Admin page on django is broken

23
votes

I've set up a django project with an admin page. It worked perfectly for the first couple weeks of development, didn't use the admin page for a while, and when I came back to it, the admin page was broken. No matter what I do, it won't allow me to log in.

After entering username and PW, the admin page always says:

Please enter a correct username and password. Note that both fields are case-sensitive.

I've checked the DB: the superuser exists and has is_active, is_superuser, and is_staff all True. I've used the shell to make sure the password is correct. I've flushed, deleted, and re-created the database multiple times to make sure there's no mistake. I've also doublechecked the middleware, urls, INSTALLED_APPS, etc to make sure they're all set up properly.

As far as I can tell, the admin pages work perfectly except that they never let anyone log in.

Any ideas what's going on here, or other methods for trying to debug? I'm really baffled by this bug.

PS: In case it matters, I'm using South for DB migrations, django-social-auth for FB logins, and separate local_settings.py for production and development (I've checked them both -- the conflict isn't there.)

5
djangodjango-admin
What happens if you create your own login page using the auth.views.login() view? - JeffS
Looks like pretty much the same issue: "Your username and password didn't match. Please try again." - Abe
To get the django-social-auth working for FB logins, did you modify any of the code that could be changing the way the system runs authenticate() and login()? Also, in the weeks of development, have you removed and recreated the project, such that settings.py's SECRET_KEY = '...' has changed? I think this key is used to decrypt the password, but I'm not positive. - Furbeenator
Not that I know of. I added a view and a model, plus some entries in settings.py, but nothing else that I can remember. - Abe
On SECRET_KEY... Yes, I switched repos, and when I did, I ran django-admin startproject again. So my PWs are hashed differently now. But I would have thought that creating a new superuser and/or completely flushing and re-creating the DB would solve that problem. BTW, I'm using sqlite in development, in case that's important. - Abe

5 Answers

26
votes

This problem may be related to the Authentication Backends. Please check your settings files for the AUTHENTICATION_BACKENDS parameter.

Try the following value:

AUTHENTICATION_BACKENDS = (
    ('django.contrib.auth.backends.ModelBackend'),
)

More information on the Official Django Documentation

2
votes

Try this; in tests.py:

from django.contrib import auth

class AuthTestCase(TestCase):
    def setUp(self):
        self.u = User.objects.create_user('[email protected]', '[email protected]', 'pass')
        self.u.is_staff = True
        self.u.is_superuser = True
        self.u.is_active = True
        self.u.save()

    def testLogin(self):
        self.client.login(username='[email protected]', password='pass')

Then run the test with python manage.py test <your_app_name>.AuthTestCase. If this passes, the system is working, maybe look at the username and password to make sure they are acceptable.

1
votes

I had the same issue, but AUTHENTICATION_BACKENDS flag on settings file was not the problem for me. Using Django Rest Framework somehow i had modified the password without calling set_password therefore bypassing hashing the password. That's why it was showing the invalid login.

I was able to detect the issue by running simple test in order to test the user creation by a similar test:

from django.test import TestCase

from django.contrib import auth
from .models import *

class AuthTestCase(TestCase):
    def setUp(self):
        self.u = UserProfile.objects.create_user('[email protected]', 'iamtest', 'pass')
        self.u.is_staff = True
        self.u.is_superuser = True
        self.u.is_active = True
        self.u.save()

    def testLogin(self):
        self.client.login(username='[email protected]', password='pass')

It is also worth mentioning that I was creating a custom user named UserProfile

1
votes

Are you using a custom user model and forgot add it in settings.py? That is what just happened to me.

# Substituting a custom User model

AUTH_USER_MODEL = "app_custom_auth.User"
0
votes

You can do the following:

  • Enter your mysql (or other database console)
  • USE YourDATABASE;
  • SELECT * from auth_user;
  • watch is_staff and is_superuser item
  • UPDATE auth_user SET is_staff = "1" where username = "root";

Then you can login again!