.. _topics-auth:
=============================
User authentication in Django
=============================
.. module:: django.contrib.auth
:synopsis: Django's authentication framework.
Django comes with a user authentication system. It handles user accounts,
groups, permissions and cookie-based user sessions. This document explains how
things work.
Overview
========
The auth system consists of:
* Users
* Permissions: Binary (yes/no) flags designating whether a user may perform
a certain task.
* Groups: A generic way of applying labels and permissions to more than one
user.
* Messages: A simple way to queue messages for given users.
Installation
============
Authentication support is bundled as a Django application in
``django.contrib.auth``. To install it, do the following:
1. Put ``'django.contrib.auth'`` in your :setting:`INSTALLED_APPS` setting.
2. Run the command ``manage.py syncdb``.
Note that the default :file:`settings.py` file created by
:djadmin:`django-admin.py startproject` includes ``'django.contrib.auth'`` in
:setting:`INSTALLED_APPS` for convenience. If your :setting:`INSTALLED_APPS`
already contains ``'django.contrib.auth'``, feel free to run
:djadmin:`manage.py syncdb` again; you can run that command as many times as
you'd like, and each time it'll only install what's needed.
The :djadmin:`syncdb` command creates the necessary database tables, creates
permission objects for all installed apps that need 'em, and prompts you to
create a superuser account the first time you run it.
Once you've taken those steps, that's it.
Users
=====
.. class:: models.User
API reference
-------------
Fields
~~~~~~
.. class:: models.User
:class:`~django.contrib.auth.models.User` objects have the following fields:
.. attribute:: models.User.username
Required. 30 characters or fewer. Alphanumeric characters only (letters,
digits and underscores).
.. attribute:: models.User.first_name
Optional. 30 characters or fewer.
.. attribute:: models.User.last_name
Optional. 30 characters or fewer.
.. attribute:: models.User.email
Optional. E-mail address.
.. attribute:: models.User.password
Required. A hash of, and metadata about, the password. (Django doesn't
store the raw password.) Raw passwords can be arbitrarily long and can
contain any character. See the "Passwords" section below.
.. attribute:: models.User.is_staff
Boolean. Designates whether this user can access the admin site.
.. attribute:: models.User.is_active
Boolean. Designates whether this account can be used to log in. Set this
flag to ``False`` instead of deleting accounts.
.. attribute:: models.User.is_superuser
Boolean. Designates that this user has all permissions without explicitly
assigning them.
.. attribute:: models.User.last_login
A datetime of the user's last login. Is set to the current date/time by
default.
.. attribute:: models.User.date_joined
A datetime designating when the account was created. Is set to the current
date/time by default when the account is created.
Methods
~~~~~~~
.. class:: models.User
:class:`~django.contrib.auth.models.User` objects have two many-to-many
fields: models.User. ``groups`` and ``user_permissions``.
:class:`~django.contrib.auth.models.User` objects can access their related
objects in the same way as any other :ref:`Django model <topics-db-models>`:
.. code-block:: python
myuser.groups = [group_list]
myuser.groups.add(group, group, ...)
myuser.groups.remove(group, group, ...)
myuser.groups.clear()
myuser.user_permissions = [permission_list]
myuser.user_permissions.add(permission, permission, ...)
myuser.user_permissions.remove(permission, permission, ...)
myuser.user_permissions.clear()
In addition to those automatic API methods,
:class:`~django.contrib.auth.models.User` objects have the following custom
methods:
.. method:: models.User.is_anonymous()
Always returns ``False``. This is a way of differentiating
:class:`~django.contrib.auth.models.User` and
:class:`~django.contrib.auth.models.AnonymousUser` objects.
Generally, you should prefer using
:meth:`~django.contrib.auth.models.User.is_authenticated()` to this
method.
.. method:: models.User.is_authenticated()
Always returns ``True``. This is a way to
tell if the user has been authenticated. This does not imply any
permissions, and doesn't check if the user is active - it only indicates
that the user has provided a valid username and password.
.. method:: models.User.get_full_name()
Returns the :attr:`~django.contrib.auth.models.User.first_name` plus the
:attr:`~django.contrib.auth.models.User.last_name`,
with a space in between.
.. method:: models.User.set_password(raw_password)
Sets the user's password to the given raw string, taking care of the
password hashing. Doesn't save the
:class:`~django.contrib.auth.models.User` object.
.. method:: models.User.check_password(raw_password)
Returns ``True`` if the given raw string is the correct password for the
user. (This takes care of the password hashing in making the comparison.)
.. method:: models.User.set_unusable_password()
.. versionadded:: 1.0
Marks the user as having no password set. This isn't the same as having
a blank string for a password.
:meth:`~django.contrib.auth.models.User.check_password()` for this user
will never return ``True``. Doesn't save the
:class:`~django.contrib.auth.models.User` object.
You may need this if authentication for your application takes place
against an existing external source such as an LDAP directory.
.. method:: models.User.has_usable_password()
.. versionadded:: 1.0
Returns ``False`` if
:meth:`~django.contrib.auth.models.User.set_unusable_password()` has
been called for this user.
.. method:: models.User.get_group_permissions()
Returns a list of permission strings that the user has, through his/her
groups.
.. method:: models.User.get_all_permissions()
Returns a list of permission strings that the user has, both through group
and user permissions.
