind ?

In general, if you’re trying to replace just the system template for this, I’d start with doing a careful comparison between your template and the system default template.

Is “login.html” the only file in this app? Or are there also views and forms?

This would imply to me that you’re trying to use the built-in Django views for this? Is your intent then that your login.html template to be used as replacement for the system default login page? If so, what’s the purpose of creating this as a separate app?

What URL?

Which login page are you seeing? The system default page or your custom page?

@KenWhitesell thank you for quick response. See my answers below.

login.html is the only file but it extends the html template from my other app where regular pages are.

Yes, the intent was to use my login.html since by reading the documentation I did not realized that there is login.html available out of the box - is it ?.
The purpose of creating separate app was because I wanted to extend AuthenticationForm to add some more features to the form (recaptcha, widgets to define placeholders, etc.) but since I got the error described in my 1st post I went back to use default AuthenticationForm and default path('accounts/', include('django.contrib.auth.urls')) and wanted to make it works first this way.

When I open /accounts/login/ I see my custom login page.

Yes. If you don’t supply a template, the system uses a default form view. My first suggestion would be to remove/rename your login.html file to try using the standard form and see what happens. My guess is that your template doesn’t align with the form that Django uses for authentication.

I’m getting

TemplateDoesNotExist at /accounts/login/
registration/login.html

In the same project I also use Django Admin for administrators - is that the problem ?

I did search C:\Users\pitagora\AppData\Local\Programs\Python\Python38-32\Lib\site-packages for login.html but I see only the one in Django Admin…

I made additional test…

I created completely new project.
I run makemigrations, migrate, createsuperuser, collectstatic…
I created single test app.
I added path('accounts/', include('django.contrib.auth.urls')) to proejct’s urls.py
When I open http://127.0.0.1:8000/accounts/login/ again I have this error:

TemplateDoesNotExist at /accounts/login/
registration/login.html

I’m using django 3.1.7.

Yep, my mistake. Core Django does not include a login.html page by default. There’s a sample at Using the Django authentication system | Django documentation | Django to use as a starting point, but that’s about it. I had gotten myself confused by looking at one of my projects that does something completely different.

Can you post your login.html template?

Thanks for re-check !

Here is my login.html:

{% extends "myapp/_template.html" %}
{% load static %}
{% load thumbnail %}

{% block CONTENT %}

    {% if form.errors %}
        <p class="error">{{form.errors}}</p>
    {% endif %}

    {% if next %}
        {% if user.is_authenticated %}
        <p class="error">Your account doesn't have access to this page. To proceed, please login with an account that has access.</p>
        {% else %}
        <p class="error">Please login to see this page.</p>
        {% endif %}
    {% endif %}

    <form method="post" action="{% url 'myauth:login' %}">
        {% csrf_token %}
        <p>
        <span class="text-size-small">User:</span>
        {{ form.username }}
        </p>
        <p>
        <span class="text-size-small">Password:</span>
        {{ form.password }}
        </p>
        <p>
        {{ form.captcha }}
        </p>
    <button type="submit" class="btn btn-style-3" data-type="submit" value="login">Login</button>

    <input type="hidden" name="next" value="{{ next }}">
    </form>

    <p>
        <a href="{% url 'myauth:password_reset' %}" class="text-size-small">Lost password?</a>
    </p>
{% endblock %}

How did you set the password for the user you created?

I was using Django Admin to create the user and set the password.

Ok. You mentioned you set all sorts of permissions on this user. Did you try to log on to the admin page with that user? (I’m trying to find a way to identify where the issue is being caused. I’m not seeing anything wrong with what you’ve posted, so I’m trying to think of things that will yield some useful information.)

You’re right. The same error I got when logging in into Django Admin.
So I tested my admin account, I can login into my custom login.html but for admin account I got:

Forbidden (403)
CSRF verification failed. Request aborted.

But this is some other issue, I assume…

I’m sorry, I’m confused by the previous sentence. What circumstance causes you to receive this error?

It could all be related. Can you post the middleware section of your settings file?

When I try to login with admin account (created when the project was started) into my custom login, then I get:

Forbidden (403)
CSRF verification failed. Request aborted.

And middleware part in settings.py is:

MIDDLEWARE = [
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
]

I’m kinda stumpted at this point.

Have you changed or made any adjustments to any of the CSRF_ settings in your settings file?

Is this form being submitted directly, or do you have some JavaScript actually performing the form submission?

I might be mistaken but I don’t think you can set the password from the admin. Could you try setting the password with manage.py changepassword?

I know the admin has a password field, but it’s the hashed password - so setting an actual password there doesn’t work IIRC.

The current admin does provide a facility for doing that. I’ve attached a screenshot showing what the standard default user page looks like in admin:

Now, if you’re using a custom User class or a custom User Admin page, your results may vary.

1 Like

Hm, after doing manage.py changepassword I really can login… Thanks.