Hacker Newsnew | comments | show | ask | jobs | submit login

Interesting. As a Rails guy, I'm a bit envious of a nice default authentication component being built in as long as it's possible to override.



I've used both pretty extensively. The authentication system in Django isn't something to be that jealous of. It's not that it's bad or anything, it's that sites have very different authentication needs and it isn't a lot of code. Examples: some sites need email verification, some don't; some sites want authentication by email address, others username; some sites want usernames, some don't (ala Facebook). And, it's important to note, Django really only takes care of the model part (it doesn't provide the templates and controllers/views). Creating a User model in Rails isn't that hard.

The main reason (in my opinion) that Django has an authentication component is because it has an admin section. That requires authentication. The admin section is something to be jealous of because it's a lot harder to duplicate. Creating a user model isn't that hard. While there have been Rails projects trying to implement an admin system as nice as Django's, they aren't as nice and clean as I'd like. And that's a lot more complex than a simple User model.

And yes, I'm aware that one can do lots of things to extend the Django User model. Examples: while the User model doesn't require an email, you could have the form you build require an email; in Django 1.2, you can have "@" and other email characters in usernames and then just reference the username attribute rather than the email attribute when you want the email; in your controller/view, you could first search for the user by email and, if found, grab the username from that object to pass to the authenticate method. It's more that a User model isn't such an incredibly complex piece of code and I find that different sites often want slightly different things that make it just easier to make one's own.

TL;DR: Be jealous of the admin section, not the authentication system.

-----


Perhaps I misunderstand your assertion, but I do want to clarify that django does provide views for user management in django.contrib.auth.views. It includes login, logout, and password reset/change views. Granted, it doesn't include templates, but those are pretty straightforward and site-specific anyway.

-----




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: