index.txt 3.1 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889
  1. =============================
  2. User authentication in Django
  3. =============================
  4. .. toctree::
  5. :hidden:
  6. default
  7. passwords
  8. customizing
  9. .. module:: django.contrib.auth
  10. :synopsis: Django's authentication framework.
  11. Django comes with a user authentication system. It handles user accounts,
  12. groups, permissions and cookie-based user sessions. This section of the
  13. documentation explains how the default implementation works out of the box, as
  14. well as how to :doc:`extend and customize </topics/auth/customizing>` it to
  15. suit your project's needs.
  16. Overview
  17. ========
  18. The Django authentication system handles both authentication and authorization.
  19. Briefly, authentication verifies a user is who they claim to be, and
  20. authorization determines what an authenticated user is allowed to do. Here the
  21. term authentication is used to refer to both tasks.
  22. The auth system consists of:
  23. * Users
  24. * Permissions: Binary (yes/no) flags designating whether a user may perform
  25. a certain task.
  26. * Groups: A generic way of applying labels and permissions to more than one
  27. user.
  28. * A configurable password hashing system
  29. * Forms and view tools for logging in users, or restricting content
  30. * A pluggable backend system
  31. The authentication system in Django aims to be very generic and doesn't provide
  32. some features commonly found in web authentication systems. Solutions for some
  33. of these common problems have been implemented in third-party packages:
  34. * Password strength checking
  35. * Throttling of login attempts
  36. * Authentication against third-parties (OAuth, for example)
  37. * Object-level permissions
  38. Installation
  39. ============
  40. Authentication support is bundled as a Django contrib module in
  41. ``django.contrib.auth``. By default, the required configuration is already
  42. included in the :file:`settings.py` generated by :djadmin:`django-admin
  43. startproject <startproject>`, these consist of two items listed in your
  44. :setting:`INSTALLED_APPS` setting:
  45. 1. ``'django.contrib.auth'`` contains the core of the authentication framework,
  46. and its default models.
  47. 2. ``'django.contrib.contenttypes'`` is the Django :doc:`content type system
  48. </ref/contrib/contenttypes>`, which allows permissions to be associated with
  49. models you create.
  50. and these items in your :setting:`MIDDLEWARE` setting:
  51. #. :class:`~django.contrib.sessions.middleware.SessionMiddleware` manages
  52. :doc:`sessions </topics/http/sessions>` across requests.
  53. #. :class:`~django.contrib.auth.middleware.AuthenticationMiddleware` associates
  54. users with requests using sessions.
  55. With these settings in place, running the command ``manage.py migrate`` creates
  56. the necessary database tables for auth related models and permissions for any
  57. models defined in your installed apps.
  58. Usage
  59. =====
  60. :doc:`Using Django's default implementation <default>`
  61. * :ref:`Working with User objects <user-objects>`
  62. * :ref:`Permissions and authorization <topic-authorization>`
  63. * :ref:`Authentication in web requests <auth-web-requests>`
  64. * :ref:`Managing users in the admin <auth-admin>`
  65. :doc:`API reference for the default implementation </ref/contrib/auth>`
  66. :doc:`Customizing Users and authentication <customizing>`
  67. :doc:`Password management in Django <passwords>`