Admin page on django is broken

Question

I've set up a django project with an admin page. It worked perfectly for the first couple weeks of development, didn't use the admin page for a while, and when I came back to it, the admin page was broken. No matter what I do, it won't allow me to log in.

After entering username and PW, the admin page always says:

Please enter a correct username and password. Note that both fields are case-sensitive.

I've checked the DB: the superuser exists and has is_active, is_superuser, and is_staff all True. I've used the shell to make sure the password is correct. I've flushed, deleted, and re-created the database multiple times to make sure there's no mistake. I've also doublechecked the middleware, urls, INSTALLED_APPS, etc to make sure they're all set up properly.

As far as I can tell, the admin pages work perfectly except that they never let anyone log in.

Any ideas what's going on here, or other methods for trying to debug? I'm really baffled by this bug.

PS: In case it matters, I'm using South for DB migrations, django-social-auth for FB logins, and separate local_settings.py for production and development (I've checked them both -- the conflict isn't there.)

What happens if you create your own login page using the auth.views.login() view? — JeffS, Jan 13 '12 at 01:08
Looks like pretty much the same issue: "Your username and password didn't match. Please try again." — Abe, Jan 13 '12 at 01:21
To get the django-social-auth working for FB logins, did you modify any of the code that could be changing the way the system runs authenticate() and login()? Also, in the weeks of development, have you removed and recreated the project, such that settings.py's SECRET_KEY = '...' has changed? I think this key is used to decrypt the password, but I'm not positive. — Furbeenator, Jan 13 '12 at 01:23
Not that I know of. I added a view and a model, plus some entries in settings.py, but nothing else that I can remember. — Abe, Jan 13 '12 at 01:25
On SECRET_KEY... Yes, I switched repos, and when I did, I ran django-admin startproject again. So my PWs are hashed differently now. But I would have thought that creating a new superuser and/or completely flushing and re-creating the DB would solve that problem. BTW, I'm using sqlite in development, in case that's important. — Abe, Jan 13 '12 at 01:30
maybe this helps : https://stackoverflow.com/a/55546476/6131019 — Abilogos, Dec 25 '20 at 21:01

score 34 · Accepted Answer · answered Jan 13 '12 at 02:56

34

This problem may be related to the Authentication Backends. Please check your settings files for the AUTHENTICATION_BACKENDS parameter.

Try the following value:

AUTHENTICATION_BACKENDS = (
    ('django.contrib.auth.backends.ModelBackend'),
)

More information on the Official Django Documentation

answered Jan 13 '12 at 02:56

Andrea Di Persio

3,246
2
24
23

1

Bingo. That was the problem -- when I added django-social-auth, it included a whole list of authentication backends, including django.contrib.auth.backends.ModelBackend. I commented out all the rows I didn't plan to use, without noticing that I was commenting out that one as well. – Abe Jan 13 '12 at 04:45

score 3 · Answer 2 · answered Jan 13 '12 at 01:42

3

Try this; in tests.py:

from django.contrib import auth

class AuthTestCase(TestCase):
    def setUp(self):
        self.u = User.objects.create_user('test@dom.com', 'test@dom.com', 'pass')
        self.u.is_staff = True
        self.u.is_superuser = True
        self.u.is_active = True
        self.u.save()

    def testLogin(self):
        self.client.login(username='test@dom.com', password='pass')

Then run the test with python manage.py test <your_app_name>.AuthTestCase. If this passes, the system is working, maybe look at the username and password to make sure they are acceptable.

answered Jan 13 '12 at 01:42

Furbeenator

8,106
4
46
54

2

The test works -- returns OK. But the login on the site still doesn't work. I've checked the password in the shell, using check_password, and it returns True. Here's something even stranger: if I enter my email address instead of the superuser name, I get "Your e-mail address is not your username. Try 'agong' instead." So it's clearly able to access the record in the DB -- it just won't let me log in. – Abe Jan 13 '12 at 01:55

score 2 · Answer 3 · answered Dec 24 '17 at 20:49

I had the same issue, but AUTHENTICATION_BACKENDS flag on settings file was not the problem for me. Using Django Rest Framework somehow i had modified the password without calling set_password therefore bypassing hashing the password. That's why it was showing the invalid login.

I was able to detect the issue by running simple test in order to test the user creation by a similar test:

from django.test import TestCase

from django.contrib import auth
from .models import *

class AuthTestCase(TestCase):
    def setUp(self):
        self.u = UserProfile.objects.create_user('test@dom.com', 'iamtest', 'pass')
        self.u.is_staff = True
        self.u.is_superuser = True
        self.u.is_active = True
        self.u.save()

    def testLogin(self):
        self.client.login(username='test@dom.com', password='pass')

It is also worth mentioning that I was creating a custom user named UserProfile

score 1 · Answer 4 · answered Oct 22 '20 at 10:54

1

Are you using a custom user model and forgot add it in settings.py? That is what just happened to me.

# Substituting a custom User model

AUTH_USER_MODEL = "app_custom_auth.User"

answered Oct 22 '20 at 10:54

Nik

9,063
7
66
81

score 1 · Answer 5 · edited Dec 21 '22 at 15:50

1

You just need to delete the db.sqlite3 and migrate again (python manage.py migrate) then do:

python manage.py createsuperuser

to create the account again.

edited Dec 21 '22 at 15:50

Antoine

1,393
4
20
26

answered Dec 15 '22 at 06:48

Sajith S

11
1

This temporarily fixed my problem. Is there a way to do this without deleting db.sqlite3 because I lose all the user accounts? – Ozer Ozdal Apr 21 '23 at 18:41

score 0 · Answer 6 · answered Mar 05 '13 at 12:48

0

You can do the following:

Enter your mysql (or other database console)
USE YourDATABASE;
SELECT * from auth_user;
watch is_staff and is_superuser item
UPDATE auth_user SET is_staff = "1" where username = "root";

Then you can login again!

answered Mar 05 '13 at 12:48

tianwei

39
4

score 0 · Answer 7 · answered Jan 14 '22 at 04:24

The answer is :

def create_superuser(self, username, email, password=None, **extra_fields):
    user = self.create_user(username, email, password=password, is_staff=True, **extra_fields)
    user.is_active = True
    user.save(using=self._db)
    return

Super Kai - Kazuya Ito · Answer 8 · 2023-08-02T19:21:09.087

is_active and is_staff must be True to log in Django Admin so in these cases below, you can log in Django Admin:

is_active   ✅
is_staff    ✅
is_superusr

is_active   ✅
is_staff    ✅
is_superusr ✅

In addition, even if is_superusr is True, you cannot log in Django Admin in these cases below because making is_superusr True gives the user all permissions except logging in Django Admin:

is_active
is_staff    ✅
is_superusr ✅

is_active   ✅
is_staff
is_superusr ✅

is_active
is_staff
is_superusr ✅

Admin page on django is broken

8 Answers8

Linked