Unable Log in to the Django Admin Page With a Valid Username and Password

Unable log in to the django admin page with a valid username and password

Steps to debug:

• Make sure that your Database is synced
  
  
  • Double check that you have a django_session table
• Try to authenticate
  
  
  • Do you see a record being created in the django_session table?

IF NOT

• remove non-standard settings
  
  
  • AUTHENTICATION_BACKENDS = ('django.contrib.auth.backends.ModelBackend',)
  • SESSION_EXPIRE_AT_BROWSER_CLOSE = True
  • SESSION_SAVE_EVERY_REQUEST = True
  • SESSION_COOKIE_AGE = 86400 # sec
  • SESSION_COOKIE_DOMAIN = None
  • SESSION_COOKIE_NAME = 'DSESSIONID'
  • SESSION_COOKIE_SECURE = False
• Make sure that your Database is synced
  
  
  • Double check that you have a django_session table
• Try to authenticate
  
  
  • Do you see a record being created in the django_session table?

Let me know if this turns up any useful debug.

Sample settings file: https://github.com/fyaconiello/Django-Blank-Bare-Bones-CMS/blob/master/dbbbcms/settings.py

Not able to log in to the django admin page with a valid username and password

Your settings file seems fine. Are you using Gunicorn with multiple workers, If yes than try with single worker only. Actually sessions won't transfer between multiple workers unless you bring some middle layer storage component to it like memcached or redis. Faced same issue some time back. Hope it solves your problem :)

Can't login to Django /admin interface

Not too sure on this, but syncdb might remove the superuser you just created. Try creating a superuser when syncdb prompts you to.

Otherwise, take a look at the user model in ./manage.py shell. Check User.objects.all()[0].is_superuser.

Can't login to Django admin panel

The problem is that you don't handle the password properly in your create_user method. Passwords are obviously supposed to be hashed. when you write self.model(deviceId=deviceId, **extra_fields) you are simply setting the plain text value received from the user as the password!

When one tries to authenticate Django hashes the password received and tries to match that with the value in the database, which for you will obviously fail. As a reference check this particular line [Github code] which is how the password is set in the builtin user model.

To fix this you would have to change your create_user and create_superuser method like so:

from django.contrib.auth.hashers import make_password


def create_user(self, deviceId, password, **extra_fields):
    """
    Create and save a User with the given email and password.
    """
    if not deviceId:
        raise ValueError('The device id must be set')

    user = self.model(deviceId=deviceId, **extra_fields)
    user.password = make_password(password)
    user.save()
    return user

def create_superuser(self, deviceId, password, **extra_fields):
    """
    Create and save a SuperUser with the given email and password.
    """
    extra_fields.setdefault('is_staff', True)
    extra_fields.setdefault('is_superuser', True)
    extra_fields.setdefault('is_active', True)

    if extra_fields.get('is_staff') is not True:
        raise ValueError('Superuser must have is_staff=True.')
    if extra_fields.get('is_superuser') is not True:
        raise ValueError('Superuser must have is_superuser=True.')
    return self.create_user(deviceId, password, **extra_fields)

Note: Also don't set max_length=255 for the password. No matter how long a password is provided only 128 characters are going to be
stored in the database due to hashing. So you should be setting
max_length=128 on the password field.

---

Related Topics