Home/ Questions/Q 6575587
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-25T15:24:19+00:00

I have something pretty simple which I’ve thrown together. I have a little form

  • 0

I have something pretty simple which I’ve thrown together. I have a little form like this:

<form id="loginForm" action>
    <input name="email_address" type="text" placeholder="Email">
    <input name="password" type="password">
    <a id="loginButton">Login</a>
</form>

My JavaScript does the following:

$("#loginButton").click(function(){
    $.post("/login/",$("#loginForm").serialize(), function(data) {
        console.log("login.");
    });
});

I’ve written a custom Django authentication backend:

from my.custom.project.models import User

class MyBackend:

    def authenticate(self, email_address=None, password=None):
        print "Trying to auth"
        try:
            return User.objects.get(email_address=email_address, password=password)
        except User.DoesNotExist:
            return None

    def get_user(self, user_id):
        try:
            return User.objects.get(pk=user_id)
        except User.DoesNotExist:
            return None

I have this configured in my settings.py like so:

AUTHENTICATION_BACKENDS = (
    "my.custom.project.auth.MyBackend",
)

In my actual view for the /login/ path, here’s what I have:

from django.contrib import auth

def login(request):
    print "Trying to auth..."
    email_address = request.POST['email_address']
    password = request.POST['password']

    user = auth.authenticate(email_address=email_address, password=password)

    if user != None:
        auth.login(request, user)

    direct_to_template(request, "my/login/template.json")

Here’s my URL map:

from django.conf.urls.defaults import * 
from django.contrib import admin
from django.contrib.staticfiles.urls import staticfiles_urlpatterns

admin.autodiscover()

urlpatterns = staticfiles_urlpatterns

urlpatterns += patterns('',
    (r'^admin/', include(admin.site.urls)),
    (r'^admin/doc', include('django.contrib.admindocs.urls')),
)

urlpatterns += patterns('my.project.views',
    (r'^$', 'root'),
    (r'^login/?$', 'login'),
    (r'^logout/?$', 'logout'),
)

Can anyone see what I’m doing wrong here? All I get in the Django server output is:

[16/Sep/2011 20:17:47] "POST /login/ HTTP/1.1" 403 2326

Am I taking crazy pills? What did I overlook?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    It was all because of Django’s built-in CSRF system: https://docs.djangoproject.com/en/dev/ref/contrib/csrf/

    • 0