NOTE: This article was initially posted on my Substack, at https://andresalvareziglesias.substack.com/
Hi everyone!
Django makes the user and session management easy. With every app, a user table is automatically generated, with a full management UI in the admin site, as we saw in previous parts of this series.
Now, we will integrate this users/session management in our game UI.
Articles in this series
- Chapter 1: Let the journey start
- Chapter 2: Create a containerized Django app with Gunicorn and Docker
- Chapter 3: Serve Django static files with NGINX
- Chapter 4: Adding a database to our stack
- Chapter 5: Applications and sites
- Chapter 6: Using the Django ORM
- Chapter 7: Users login, logout and register
Login in or registering
We can make a simple login form like this:
As the text says, if the user does not exist yet, it will be automatically generated. While we can create a simple login form that automatically generates users on login attempts, this approach poses significant security risks. It leaves your application vulnerable to brute-force attacks, where attackers can repeatedly try different usernames and passwords to gain access. For each attempt, a new user would be created, further compromising your system. This approach should never be used in a production environment.
To develop this functionality, we need a view like this:
from django.shortcuts import redirect
from django.contrib.auth import authenticate, login
from django.contrib.auth.models import User
def loginView(request):
username = request.POST.get("username", ""),
password = request.POST.get("password", ""))
# Try to log in first
user = authenticate(username=username, password=password)
if user is not None and user.is_active:
login(request, user)
return redirect("index")
# Validate user and password
if User.objects.filter(username=username).exists():
return redirect("index")
if (len(password) < 8 orpassword.find(username) != -1):
return redirect("index")
# The user does not exists, create now
user = User.objects.create_user(username=username, password=password)
login(request, user)
return redirect("index")
The relevant parts of the following view are the user login:
user = authenticate(username=username, password=password)
if user is not None and user.is_active:
login(request, user)
And the user creation (and later login):
user = User.objects.create_user(username=username, password=password)
login(request, user)
As you can see, Django simplifies user account creation, authentication, and session handling for us.
Login out
We need to allow our users to close their sessions. Considering a simple "logout" link like this:
We can develop a logout view like this:
from django.shortcuts import redirect
from django.contrib.auth import logout
def logoutView(request):
logout(request)
return redirect("index")
As simple as that. Django handles user session termination for us. Cool!
What have we learned so far?
We have walked a long trip in our journey to learn Django. Now, we are able to:
- Create a Django app
- Create any number of independent or interconnected subapps inside our app
- Develop an HTML/Javascript web UI with a separated Python backend
- Integrate our app with a database
- Manage the user session
And we have learned a few things about architecture:
- Generate interconnected services with Docker
- Code a docker-compose file to create all environment in an easy way
- Basic usage of gunicorn to serve our Django app
- Basic usage of NGINX to serve the static parts of the site (and to route gunicorn calls)
- Basic usage of PostgreSQL with Timescale exension
We now have the basic resources to develop any full-stack application, from user interface to backend and data layer.
Now, it's time to develop our Tic-Tac-Toe game. Let's play!
About the list
Among the Python and Docker posts, I will also write about other related topics (always tech and programming topics, I promise... with the fingers crossed), like:
- Software architecture
- Programming environments
- Linux operating system
- Etc.
If you found some interesting technology, programming language or whatever, please, let me know! I'm always open to learning something new!
About the author
I'm Andrés, a full-stack software developer based in Palma, on a personal journey to improve my coding skills. I'm also a self-published fantasy writer with four published novels to my name. Feel free to ask me anything!
Top comments (0)