Priygop - Leading Professional Development Platform

User Authentication

Master Django's authentication system for user management, permissions, and session handling. This is a foundational concept in Python web development that professional developers rely on daily. The explanations below are written to be beginner-friendly while covering the depth and nuance that comes from real-world Python/Django experience. Take your time with each section and practice the examples

60 min•By Priygop Team•Last updated: Feb 2026

Django Authentication System

Django provides a comprehensive authentication system that handles user accounts, groups, permissions, and sessions. It's secure, flexible, and easy to extend.. This is an essential concept that every Python/Django developer must understand thoroughly. In professional development environments, getting this right can mean the difference between code that works reliably and code that breaks in production. The following sections break this down into clear, digestible pieces with practical examples you can try immediately

Authentication Views & Forms

Example

# views.py
from django.contrib.auth import login, logout, authenticate
from django.contrib.auth.decorators import login_required
from django.contrib.auth.mixins import LoginRequiredMixin
from django.contrib.auth.forms import UserCreationForm, AuthenticationForm
from django.shortcuts import render, redirect
from .forms import CustomUserCreationForm

# User registration
def register(request):
    if request.method == 'POST':
        form = CustomUserCreationForm(request.POST)
        if form.is_valid():
            user = form.save()
            login(request, user)
            messages.success(request, 'Account created successfully!')
            return redirect('home')
    else:
        form = CustomUserCreationForm()
    
    return render(request, 'registration/register.html', {'form': form})

# User login
def user_login(request):
    if request.method == 'POST':
        form = AuthenticationForm(request, data=request.POST)
        if form.is_valid():
            username = form.cleaned_data.get('username')
            password = form.cleaned_data.get('password')
            user = authenticate(username=username, password=password)
            if user is not None:
                login(request, user)
                messages.success(request, f'Welcome back, {username}!')
                return redirect('home')
    else:
        form = AuthenticationForm()
    
    return render(request, 'registration/login.html', {'form': form})

# User logout
@login_required
def user_logout(request):
    logout(request)
    messages.info(request, 'You have been logged out.')
    return redirect('home')

# Profile view
@login_required
def profile(request):
    return render(request, 'registration/profile.html', {'user': request.user})

# Password change
from django.contrib.auth.forms import PasswordChangeForm

@login_required
def password_change(request):
    if request.method == 'POST':
        form = PasswordChangeForm(request.user, request.POST)
        if form.is_valid():
            user = form.save()
            update_session_auth_hash(request, user)
            messages.success(request, 'Password changed successfully!')
            return redirect('profile')
    else:
        form = PasswordChangeForm(request.user)
    
    return render(request, 'registration/password_change.html', {'form': form})

# Custom user model (optional)
from django.contrib.auth.models import AbstractUser
from django.db import models

class CustomUser(AbstractUser):
    bio = models.TextField(max_length=500, blank=True)
    birth_date = models.DateField(null=True, blank=True)
    avatar = models.ImageField(upload_to='avatars/', blank=True)
    
    def __str__(self):
        return self.username

# User permissions and groups
from django.contrib.auth.models import Group, Permission

# Create a group
editors_group, created = Group.objects.get_or_create(name='Editors')

# Add permissions to group
post_permissions = Permission.objects.filter(
    content_type__app_label='blog',
    content_type__model='post'
)
editors_group.permissions.set(post_permissions)

# Add user to group
user.groups.add(editors_group)

# Check permissions in views
@login_required
def admin_panel(request):
    if request.user.has_perm('blog.can_publish_post'):
        # Show admin panel
        return render(request, 'admin/panel.html')
    else:
        messages.error(request, 'You do not have permission to access this page.')
        return redirect('home')

# Custom permission check
def can_edit_post(user, post):
    return user == post.author or user.has_perm('blog.can_edit_all_posts')

@login_required
def post_edit(request, pk):
    post = get_object_or_404(Post, pk=pk)
    if not can_edit_post(request.user, post):
        messages.error(request, 'You do not have permission to edit this post.')
        return redirect('post_detail', pk=pk)
    
    # Continue with edit logic...

User Authentication

60 min•By Priygop Team•Last updated: Feb 2026

Django Authentication System

Authentication Views & Forms

Example

# views.py
from django.contrib.auth import login, logout, authenticate
from django.contrib.auth.decorators import login_required
from django.contrib.auth.mixins import LoginRequiredMixin
from django.contrib.auth.forms import UserCreationForm, AuthenticationForm
from django.shortcuts import render, redirect
from .forms import CustomUserCreationForm

# User registration
def register(request):
    if request.method == 'POST':
        form = CustomUserCreationForm(request.POST)
        if form.is_valid():
            user = form.save()
            login(request, user)
            messages.success(request, 'Account created successfully!')
            return redirect('home')
    else:
        form = CustomUserCreationForm()
    
    return render(request, 'registration/register.html', {'form': form})

# User login
def user_login(request):
    if request.method == 'POST':
        form = AuthenticationForm(request, data=request.POST)
        if form.is_valid():
            username = form.cleaned_data.get('username')
            password = form.cleaned_data.get('password')
            user = authenticate(username=username, password=password)
            if user is not None:
                login(request, user)
                messages.success(request, f'Welcome back, {username}!')
                return redirect('home')
    else:
        form = AuthenticationForm()
    
    return render(request, 'registration/login.html', {'form': form})

# User logout
@login_required
def user_logout(request):
    logout(request)
    messages.info(request, 'You have been logged out.')
    return redirect('home')

# Profile view
@login_required
def profile(request):
    return render(request, 'registration/profile.html', {'user': request.user})

# Password change
from django.contrib.auth.forms import PasswordChangeForm

@login_required
def password_change(request):
    if request.method == 'POST':
        form = PasswordChangeForm(request.user, request.POST)
        if form.is_valid():
            user = form.save()
            update_session_auth_hash(request, user)
            messages.success(request, 'Password changed successfully!')
            return redirect('profile')
    else:
        form = PasswordChangeForm(request.user)
    
    return render(request, 'registration/password_change.html', {'form': form})

# Custom user model (optional)
from django.contrib.auth.models import AbstractUser
from django.db import models

class CustomUser(AbstractUser):
    bio = models.TextField(max_length=500, blank=True)
    birth_date = models.DateField(null=True, blank=True)
    avatar = models.ImageField(upload_to='avatars/', blank=True)
    
    def __str__(self):
        return self.username

# User permissions and groups
from django.contrib.auth.models import Group, Permission

# Create a group
editors_group, created = Group.objects.get_or_create(name='Editors')

# Add permissions to group
post_permissions = Permission.objects.filter(
    content_type__app_label='blog',
    content_type__model='post'
)
editors_group.permissions.set(post_permissions)

# Add user to group
user.groups.add(editors_group)

# Check permissions in views
@login_required
def admin_panel(request):
    if request.user.has_perm('blog.can_publish_post'):
        # Show admin panel
        return render(request, 'admin/panel.html')
    else:
        messages.error(request, 'You do not have permission to access this page.')
        return redirect('home')

# Custom permission check
def can_edit_post(user, post):
    return user == post.author or user.has_perm('blog.can_edit_all_posts')

@login_required
def post_edit(request, pk):
    post = get_object_or_404(Post, pk=pk)
    if not can_edit_post(request.user, post):
        messages.error(request, 'You do not have permission to edit this post.')
        return redirect('post_detail', pk=pk)
    
    # Continue with edit logic...

User Authentication

Django Authentication System

Authentication Views & Forms

Topics in This Module

User Authentication

Django Authentication System

Authentication Views & Forms

Topics in This Module