MCPcopy
hub / github.com/django/django / login

Function login

django/contrib/auth/__init__.py:153–183  ·  view source on GitHub ↗

Persist a user id and a backend in the request. This way a user doesn't have to reauthenticate on every request. Note that data set during the anonymous session is retained when the user logs in.

(request, user, backend=None)

Source from the content-addressed store, hash-verified

151
152
153def login(request, user, backend=None):
154 """
155 Persist a user id and a backend in the request. This way a user doesn't
156 have to reauthenticate on every request. Note that data set during
157 the anonymous session is retained when the user logs in.
158 """
159 session_auth_hash = user.get_session_auth_hash()
160
161 if SESSION_KEY in request.session:
162 if _get_user_session_key(request) != user.pk or (
163 session_auth_hash
164 and not constant_time_compare(
165 request.session.get(HASH_SESSION_KEY, ""), session_auth_hash
166 )
167 ):
168 # To avoid reusing another user's session, create a new, empty
169 # session if the existing session corresponds to a different
170 # authenticated user.
171 request.session.flush()
172 else:
173 request.session.cycle_key()
174
175 backend = _get_backend_from_user(user=user, backend=backend)
176
177 request.session[SESSION_KEY] = user._meta.pk.value_to_string(user)
178 request.session[BACKEND_SESSION_KEY] = backend
179 request.session[HASH_SESSION_KEY] = session_auth_hash
180 if hasattr(request, "user"):
181 request.user = user
182 rotate_token(request)
183 user_logged_in.send(sender=user.__class__, request=request, user=user)
184
185
186async def alogin(request, user, backend=None):

Callers 1

_loginMethod · 0.90

Calls 10

constant_time_compareFunction · 0.90
rotate_tokenFunction · 0.90
_get_user_session_keyFunction · 0.85
_get_backend_from_userFunction · 0.85
get_session_auth_hashMethod · 0.80
getMethod · 0.45
flushMethod · 0.45
cycle_keyMethod · 0.45
value_to_stringMethod · 0.45
sendMethod · 0.45

Tested by

no test coverage detected