Jordan Has a Blog

Whoops and Sorry!!! 2010 07 27

Django – Allow users to log in using email rather than username 2010 06 12

One of the annoying things about Django is that it doesn’t allow logins via email out of the box if you’re using their built-in user authentication . You must create your own authentication backend in order to accomplish this. However, one of the things I love about Django is the ability to create authentication backends without too much of a headache. This comes in handy when dealing with things like allowing users to log in via Twitter, Facebook Connect, any OpenID providers, or allowing them to login via email and password.

Django authentication backends are quite simple, essentially whenever you call the django.contrib.auth.authenticate() function, Django uses the authenticate method in any of the classes specified by the AUTHENTICATION_BACKENDS tuple set in your settings.py. If one of the classes fails to authenticate the user, Django moves on to the next one until either one successfully returns a user object or there are no other backends to attempt, in which case it results in a failed login. A very simple authentication backend which allows users to login via email rather than username is the following code in backends.py:
from django.conf import settings from django.contrib.auth.models import User


class EmailModelBackend(object):

    def authenticate(self, username=None, password=None):

        kwargs = {'email': username}

        try:

            user = User.objects.get(**kwargs)

            if user.check_password(password):

                return user

        except User.DoesNotExist:

                return None

def get_user(self, user_id): try: return User.objects.get(pk=user_id) except User.DoesNotExist: return None

And you simply need to add to your settings.py:
AUTHENTICATION_BACKENDS = ( 'path.to.this.backends.EmailModelBackend', 'django.contrib.auth.backends.ModelBackend', )

I generally place my backends in whatever app I create to store extra user info, but you can put it anywhere, just make sure it’s in your PYTHONPATH.

Django 1.2 – CSRF verification failed. Request aborted. 2010 05 24

I was getting this 403 error today while attempting to make a POST request to a view:
403 Forbidden

CSRF verification failed. Request aborted. Help

Reason given for failure:

CSRF cookie not set.
Hopefully this saves you some time because I sure wasted a lot of mine solving it. I ended up having to add ‘django.middleware.csrf.CsrfViewMiddleware’, and ‘django.middleware.csrf.CsrfResponseMiddleware’ to my MIDDLEWARE_CLASSES in settings.py and my problems were solved. All I had to say was mutha eff. Django also was no help with their debug. My MIDDLEWARE_CLASSES now looks like:

MIDDLEWARE_CLASSES = ( 'django.middleware.common.CommonMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.middleware.csrf.CsrfResponseMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', )

Hope this helps.