Android Studio app using Django back-end login authentication? -
i've been working on android app using android studio using django backend. web application in place want make app in android it.
the problem running in to, because i'm new app development, login authentication. i've researched on topic here , understand theoretically how should go doing this, have not been successful in logging in app.
the problem have this:
- i csrf token authentication failure. states cookie not set. understand post request return this.
- i getting success transition in dopost method.
i lost in how check if have logged in or not. , solution thought of cookie not being set request, parse cookie string , pass in post request. i'm not sold on being best strategy. bigger problem not being able tell if have logged in or not. how can check that? have read posts on kind of explaining how beginner hard translate code. how check if user authenticated? , appreciated.
public class userlogintask extends asynctask<void, void, boolean> { private final string memail; private final string mpassword; userlogintask(string email, string password) { memail = email; mpassword = password; } @override protected boolean doinbackground(void... params) { arraylist<namevaluepair> postparameters = new arraylist<namevaluepair>(); postparameters.add(new basicnamevaluepair("username", memail)); postparameters.add(new basicnamevaluepair("password", mpassword)); string response = null; string get_response = null; try { response = simplehttpclient.executehttppost(localloginurl, postparameters); log.d("login activity","post response is: " + response); } catch (exception e) { log.d("login activity","error is: " + e.tostring()); e.printstacktrace(); return false; } return true; } public static string executehttppost(string url, arraylist<namevaluepair> postparameters) throws exception { bufferedreader in = null; try { httpclient client = gethttpclient(); httppost request = new httppost(url); urlencodedformentity formentity = new urlencodedformentity(postparameters); request.setentity(formentity); httpresponse response = client.execute(request); in = new bufferedreader(new inputstreamreader(response.getentity().getcontent())); stringbuffer sb = new stringbuffer(""); string line = ""; string nl = system.getproperty("line.separator"); while ((line = in.readline()) != null) { sb.append(line + nl); } in.close(); string result = sb.tostring(); return result; } { if (in != null) { try { in.close(); } catch (ioexception e) { e.printstacktrace(); } } } }
the django view:
def login_view(request): # login page view form = login_form() if request.method == 'post': form = login_form(request.post) if form.is_valid(): # check if form valid user = authenticate( username=form.cleaned_data['username'], password=form.cleaned_data['password']) # authenthicate username , password login(request, user) # login user # once logged in redirect home page response = httpresponseredirect("/"+some_user_url+"/home") print "user key is: %s" % some_user_key response.set_cookie('some_user_key', value=some_user_value, max_age=some_max_age, secure=session_cookie_secure, httponly=false) return response else: form = login_form() # display empty form return render(request, "login.html", { # loads template , sends values template tags 'form': form, })
i know questions asked quite long time ago but, since there's no answer, , i'm working quite intensively django recently, thought share basic knowledge, hoping of others.
the way dealing csrf token correct one: first perform of login page give csrf token in cookie. store cookie , csrf token , embed them in following post request, authentication data. if 200 ok server means correctly used csrf token, , awesome start :)
in order troubleshoot whether user has logged in or not, whether it's credentials accepted, can print out payload of http response obtained server.
i use function prints me response of server in case error code greater 400. code following:
public static boolean printhttperrormsg(httpurlconnection c) { boolean error = false; stringbuilder builder = new stringbuilder(); try { builder.append(c.getresponsecode()); builder.append("\n"); builder.append(c.getresponsemessage()); system.out.println("response code server"); system.out.println(builder); inputstream _is; if(c.getresponsecode()>=400){ error = true; _is = c.geterrorstream(); final bufferedreader reader = new bufferedreader( new inputstreamreader(_is)); string line; while ((line = reader.readline()) != null) { system.out.println(line); } reader.close(); } } catch (exception e) { e.printstacktrace(); } return error; }
you need tweak because when 200 ok server, there's no errorstream inputstream. if change if condition =200 , replace geterrorstream() getinputstream() you'll see in log content of response of server. typically, if login failed, response contain html code of login page error message saying provided wrong credentials.
hope helps
Comments
Post a Comment