Bird
Raised Fist0
Djangoframework~5 mins

login_required decorator in Django

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Introduction

The login_required decorator makes sure only logged-in users can see certain pages. It helps keep parts of your website private.

You want to protect a user profile page so only the owner can see it.
You have a dashboard that should only be visible after logging in.
You want to stop visitors from accessing settings or account pages without signing in.
You want to redirect users to the login page if they try to visit a protected page.
You want to keep some pages hidden from users who are not signed in.
Syntax
Django
from django.contrib.auth.decorators import login_required

@login_required
def your_view(request):
    # your code here
    return HttpResponse('Hello, user!')

Place @login_required right above your view function.

It automatically redirects users to the login page if they are not logged in.

Examples
This protects the dashboard page so only logged-in users can see it.
Django
from django.contrib.auth.decorators import login_required

@login_required
def dashboard(request):
    return HttpResponse('Welcome to your dashboard!')
You can customize the login page URL if you don't want to use the default.
Django
from django.contrib.auth.decorators import login_required

@login_required(login_url='/custom-login/')
def profile(request):
    return HttpResponse('User profile page')
Use it with views that render templates to protect pages like settings.
Django
from django.contrib.auth.decorators import login_required

@login_required
def settings(request):
    return render(request, 'settings.html')
Sample Program

This view shows a secret message only if the user is logged in. Otherwise, it sends them to the login page.

Django
from django.http import HttpResponse
from django.contrib.auth.decorators import login_required

@login_required
def secret_page(request):
    return HttpResponse('This is a secret page for logged-in users only.')
OutputSuccess
Important Notes

Make sure LOGIN_URL is set in your Django settings or use the login_url parameter.

The decorator works only on function-based views, but you can use LoginRequiredMixin for class-based views.

It helps improve security by preventing unauthorized access easily.

Summary

login_required keeps pages private by allowing only logged-in users.

Use it by placing @login_required above your view functions.

It redirects users to the login page if they are not signed in.

Practice

(1/5)
1. What is the main purpose of the @login_required decorator in Django?
easy
A. To restrict access to a view only to logged-in users
B. To automatically log out users after a timeout
C. To display a custom error message on login failure
D. To register a new user in the system

Solution

  1. Step 1: Understand the role of @login_required

    This decorator is used to protect views so only authenticated users can access them.

  2. Step 2: Compare options with the decorator's function

    Only To restrict access to a view only to logged-in users correctly describes restricting access to logged-in users.

  3. Final Answer:

    To restrict access to a view only to logged-in users -> Option A

  4. Quick Check:

    login_required restricts access = D [OK]
Hint: Remember: login_required means login needed to see page [OK]
Common Mistakes:
  • Thinking it logs out users automatically
  • Confusing it with user registration
  • Assuming it shows error messages
2. Which of the following is the correct way to apply the @login_required decorator to a Django view function named dashboard?
easy
A. def login_required(dashboard):
B. @login_required\ndef dashboard(request):
C. dashboard = login_required(dashboard(request))
D. login_required @dashboard(request):

Solution

  1. Step 1: Recall the syntax for decorators in Python

    Decorators are placed above the function with an @ symbol, like @login_required.

  2. Step 2: Check which option uses this syntax correctly

    @login_required\ndef dashboard(request): correctly places @login_required above the function definition.

  3. Final Answer:

    @login_required\ndef dashboard(request): -> Option B

  4. Quick Check:

    Decorator syntax uses @ above function = A [OK]
Hint: Decorator always goes above function with @ [OK]
Common Mistakes:
  • Trying to call decorator like a function without @
  • Placing decorator after function definition
  • Using invalid syntax like 'login_required @dashboard'
3. Given this Django view code snippet, what happens when an anonymous user tries to access /profile/? 
@login_required
def profile(request):
    return HttpResponse('User Profile')
medium
A. The user is redirected to the login page
B. The user gets a 404 Not Found error
C. The user sees 'User Profile' page
D. The user sees a permission denied message

Solution

  1. Step 1: Understand what @login_required does for anonymous users

    It redirects users who are not logged in to the login page.

  2. Step 2: Match this behavior with the options

    The user is redirected to the login page correctly states the redirect to login page for anonymous users.

  3. Final Answer:

    The user is redirected to the login page -> Option A

  4. Quick Check:

    Anonymous user triggers redirect = C [OK]
Hint: Anonymous users get redirected, not error or content [OK]
Common Mistakes:
  • Assuming anonymous users see the page content
  • Thinking it returns 404 error
  • Believing it shows permission denied instead of redirect
4. Identify the error in this Django view using @login_required: 
from django.contrib.auth.decorators import login_required
from django.http import HttpResponse

@login_required()
def dashboard(request):
    return HttpResponse('Dashboard')
medium
A. Missing import for HttpResponse
B. Missing request parameter in function
C. Function name should be capitalized
D. Incorrect use of parentheses after @login_required

Solution

  1. Step 1: Check the decorator usage syntax

    @login_required is used without parentheses unless passing arguments.

  2. Step 2: Identify the incorrect parentheses usage

    Incorrect use of parentheses after @login_required points out the error of using @login_required() instead of @login_required.

  3. Final Answer:

    Incorrect use of parentheses after @login_required -> Option D

  4. Quick Check:

    Decorator without args has no () = B [OK]
Hint: Use @login_required without () unless arguments needed [OK]
Common Mistakes:
  • Adding parentheses when not required
  • Forgetting to import HttpResponse (not tested here)
  • Changing function name case unnecessarily
5. You want to protect a class-based view DashboardView so only logged-in users can access it. Which is the correct way to apply login_required?
hard
A. Call login_required inside the dispatch method manually
B. Add @login_required above the class definition
C. Use LoginRequiredMixin as a parent class instead of login_required
D. Wrap the class with login_required(DashboardView) after defining it

Solution

  1. Step 1: Recall how to protect class-based views in Django

    For class-based views, Django provides LoginRequiredMixin to enforce login.

  2. Step 2: Evaluate the options for class-based view protection

    Use LoginRequiredMixin as a parent class instead of login_required correctly uses LoginRequiredMixin as a parent class, which is the standard pattern.

  3. Final Answer:

    Use LoginRequiredMixin as a parent class instead of login_required -> Option C

  4. Quick Check:

    Class views use mixins, not decorators = A [OK]
Hint: Use LoginRequiredMixin for class views, not @login_required [OK]
Common Mistakes:
  • Trying to decorate class directly with @login_required
  • Wrapping class after definition with login_required
  • Manually calling login_required inside methods