We will continue to build our blog app where we left in the post writing-your-first-blog-app-in-django-part-12.
So we have created a user creation form in our blog project,now in this post we will see how we can take our users and save them to the database.So our main goal is to take the data which user provides in the form which we created in last post.
When user enter all details and click on signup button in the user creation form,we want to take that data and create some kind of new user in our database.Whether we are using get request or post request whenever form is submitted it will fire up the signup_view function inside views.py file.So inside that function we need some kind of way to detect whether the request was a post request or a get request.
So to make that login change the accounts/views.py as following:
from django.shortcuts import render,redirect
from django.contrib.auth.forms import UserCreationForm
def signup_view(request):
'''
If the request is post then we will take the data that we've
got from the form and we want to somehow validate it and the way we do that
is by following:
'''
if request.method = 'POST':
'''
What this instance is doing is essentially kind of valid in that data
for us.If this data is okay(like user is already exists or not,password in
long enough or not etc..).That's going to return us a instance of form
that is either valid or invalid.If it is valid save that form to database.
'''
form = UserCreationForm(request.POST)
if form.is_valid():
form.save()
#log the user in
#redirect the user to articles list page
return redirect('articles:list')
#if the request is get then create a blank instance of user creation form.
else:
#create a new instance of the form
form = UserCreationForm()
#send that form to template
return render(request, 'accounts/signup.html',{'form':form})
Now change the action attribute in the form field in signup.html template to /accounts/signup/ because we want to send user to that form.
After doing all this changes run the server,and open the signup page.Now add some dummy username and password and try to signup,but you will be redirected to this page.
The error in the above page is saying that csrf token is missing,so this token is essentially a security thing and when we send data to the server what we need to do is to send a token with it to say look this data,this request has come from our application,it’s not come from another application trying to make a post request to our site.It’s come from our application so please accept it,so what we need to do is send that token with the request inside this form and it’s very simple to do it.
So change signup.html as following to add csrf_token.
{% extends 'base_layout.html' %} {% block content %}
<h1>Signup</h1>
<br>
<br>
<!--site-form is for stying purposes -->
<form class="site-form" action="/accounts/signup/" method="post">
{% csrf_token %}
<!-- output all of fields which comes baked with django inbuilt form -->
{{ form }}
<input type="submit" value="Signup">
</form>
{% endblock %}
So now run the server again and signup,now you will be redirected to the article list page.You can also check django will handle error cases also(like add password of less than 8 characters).
You can also check your user which you registered in the admin side also.
So this is all about how to handle get and post requests in django user authentication,