I want to get rid of the existing fields in the Django's in-built user model like, is_staff, last_login etc, and keep only the username and password. How can I do this in a clean way?
Related
I was using djoser, but ran into snags customizing emails and was referred to allauth + rest-auth.
I'm trying to convert my endpoints and running into problems with models.
Firstly, my user model with djoser dropped the username in favor of email, and I moved first & last name to a one-to-one profile table and added zipcode to the user model -- effectively my users are emails with passwords and zipcodes.
allauth threw an error that username didn't exist, after searching around I found a hacky 'solution' in adding an empty username filed back into my user model (and just ignoring it). When I changed my login endpoint from /auth/token/login/ to /rest-auth/login/ I got another error django.core.exceptions.ImproperlyConfigured: Field name 'first_name' is not valid for model 'User'. I'd really like to avoid adding all of the profile fields into my user model and making them nullable -- and I don't really want to write my own authentication backend.
Does anyone have experience with this type of model overriding?
Cheers,
-E
Unless you are planning on completely avoiding Django's user infrastructure, I would not bother trying to remove the default fields.
Whenever you're customizing the django user you'll want to extend AbstractBaseUser which includes first_name, last_name, username, email, date_joined, is_staff, and is_active. You don't have to use them but they will be there. You can specify which field will be used for the username
Once you're using AbstractBaseUser as the base for your user class, your problems here will go away and you can specify what you need from allauth from their configuration docs.
Also see the allauth doc on custom user models
Currently I am working on rebuilding an existing website, the old site was written in CakePHP but the new one is in Laravel.
The old users will have to be able to login with the same password as they used on the old site, but those passwords were hashed in CakePHP.
My question is:
Is there a method which would enable me use the CakePHP way of
passwordhashing in Laravel?
I have tried looking for a package that could accomplish this, but to no avail.
I had a similar issue with a migration from a Drupal site. So it should be applicable here, I'll use CakePHP from now on instead of Drupal. I don't know if you are using a package like Sentry to handle the User accounts, or if it is something homegrown.
What I ended up doing was adding a second password field (cakephp_password) to my users table which contained the imported hashed passwords.
Then during the login process, I checked if the cakephp_password field was empty or not. If it was I passed the password typed by the user through the CakePHP hash function which I added to my Class that handled the logins. I then compared the hash from the CakePHP function with the hash in cakephp_password. If the hashes matched I passed the users password through the hashing function of my laravel User management class (Sentry in my case) and added the calculated hash to the password field of the user and deleted the hash in the cakephp_password field.
Now I could just call the login process normally as for any user.
I'm trying to extend User models with my custom model by inheriting from it like this:
class Profile(User):
...
I would like to add my custom fields to the User model but django nonrel fails with an error:
DatabaseError: Multi-table inheritance is not supported by non-relational DBs.
So how I can solve this problem? I definitely need my custom fields in User model.
Instead of overriding the User model you should create another class that holds the additional fields and bind it to User model by a 1-to-1 relationship.
from django.contrib.auth.models import User
class UserProfile(models.Model):
user = models.ForeignKey(User, unique=True)
nickname = models.CharField(max_length=50)
...
...
You Cannot do something like that in google-app-engine. If you want to have relationship in your model. You should denormailse your model in such a way that the same can be achieved in appengine's way.To know more about modeling in appengine . You can have go through the following links.
modeling in appengine
Daily profeth modeling in appengine
I wanted the request.user object to be the normal User object, but with added fields. The accepted answer doesn't allow that, as UserProfile has a member "user" instead of being a user.
This article explains how to instead inherit from User.
The steps in brief:
Make CustomUser inherit from User
Set up a custom authentication backend to return CustomUser
Have not tried it yet.
I've created a custom user model in my application. This user model is working fine, but there
are a couple of problems I have with it.
The change password link in the my register.html page doesn't work?
The default password box on the add/edit page for a user is a
little unfriendly.
Ideally, what I'd like is the two password fields
from the change password form on the add/edit user form in the admin,
which will automatically turn convert the entered password into a
valid encrypted password in Django.
This would make the admin system MUCH friendlier and much more suited
to my needs, as a fair number of user accounts will be created and
maintained manually in this app, and the person responsible for doing
so will likely be scared off at the sight of that admin field, or just
type a clear text password and wonder why it doesn't work.
Is this possible / How do I do this?
You can write your own view for editing user, or try to customize admin template for user.
i use auth componnet in my cakephp project
I add type field into users Mysql table
that enum type: admin, client
i need auth component to redirect admin's to CP page, and client to their profile page and only can access one conttroller..
ofcourse without using ACL or any others related
I'd recommend taking advantage of the isAuthorized() function that you can add in the controller, or the model. Set the AuthComponent::authorize = {'controller'|'model'} to choose which you want to use.
Then you write an isAuthorized() function in the model|controller that returns t/f on auth/not auth for each action. You can do some row-level checking as well, if you'd like.
Now, if instead you just wanted to redirect an admin to their correct pages on login/etc, you can add code to the beforeFilter() method (either in a specific controller, or in app_controller.php). In that, just check to see if the admin value set by the app is the same as the user's admin value (which will be stored by AuthComponent in the Session data, accessible by $this->Auth->User()). Then route appropriately to the admin/non admin areas.
isAuthorized() is the best choice.
i would recommend to separate the users from their groups in the database, so User habtm Group... but It is not a problem if user belongs to one and only one group
I do not recommend ACL for non record-level-based permissions system
Just something to pay attention to, but unless something has changed recently CakePHP does not support ENUM column types.
Your best bet is a Group model ( groups mysql table ) and a group_id field on the users table.
Then you can $hasOne = array( 'Group' ); in your User model.
From there you can follow any one of a HUGE number of group access control tutorials for the Auth Component via an easy google search for "CakePHP Auth User Group"