django-var-cms ships a complete, self-contained authentication layer for its control panel. Every route — login, OTP verification, forgot-password, and password reset — is rendered inside the same glassmorphic dark-mode shell as the rest of the panel, so your team never leaves the CMS experience to manage their credentials.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/rahul-baberwal/django-var-cms/llms.txt
Use this file to discover all available pages before exploring further.
Login Interface
The custom login page is available at/var-cms/login/ the moment you mount the URLs. Point Django’s built-in LOGIN_URL setting at it so unauthenticated requests are redirected there automatically.
AuthenticationForm to validate credentials. On success it redirects to the dashboard index (var_cms_index). If the user is already authenticated, visiting /var-cms/login/ redirects straight to the dashboard — no double-login prompt.
Optional OTP Two-Factor Authentication
By default, a correct username/password immediately logs the user in. When you enable OTP 2FA, a successful credential check instead sends a 6-digit one-time code to the user’s email address and redirects to the verification screen at/var-cms/otp-verify/. The user must enter the correct code to complete the login.
Session keys used during the OTP flow: var_cms_pre_otp_user_id (authenticated user’s ID) and var_cms_otp (the 6-digit code). Both keys are removed from the session once the user successfully verifies.
VAR_CMS_ENABLE_OTP defaults to False. OTP is entirely opt-in — you only need email configured if you enable it.Forgot Password Flow
A Forgot Password link on the login screen lets users recover access without admin intervention. The flow lives at/var-cms/forgot-password/.
Enter username or email
The user submits their Django
USERNAME_FIELD value or email address. The view queries both fields (when the model has an email field and USERNAME_FIELD is not email), so either works.Receive a reset OTP
A 6-digit reset code is emailed to the account’s registered email address. If the matched user has no email address set, the view returns the error: “This user does not have an email address configured.”As with the login OTP, if SMTP is unavailable the code is printed to the terminal:The session stores the reset code as
var_cms_reset_otp and the user’s ID as var_cms_reset_user_id, then redirects to /var-cms/forgot-password/verify/.If the matched user account has no email address configured in Django, the view displays the error:
“This user does not have an email address configured.”
Make sure every staff account has an email set in Django admin or your user management interface.
In-Dashboard Password Reset
Logged-in users can update their own password without leaving the control panel. The change-password form is at/var-cms/change-password/ and is accessible via the User Profile Badge → Reset Password menu item.
The form enforces three rules before saving:
| Rule | Behaviour |
|---|---|
| Old password must be correct | Shows “Current password is incorrect.” |
| New password must match confirmation | Shows “New passwords do not match.” |
| New password must be ≥ 6 characters | Shows “New password must be at least 6 characters.” |
update_session_auth_hash is called automatically — the user stays logged in without needing to re-authenticate.
Logout
Visiting/var-cms/logout/ (or clicking Logout in the user menu) clears the Django session and redirects the browser back to /var-cms/login/.
Quick-Reference Settings
URL Reference
| URL | Description |
|---|---|
/var-cms/login/ | Glassmorphic login form (uses AuthenticationForm; redirects to dashboard on success) |
/var-cms/otp-verify/ | OTP entry screen (only reached after valid credentials when OTP is enabled) |
/var-cms/forgot-password/ | Enter username or email to start password recovery |
/var-cms/forgot-password/verify/ | Enter reset OTP and choose a new password |
/var-cms/change-password/ | In-dashboard password reset (requires login) |
/var-cms/logout/ | Clears session, redirects to login |