to check user password is correct in django rest framework

Question

I'm writing a custom login functionality in the Django rest framework. But I can't check if the password is correct or not.

class LoginView(APIView):
def post(self, request):
    username=request.data["username"]
    password=request.data["password"]
    user=User.objects.filter(username=username)
    if user is None:
        return Response({"response":"No User exist"})
    if user.check_password(password):
        return Response({"response":"correct Password"})
    return Response({"data":"done"})

the problem is check_password function is not working.Is there any right way to do that or do I miss something in between?

`filter()` will always return a QuerySet. If you want to get one user, use `get()` or any other method that returns one object. — Klaus D., Aug 18 '22 at 14:03

score 1 · Answer 1 · answered Aug 18 '22 at 21:51

Take a look at this one:

def login(request):
    if request.method == 'POST':
        username = request.POST['username']
        password = request.POST['password']
        user = auth.authenticate(request, username=username, password=password)
        if user is not None:
            auth.login(request, user)
            return redirect('Home')
        else:
            messages.info(request, 'Invalid Credential') 
            return redirect('login')
    else:        
        return render(request, 'login.html')

pass this in your template:

<div class="text-center text-danger">
     {% for message in messages %}
          <h5>{{ message }}</h5>
      {% endfor %}
   <br>
</div>

Carlos Osvaldo Chao Cortes · Answer 2 · 2022-08-18T14:27:55.430

0

Check the documentation here https://docs.djangoproject.com/en/4.1/topics/auth/passwords/#django.contrib.auth.hashers.check_password

You need to compare the plain password in request.data["password"], with the password of the user in the DB.

from django.contrib.auth import authenticate

class LoginView(APIView):
def post(self, request):
    username=request.data["username"]
    password=request.data["password"]
    user = authenticate(request, username=username, password=password)
    if user is None:
        return Response({"response":"No User exist"})
    else:
        return Response({"response":"correct Password"})

edited Aug 18 '22 at 14:27

answered Aug 18 '22 at 14:06

Carlos Osvaldo Chao Cortes

67
6

You are right, my bad, i update de answer in order to use authenticate function. – Carlos Osvaldo Chao Cortes Aug 18 '22 at 14:24

score 0 · Answer 3 · answered Aug 19 '22 at 05:26

Fixed this issue by making an updation, I changed the filter() to get(), as filter() will return a query set but get () will return an object.

Updated Code :

class LoginView(APIView):
def post(self, request):
    username=request.data["username"]
    password=request.data["password"]
    user=User.objects.get(username=username)
    if user is None:
        return Response({"response":"No User exist"})
    if not user.check_password(password):
        return Response({"response":"incorrect Password"})
    return Response({"data":"done"})

If anyone still couldn't understand the difference of both functions (get and filter). Please check out the link Difference between Django's filter() and get() methods.

Thanks everyone who helps for the solution.

to check user password is correct in django rest framework

3 Answers3