Django Lesson 9: Authentication
Django comes with a complete authentication system — login, logout, registration, password reset. You don’t need to build it from scratch.
Built-in Auth Views
# myblog/urls.py
from django.contrib.auth import views as auth_views
urlpatterns = [
# Django handles these views automatically:
path("login/", auth_views.LoginView.as_view(template_name="auth/login.html"), name="login"),
path("logout/", auth_views.LogoutView.as_view(), name="logout"),
path("password-reset/", auth_views.PasswordResetView.as_view(), name="password-reset"),
path("password-reset/done/", auth_views.PasswordResetDoneView.as_view()),
path("password-reset/<uidb64>/<token>/", auth_views.PasswordResetConfirmView.as_view()),
]
Registration & Protecting Views
# posts/views.py
from django.contrib.auth.decorators import login_required
from django.contrib.auth import login
from django.contrib.auth.forms import UserCreationForm
def register(request):
form = UserCreationForm(request.POST or None)
if form.is_valid():
user = form.save()
login(request, user) # auto-login after register
return redirect("home")
return render(request, "auth/register.html", {"form": form})
@login_required # redirect to login if not authenticated
def create_post(request):
...
# In templates:
{% if user.is_authenticated %}
<a href="{% url 'logout' %}">Logout {{ user.username }}</a>
{% else %}
<a href="{% url 'login' %}">Login</a>
{% endif %}
🏋️ Practice Task
Add auth to your project: registration page (/register/), login (/login/), logout. Protect the create/edit/delete task views with @login_required. Show the logged-in username in the navbar. Make tasks belong to their creator (created_by = request.user). Only show user’s own tasks.
💡 Hint: Filter tasks: Task.objects.filter(created_by=request.user). In create view: task.created_by = request.user before save.