class PasswordChangeForm A form for allowing a user to change their password.

confirm_login_allowed(user) By default, AuthenticationForm rejects users whose is_active flag is set to False. You may override this behavior with a custom policy to determine which users can log in. Do this with a custom form that subclasses AuthenticationForm and overrides the confirm_login_allowed() method. This method should raise a ValidationError if the given user may not log in. For example, to allow all users to log in regardless of “active” status: from django.contrib.auth.forms imp

class AuthenticationForm A form for logging a user in. Takes request as its first positional argument, which is stored on the form instance for use by sub-classes. confirm_login_allowed(user) By default, AuthenticationForm rejects users whose is_active flag is set to False. You may override this behavior with a custom policy to determine which users can log in. Do this with a custom form that subclasses AuthenticationForm and overrides the confirm_login_allowed() method. This method shoul

class AdminPasswordChangeForm A form used in the admin interface to change a user’s password. Takes the user as the first positional argument.

user_passes_test(test_func, login_url=None, redirect_field_name='next') [source] As a shortcut, you can use the convenient user_passes_test decorator which performs a redirect when the callable returns False: from django.contrib.auth.decorators import user_passes_test def email_check(user): return user.email.endswith('@example.com') @user_passes_test(email_check) def my_view(request): ... user_passes_test() takes a required argument: a callable that takes a User object and returns

permission_required(perm, login_url=None, raise_exception=False) [source] It’s a relatively common task to check whether a user has a particular permission. For that reason, Django provides a shortcut for that case: the permission_required() decorator.: from django.contrib.auth.decorators import permission_required @permission_required('polls.can_vote') def my_view(request): ... Just like the has_perm() method, permission names take the form "<app label>.<permission codename&g

login_required(redirect_field_name='next', login_url=None) [source] As a shortcut, you can use the convenient login_required() decorator: from django.contrib.auth.decorators import login_required @login_required def my_view(request): ... login_required() does the following: If the user isn’t logged in, redirect to settings.LOGIN_URL, passing the current absolute path in the query string. Example: /accounts/login/?next=/polls/3/. If the user is logged in, execute the view normally. The

auth() [source] If this processor is enabled, every RequestContext will contain these variables: user – An auth.User instance representing the currently logged-in user (or an AnonymousUser instance, if the client isn’t logged in). perms – An instance of django.contrib.auth.context_processors.PermWrapper, representing the permissions that the currently logged-in user has.

RemoteUserBackend.user_can_authenticate() New in Django 1.10. Returns whether the user is allowed to authenticate. This method returns False for users with is_active=False. Custom user models that don’t have an is_active field are allowed.

RemoteUserBackend.create_unknown_user True or False. Determines whether or not a User object is created if not already in the database. Defaults to True.