Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/LucPinheiro/gestor-tarea-django/llms.txt

Use this file to discover all available pages before exploring further.

Gestor de Tareas Django delegates all authentication to Django’s built-in authentication framework. There are no custom login models, no API tokens, and no third-party OAuth providers — just the standard User model, session cookies, and LoginView/LogoutView class-based views wired up in mi_proyecto/urls.py. This keeps the security surface small and lets you manage users entirely through the Django admin.

Logging In

The login page is served at the root URL / using Django’s built-in LoginView with a custom template.
http://127.0.0.1:8000/
The URL pattern in mi_proyecto/urls.py is:
path('', auth_views.LoginView.as_view(
    template_name='tareas/login.html'
), name='login'),
1

Open the login page

Navigate to http://127.0.0.1:8000/. Unauthenticated users land here automatically when they try to access any protected view.
2

Enter your credentials

The login form accepts the standard Django User model fields:
username
string
required
The unique username assigned when the account was created.
password
string
required
The account password. Django stores passwords as salted hashes — they are never stored or transmitted in plain text.
3

Submit and redirect

On successful authentication, Django creates a session and redirects the browser to LOGIN_REDIRECT_URL, which is set to /tareas/. You will land on the Kanban view of your task list.If the credentials are invalid, the login page re-renders with a validation error and no session is created.

Logging Out

Logout is handled by Django’s built-in LogoutView at /logout/.
path('logout/', auth_views.LogoutView.as_view(), name='logout'),
1

Send a POST request to /logout/

Django’s LogoutView requires a POST request to invalidate the session. This is enforced to prevent cross-site request forgery (CSRF) logout attacks. The logout link or button in the application includes a CSRF token.
2

Redirect after logout

After the session is destroyed, LogoutView redirects to LOGOUT_REDIRECT_URL, which resolves to / — the login page. You will need to authenticate again to access any protected view.
This application uses Django’s session-based authentication. There is no API key, JWT token, or other stateless authentication mechanism. Every request to a protected view is validated against the session cookie set at login time.

Protected Views

Most views require an active login session. The @login_required decorator is applied at the function level in tareas/views.py. Requests from unauthenticated users are redirected to LOGIN_URL = 'login', which resolves to /.

Views decorated with @login_required

The main task list, available in Kanban (?vista=kanban) and list (?vista=lista) modes. Requires login to prevent public access to the full task database.
Shows the full detail view for a single Tarea. Login is required because the detail page also exposes the edit, delete, and export controls.
Renders and processes the task edit form. Requires login so that only authenticated users can modify existing tasks.
Shows the deletion confirmation page (GET) and executes the deletion (POST). Both request methods require login.
Generates and streams a CSV download. Requires login to control who can extract data from the system.
Displays the CSV upload form (GET) and processes the uploaded file (POST). Requires login to prevent unauthorised bulk data creation.
One-click state change from the detail view. Requires login so state transitions are always traceable to an authenticated user.
One-click priority change from the star widget on the detail page. Requires login.

Views without @login_required

Two views are not decorated with @login_required in the current source code:
  • crear_tarea at /crear/ — unauthenticated users can access the task creation form and submit new tasks without logging in.
  • eliminar_tareas_seleccionadas at POST /eliminar-seleccionadas/ — unauthenticated users can submit a bulk-delete request without logging in.
If your deployment requires authentication for all task operations, add the @login_required decorator to both crear_tarea and eliminar_tareas_seleccionadas in tareas/views.py.

Creating Users

Gestor de Tareas Django does not include a self-service user registration page. New user accounts must be created by an administrator using one of the two methods below.
Create an administrator account with full access to the Django admin panel by running the management command from your project root:
python manage.py createsuperuser
You will be prompted to enter a username, an optional email address, and a password (entered twice for confirmation). Once created, this account can log in at both / (the app) and /admin/ (the Django admin).

Build docs developers (and LLMs) love