Andrés Álvarez Iglesias
Posted on April 29, 2024
NOTE: This article was initially posted on my Substack, at https://andresalvareziglesias.substack.com/
Hi everyone!
Django makes the user and session management easy. With every app, a user table is automatically generated, with a full management UI in the admin site, as we saw in previous parts of this series.
Now, we will integrate this users/session management in our game UI.
Articles in this series
- Chapter 1: Let the journey start
- Chapter 2: Create a containerized Django app with Gunicorn and Docker
- Chapter 3: Serve Django static files with NGINX
- Chapter 4: Adding a database to our stack
- Chapter 5: Applications and sites
- Chapter 6: Using the Django ORM
- Chapter 7: Users login, logout and register
Login in or registering
We can make a simple login form like this:
As the text says, if the user does not exist yet, it will be automatically generated. While we can create a simple login form that automatically generates users on login attempts, this approach poses significant security risks. It leaves your application vulnerable to brute-force attacks, where attackers can repeatedly try different usernames and passwords to gain access. For each attempt, a new user would be created, further compromising your system. This approach should never be used in a production environment.
To develop this functionality, we need a view like this:
from django.shortcuts import redirect
from django.contrib.auth import authenticate, login
from django.contrib.auth.models import User
def loginView(request):
username = request.POST.get("username", ""),
password = request.POST.get("password", ""))
# Try to log in first
user = authenticate(username=username, password=password)
if user is not None and user.is_active:
login(request, user)
return redirect("index")
# Validate user and password
if User.objects.filter(username=username).exists():
return redirect("index")
if (len(password) < 8 orpassword.find(username) != -1):
return redirect("index")
# The user does not exists, create now
user = User.objects.create_user(username=username, password=password)
login(request, user)
return redirect("index")
The relevant parts of the following view are the user login:
user = authenticate(username=username, password=password)
if user is not None and user.is_active:
login(request, user)
And the user creation (and later login):
user = User.objects.create_user(username=username, password=password)
login(request, user)
As you can see, Django simplifies user account creation, authentication, and session handling for us.
Login out
We need to allow our users to close their sessions. Considering a simple "logout" link like this:
We can develop a logout view like this:
from django.shortcuts import redirect
from django.contrib.auth import logout
def logoutView(request):
logout(request)
return redirect("index")
As simple as that. Django handles user session termination for us. Cool!
What have we learned so far?
We have walked a long trip in our journey to learn Django. Now, we are able to:
- Create a Django app
- Create any number of independent or interconnected subapps inside our app
- Develop an HTML/Javascript web UI with a separated Python backend
- Integrate our app with a database
- Manage the user session
And we have learned a few things about architecture:
- Generate interconnected services with Docker
- Code a docker-compose file to create all environment in an easy way
- Basic usage of gunicorn to serve our Django app
- Basic usage of NGINX to serve the static parts of the site (and to route gunicorn calls)
- Basic usage of PostgreSQL with Timescale exension
We now have the basic resources to develop any full-stack application, from user interface to backend and data layer.
Now, it's time to develop our Tic-Tac-Toe game. Let's play!
About the list
Among the Python and Docker posts, I will also write about other related topics (always tech and programming topics, I promise... with the fingers crossed), like:
- Software architecture
- Programming environments
- Linux operating system
- Etc.
If you found some interesting technology, programming language or whatever, please, let me know! I'm always open to learning something new!
About the author
I'm Andrés, a full-stack software developer based in Palma, on a personal journey to improve my coding skills. I'm also a self-published fantasy writer with four published novels to my name. Feel free to ask me anything!
Posted on April 29, 2024
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.