Skip to main content

Overview

The Aqua-IoT dashboard implements Django’s built-in authentication system to secure access to sensor data and monitoring capabilities. All dashboard features require authentication, ensuring that only authorized users can view and manage IoT sensor data.

Authentication Flow

The authentication system follows a straightforward workflow:
1

Access Protection

When accessing any dashboard page, the system checks if the user is authenticated
2

Automatic Redirect

Unauthenticated users are automatically redirected to the login page
3

Credential Validation

Users submit username and password credentials for verification
4

Session Creation

Upon successful authentication, Django creates a secure session
5

Dashboard Access

Authenticated users are redirected to the main dashboard with full access

Login Implementation

The login view handles user authentication with Django’s built-in authentication backend: 
# Login view from sensores/views.py:41
def userLogin(request):
  if request.POST:
     username = request.POST['username']
     password = request.POST['password']
     user = authenticate(username=username, password=password)
     if user is not None:
       if user.is_active:
         login(request, user)
         return redirect(home)
  else: 
    return render(request, "login.html", {})

How It Works

  1. GET Request: Displays the login form when accessed via GET request
  2. POST Request: Processes login credentials when form is submitted
  3. Authentication: Uses Django’s authenticate() function to verify credentials
  4. Active Check: Ensures the user account is active before granting access
  5. Session Start: Calls Django’s login() to create an authenticated session
  6. Redirect: Redirects to the home dashboard upon successful login
The authentication view is located at sensores/views.py:41 and is accessible at the /login/ URL route.

Logout Implementation

Users can securely end their session using the logout functionality: 
# Logout view from sensores/views.py:54
def logOut(request):
  logout(request)
  return render(request, "login.html", {})

Logout Process

  • Calls Django’s logout() function to terminate the user session
  • Clears all session data and authentication tokens
  • Returns the user to the login page for re-authentication
Logging out immediately terminates the session. Users will need to re-authenticate to access the dashboard.

Protected Routes

All main dashboard views require authentication before allowing access: 
# Authentication check from sensores/views.py:14
if request.user.is_authenticated:
    # Load and display sensor data
    # ...
else:    
    return redirect(userLogin)
Protected routes include:
  • / - Main dashboard (home view)
  • /temp-aquario/ - Aquarium temperature monitoring
  • /temp-plantas/ - Plant temperature monitoring
  • /umidade/ - Humidity monitoring
  • /nivel/ - Water level monitoring
  • /ldr/ - Light sensor monitoring
  • /tds/ - Water quality monitoring

API Authentication

The REST API endpoints also require authentication using Django REST Framework’s permission classes: 
# API authentication from sensores/views.py:98
class TemperaturaAquarioViewset(viewsets.ViewSet):
  permission_classes = (IsAuthenticated,)
  def create(self, request):
    serializer = TemperaturaAquarioSerializer(data=request.data)
    serializer.is_valid(raise_exception=True)            
    the_response = TemperaturaAquarioSerializer(serializer.save())
    return Response(the_response.data, status=status.HTTP_201_CREATED)
All API viewsets use IsAuthenticated permission class to ensure secure API access.

Protected API Endpoints

All REST API endpoints require authentication:

Aquarium Temperature

/api/temperatura-aquario/ - POST endpoint for aquarium temperature data

Plant Temperature

/api/temperatura-plantas/ - POST endpoint for plant temperature data

Humidity

/api/umidade/ - POST endpoint for humidity sensor data

Water Level

/api/nivel/ - POST endpoint for water level sensor data

Light Sensor

/api/ldr/ - POST endpoint for light sensor data

Water Quality

/api/tds/ - POST endpoint for TDS sensor data

Security Best Practices

Django automatically hashes passwords using PBKDF2 algorithm with SHA256. Never store or transmit passwords in plain text.
Django creates secure session cookies with HTTP-only flags. Sessions expire based on your Django settings configuration.
All POST requests include CSRF token validation to prevent cross-site request forgery attacks.
The authentication system verifies that user accounts are active (user.is_active) before granting access.

Authentication URL Routes

Authentication routes are defined in the URL configuration: 
# From sensores/urls.py:15-16
path('login/', views.userLogin, name='login'),
path('logout/', views.logOut, name='logout'),

Troubleshooting

  • Verify username and password are correct
  • Ensure the user account is active in Django admin
  • Check that the user exists in the database
  • Check session timeout settings in Django configuration
  • Verify browser allows cookies
  • Ensure session middleware is properly configured
  • Confirm authentication token is included in API requests
  • Verify the token is valid and not expired
  • Check that the user has necessary permissions

Next Steps

Monitoring Sensors

Learn how to monitor sensors after authentication

API Reference

Integrate IoT devices using authenticated API calls

Build docs developers (and LLMs) love

Get started for freeTalk to us