How can I not use Django's admin login view?

Question

I created my own view for login. However if a user goes directly to /admin it brings them to the admin login page and doesn\'t use my custom view. How can I make it redirect

Answer 1

While @Isaac's solution should reject majority of malicious bots, it doesn't provide protection for professional penetrating. As a logged in user gets the following message when trying to login to admin:

We should instead use the admin decorator to reject all non-privileged users:

from django.contrib.admin.views.decorators import staff_member_required
from django.contrib import admin
[ ... ]
admin.site.login = staff_member_required(admin.site.login, login_url=settings.LOGIN_URL)

To the best of my knowledge, the decorator was added in 1.9.

Answer 2

http://blog.montylounge.com/2009/07/5/customizing-django-admin-branding/ (web archive)

I'm trying to solve exactly this problem and I found the solution at this guys blog. Basically, override the admin template and use your own template. In short, just make a file called login.html in /path-to-project/templates/admin/ and it will replace the admin login page. You can copy the original (django/contrib/admin/templates/login.html) and modify a line or two. If you want to scrap the default login page entirely you can do something like this:

{% extends "my-login-page.html" %}

There it is. One line in one file. Django is amazing.

Answer 3

I found that the answer above does not respect the "next" query parameter correctly.

An easy way to solve this problem is to use a simple redirect. In your site's urls file, immediately before including the admin urls, put a line like this:

   url(r'^admin/login$', RedirectView.as_view(pattern_name='my_login_page', permanent=True, query_string=True))

Answer 4

This is my solution with custom AdminSite class:

class AdminSite(admin.AdminSite):

    def _is_login_redirect(self, response):
        if isinstance(response, HttpResponseRedirect):
            login_url = reverse('admin:login', current_app=self.name)
            response_url = urllib.parse.urlparse(response.url).path
            return login_url == response_url
        else:
            return False

    def admin_view(self, view, cacheable=False):
        inner = super().admin_view(view, cacheable)

        def wrapper(request, *args, **kwargs):
            response = inner(request, *args, **kwargs)
            if self._is_login_redirect(response):
                if request.user.is_authenticated():
                    return HttpResponseRedirect(settings.LOGIN_REDIRECT_URL)
                else:
                    return redirect_to_login(request.get_full_path(), reverse('accounts_login'))
            else:
                return response

        return wrapper

Answer 5

From http://djangosnippets.org/snippets/2127/—wrap the admin login page with login_required. For example, in urls.py:

from django.contrib.auth.decorators import login_required
from django.contrib import admin
admin.autodiscover()
admin.site.login = login_required(admin.site.login)

You probably already have the middle two lines and maybe even the first line; adding that fourth line will cause anything that would have hit the admin.site.login function to redirect to your LOGIN_URL with the appropriate next parameter.

Answer 6

In your ROOT_URLCONF file (by default, it's urls.py in the project's root folder), is there a line like this:

urlpatterns = patterns('',
...
    (r'^admin/', include(admin.site.urls)),
...
)

If so, you'd want to replace include(admin.site.urls) with the custom view you created:

(r'^admin/', 'myapp.views.myloginview'),

or if your app has its own urls.py, you could include it like this:

(r'^admin/', include(myapp.urls)),