mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-31 09:41:08 +00:00
Code Issues 32 Releases Wiki Activity

[5.1.x] Refs #31405 -- Improved LoginRequiredMiddleware documentation.

Browse Source 
co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>

Backport of 49815f70e4 from main.
This commit is contained in:
Adam Johnson
2024-08-08 07:10:13 +01:00
committed by Sarah Boyce
parent d9aeb23edb
commit 291fa5fbbe
3 changed files with 47 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
docs/ref/middleware.txt
View File

@@ -499,26 +499,50 @@ every incoming ``HttpRequest`` object. See :ref:`Authentication in web requests
.. versionadded:: 5.1 .. versionadded:: 5.1
Redirects all unauthenticated requests to a login page. For admin views, this Redirects all unauthenticated requests to a login page, except for views
redirects to the admin login. For all other views, this will redirect to excluded with :func:`~.django.contrib.auth.decorators.login_not_required`. The
:setting:`settings.LOGIN_URL <LOGIN_URL>`. This can be customized by using the login page defaults to :setting:`settings.LOGIN_URL <LOGIN_URL>`, but can be
:func:`~.django.contrib.auth.decorators.login_required` decorator and setting customized.
``login_url`` or ``redirect_field_name`` for the view. For example::
Enable this middleware by adding it to the :setting:`MIDDLEWARE` setting
**after** :class:`~django.contrib.auth.middleware.AuthenticationMiddleware`::
MIDDLEWARE = [
"...",
"django.contrib.auth.middleware.AuthenticationMiddleware",
"django.contrib.auth.middleware.LoginRequiredMiddleware",
"...",
]
Make a view public, allowing unauthenticated requests, with
:func:`~.django.contrib.auth.decorators.login_not_required`. For example::
from django.contrib.auth.decorators import login_not_required
@login_not_required
def contact_us(request): ...
Customize the login URL or field name for authenticated views with the
:func:`~.django.contrib.auth.decorators.login_required` decorator to set
``login_url`` or ``redirect_field_name`` respectively. For example::
from django.contrib.auth.decorators import login_required
from django.utils.decorators import method_decorator
from django.views.generic import View
@login_required(login_url="/books/login/", redirect_field_name="redirect_to")
def book_dashboard(request): ...
@method_decorator( @method_decorator(
login_required(login_url="/login/", redirect_field_name="redirect_to"), login_required(login_url="/books/login/", redirect_field_name="redirect_to"),
name="dispatch", name="dispatch",
) )
class MyView(View): class BookMetrics(View):
pass pass
@login_required(login_url="/login/", redirect_field_name="redirect_to")
def my_view(request): ...
Views using the :func:`~django.contrib.auth.decorators.login_not_required`
decorator are exempt from this requirement.
.. admonition:: Ensure that your login view does not require a login. .. admonition:: Ensure that your login view does not require a login.
To prevent infinite redirects, ensure you have To prevent infinite redirects, ensure you have
@@ -527,6 +551,9 @@ decorator are exempt from this requirement.
**Methods and Attributes** **Methods and Attributes**
Subclass the middleware and override these to customize behavior for
unauthenticated requests.
.. attribute:: redirect_field_name .. attribute:: redirect_field_name
Defaults to ``"next"``. Defaults to ``"next"``.

7
docs/releases/5.1.txt
View File

@@ -91,12 +91,15 @@ redirects all unauthenticated requests to a login page. Views can allow
unauthenticated requests by using the new unauthenticated requests by using the new
:func:`~django.contrib.auth.decorators.login_not_required` decorator. :func:`~django.contrib.auth.decorators.login_not_required` decorator.
The :class:`~django.contrib.auth.middleware.LoginRequiredMiddleware` respects ``LoginRequiredMiddleware`` respects the ``login_url`` and
the ``login_url`` and ``redirect_field_name`` values set via the ``redirect_field_name`` values set via the
:func:`~.django.contrib.auth.decorators.login_required` decorator, but does not :func:`~.django.contrib.auth.decorators.login_required` decorator, but does not
support setting ``login_url`` or ``redirect_field_name`` via the support setting ``login_url`` or ``redirect_field_name`` via the
:class:`~django.contrib.auth.mixins.LoginRequiredMixin`. :class:`~django.contrib.auth.mixins.LoginRequiredMixin`.
To enable this, add ``"django.contrib.auth.middleware.LoginRequiredMiddleware"``
to your :setting:`MIDDLEWARE` setting.
Minor features Minor features
-------------- --------------

2
docs/topics/auth/default.txt
View File

@@ -671,7 +671,7 @@ login view, may need to disable this behavior.
.. function:: login_not_required() .. function:: login_not_required()
Allows unauthenticated requests without redirecting to the login page when Allows unauthenticated requests to this view when
:class:`~django.contrib.auth.middleware.LoginRequiredMiddleware` is :class:`~django.contrib.auth.middleware.LoginRequiredMiddleware` is
installed. installed.