.. method:: models.User.has_perm(perm)
Returns ``True`` if the user has the specified permission, where perm is
in the format ``"package.codename"``. If the user is inactive, this method
will always return ``False``.
.. method:: models.User.has_perms(perm_list)
Returns ``True`` if the user has each of the specified permissions, where
each perm is in the format ``"package.codename"``. If the user is inactive,
this method will always return ``False``.
.. method:: models.User.has_module_perms(package_name)
Returns ``True`` if the user has any permissions in the given package (the
Django app label). If the user is inactive, this method will always return
``False``.
.. method:: models.User.get_and_delete_messages()
Returns a list of :class:`~django.contrib.auth.models.Message` objects in
the user's queue and deletes the messages from the queue.
.. method:: models.User.email_user(subject, message, from_email=None)
Sends an e-mail to the user. If
:attr:`~django.contrib.auth.models.User.from_email` is ``None``, Django
uses the :setting:`DEFAULT_FROM_EMAIL`.
.. method:: models.User.get_profile()
Returns a site-specific profile for this user. Raises
:exc:`django.contrib.auth.models.SiteProfileNotAvailable` if the current
site doesn't
没有合适的资源?快使用搜索试试~ 我知道了~
Django——用python语言写的开源web开发框架
4星 · 超过85%的资源 需积分: 9 54 下载量 69 浏览量
2008-11-10
21:07:16
上传
评论
收藏 4.57MB GZ 举报
温馨提示
共1582个文件
py:956个
txt:136个
po:101个
Django(发音:/ˈdʒæŋgoː/) 是用python语言写的开源web开发框架(open source web framework),它鼓励快速开发,并遵循MVC设计。Django遵守 BSD版权,初次发布于2005年7月, 并于2008年9月发布了第一个正式版本1.0 。 Django 根据比利时的爵士音乐家Django Reinhardt命名,他是一个吉普赛人,主要以演奏吉它为主,还演奏过小提琴等。
资源推荐
资源详情
资源评论
收起资源包目录
Django——用python语言写的开源web开发框架 (1582个子文件)
django-admin.1 6KB
daily_cleanup.1 995B
gather_profile_stats.1 845B
AUTHORS 15KB
setup.cfg 117B
global.css 9KB
widgets.css 8KB
djangodocs.css 6KB
reset-fonts-grids.css 5KB
forms.css 4KB
changelists.css 3KB
rtl.css 2KB
layout.css 1KB
homepage.css 891B
patch-iewin.css 793B
login.css 697B
dashboard.css 321B
base.css 262B
null.css 153B
default.css 91B
test_vrt.csv 57B
counties.dbf 4KB
test_point.dbf 749B
cities.dbf 533B
test_poly.dbf 501B
interstates.dbf 412B
django_bash_completion 6KB
formrow.gif 9KB
module.gif 6KB
objecttools_02.gif 2KB
objecttools_01.gif 1KB
docicons-behindscenes.gif 1024B
tooltag-add.gif 932B
default-bg.gif 844B
default-bg-reverse.gif 843B
arrow-up.gif 838B
docicons-philosophy.gif 799B
docicons-note.gif 632B
selector_stacked-add.gif 612B
selector-add.gif 606B
selector-search.gif 552B
selector_stacked-remove.gif 401B
selector-remove.gif 398B
icon_clock.gif 390B
selector-addall.gif 358B
selector-removeall.gif 355B
tooltag-arrowright_over.gif 354B
tooltag-arrowright.gif 351B
icon_success.gif 341B
tooltag-add_over.gif 336B
icon_error.gif 319B
icon-yes.gif 299B
nav-bg.gif 273B
chooser_stacked-bg.gif 212B
tool-left_over.gif 203B
tool-right_over.gif 200B
chooser-bg.gif 199B
tool-right.gif 198B
tool-left.gif 197B
icon_calendar.gif 192B
nav-bg-reverse.gif 186B
icon_deletelink.gif 181B
icon-no.gif 176B
icon_alert.gif 145B
icon-unknown.gif 130B
icon_changelink.gif 119B
icon_addlink.gif 119B
nav-bg-grabber.gif 116B
inline-splitter-bg.gif 102B
arrow-down.gif 80B
changelist-bg_rtl.gif 75B
changelist-bg.gif 58B
deleted-overlay.gif 45B
bookmarklets.html 4KB
base.html 3KB
layout.html 3KB
base.html 3KB
moderation_queue.html 3KB
index.html 3KB
tabular.html 2KB
change_form.html 2KB
change_password.html 2KB
400-debug.html 2KB
openlayers.html 2KB
template_filter_index.html 2KB
template_tag_index.html 1KB
change_list.html 1KB
password_change_form.html 1KB
object_detail.html 1KB
object_history.html 1KB
delete_confirmation.html 1KB
stacked.html 1KB
password_reset_confirm.html 1KB
model_detail.html 1KB
view_index.html 1KB
reply_preview.html 1KB
preview.html 1KB
add_form.html 1KB
index.html 1KB
search_form.html 1KB
共 1582 条
- 1
- 2
- 3
- 4
- 5
- 6
- 16
资源评论
- xujin0401112012-10-31这个跟web.py比起来似乎是全了功能,但是对于初学者来说哪个更好呢?
- xman782012-09-30入门够用了
thirdfeel
- 粉丝: 2
- 资源: 9
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功