There are some pitfalls when you need to create and login users manually in Django. Let's create a user first:
request.POST.get('username', None) should be used instead of
request.POST['username']. If the later is used, you will get this error:
Once the username and password are extracted, let's create the user
The above code is wrong. Because when
create is used instead of
create_user, the user's password is not hashed. You will see the user's password is stored in clear text in the database, which is not the right thing to do.
So you should use the following instead:
What if you want to test if the user you are about to create has already existed:
get_or_create will get the existing user or create a new one. Two values are returned, an user object and a boolean flag
created indicating whether if the user created is a new one (i.e. created = True) or an existing one (i.e. created = False)
It is import to not forget including
user.save() in the end. Because
set_password does NOT save the password to the database.
Now a user has been created successfully, the next step is to login.
authenticate() only sets
user.backend to whatever authentication backend Django uses. So the code above is equivlent to:
Django's documentation recommends the first way of doing it. However, there is an use case for the second approach. When you want to login an user without a password:
The is used when security isn't an issue but you still want to distinguish between who's who on your site.
So to sum up the code above, here is the view_handler that manually create and login an user: