I am building a SPA using Django and Backbone. Until now most of my templates have been on the Django side, but I'm now moving to templating with Backbone/Underscore. The only thing I'm unsure about is how to manage page reload with respect to authentication.
I do not have a separate login page, but rather a dropdown login form on the app's menu bar (a Bootstrap navbar), which makes $.ajax
requests for login/out actions. I want to keep the app interface publicly available, and only render certain components (load, save, export buttons) when a user is logged in, hiding them when logged out. A page reload obviously has to be aware of whether the user is logged in or not. This is how I'm managing it in my Django template:
<nav class="navbar navbar-default navbar-fixed-top">
<div class="container">
<!-- Menu left -->
<ul class="nav navbar-nav">
<!-- li components... -->
</ul>
<!-- Menu right -->
<ul class="nav navbar-nav pull-right" id="navbar-right">
{% if user.is_authenticated %}
<!-- If user is logged in render 'My Account' and 'Logout' components -->
<li id='menu-account'><a href='#'>My Account</a></li>
<li id='menu-logout'><a href='#'>Logout</a></li>
{% else %}
<!-- If logged out render the login form -->
<li id="menu-register"><a href="#">Register</a></li>
<li class="dropdown" id="menu-login">
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false" id="nav-login">Login</a>
<div class="dropdown-menu pull-right">
<form role="form" id="form-login" action="login/" method="POST">
<input class="form-control" name="username" id="username" placeholder="Username" type="text"><br>
<input class="form-control" name="password" id="password" placeholder="Password" type="password"><br>
<button type="submit" id="btn-login" class="btn btn-default">Login</button>
</form>
</div>
</li>
{% endif %}
</ul>
</div>
</nav>
This works very nicely, with the Django template tags taking care of the conditional rendering. An underscore version likely wouldn't look much different, but how do I determine whether the user is logged in/out from the client side? I'm thinking of just adding a response header for this, but is there a built-in Django way of doing it? I've looked at the login_required
view decorator, but that seems to require a redirect for when the user is logged out.