I was using djoser, but ran into snags customizing emails and was referred to allauth + rest-auth.
I'm trying to convert my endpoints and running into problems with models.
Firstly, my user model with djoser dropped the username in favor of email, and I moved first & last name to a one-to-one profile table and added zipcode to the user model -- effectively my users are emails with passwords and zipcodes.
allauth threw an error that username didn't exist, after searching around I found a hacky 'solution' in adding an empty username filed back into my user model (and just ignoring it). When I changed my login endpoint from /auth/token/login/ to /rest-auth/login/ I got another error django.core.exceptions.ImproperlyConfigured: Field name 'first_name' is not valid for model 'User'. I'd really like to avoid adding all of the profile fields into my user model and making them nullable -- and I don't really want to write my own authentication backend.
Does anyone have experience with this type of model overriding?
Cheers,
-E
Unless you are planning on completely avoiding Django's user infrastructure, I would not bother trying to remove the default fields.
Whenever you're customizing the django user you'll want to extend AbstractBaseUser which includes first_name, last_name, username, email, date_joined, is_staff, and is_active. You don't have to use them but they will be there. You can specify which field will be used for the username
Once you're using AbstractBaseUser as the base for your user class, your problems here will go away and you can specify what you need from allauth from their configuration docs.
Also see the allauth doc on custom user models
Related
For Django-reactjs project, I have a user model in django which has 3 boolean fields (is_admin, is_moderator, is_normal_user), and I also have 3 other models, I want to set permissions for each user type. The user can only create objects for 1 model only, the moderator is the only one that can edit a certain model field, and admins can do everything.
It might be a trivial question but I am a newbie in Django and React so If you could please tell me how can I handle it with custom permissions(some steps to follow) and also how these permissions are handled from React.
Thanks in advance!
You need to check if the user has permission every time he is making an action, so when the React app calls your Django API, it will provide an authentication token right? That tokens corresponds to a unique user, so you can just do an if statement:
if request.user.is_admin:
do_everything()
elif request.user.is_moderator:
do_other_stuff()
While in the react app you would need the information if the logged in user is a moderator, admin or a normal user, so you can display the pages accordingly. To get that info, you may want to implement a '/me' endopoint that returns info about the logged in user, containg his status.
If you have no idea what Im talking about, I strongly recommend you to take a look at this video: https://www.youtube.com/watch?v=0d7cIfiydAc
The whole subject is too long for a stackoverflow answer.
Contact me if you still have any doubts.
I want to get rid of the existing fields in the Django's in-built user model like, is_staff, last_login etc, and keep only the username and password. How can I do this in a clean way?
Im using DotNetOpenAuth to integrate Google,Yahoo,Twitter and Facebook Logins into my application.
Now everything works as expected.
Twitter returns -> User-name and Claim-identifier(Just Id)
Google returns -> Email-Address, First and last Name and ID(URL+ID)
Yahoo returns -> Email-Address, Alias and ID (Url + ID)
Also im also allowing my users to register internally so my database User table is like this:
ID,UserName,Name,OpenID,LoginType,DisplayName
im wondering what i should be storing as User-Name, i was thinking of the ID, but i have this questions:
Shall i store the whole ID as User-Name ?!
Would it affect performance to store the whole ID(URL) as username?
If i extracted the ID from the Claim-Identifier would it still be unique between all 3 providers?
For OpenID, you must use the ClaimedIdentifier as the ID. Not anything else, and certainly not only a substring from the claimed identifier. Anything else seriously compromises the security of your application.
As far as where you store it, I would recommend you keep a dedicated column for storing your claimed identifier rather than just storing it in your UserName column. Consider this scenario:
A user creates an account with your web site using an OpenID http://SomeOpenIDUrl
An attacker logs in via the username/password form. He leaves the password blank but enters http://SomeOpenIDUrl as the username
The attacker successfully logs in as his victim.
A situation like the above can be mitigated in various ways of course, but the best way IMO is to keep the OpenID out of the username column so that it's completely impossible.
i'm doing with silverlight 4 for consultation booking system. what i wondering is, in my application required multiple kind of user register and login. admin having different format of admin ID, lecturer having different format of lecturer ID. i'm trying to implement with silverlight for role and authentication merchant. i think might because of silverlight membership can be done easily with asp.netmembershipprover, i could not find any resource to edit the default form for it or custom made the membership merchant for my application. may i know is there any article or resource you know on how to implement this, or any idea you can suggest to me ?? Thank you
Resources i found:
http://www.silverlight.net/learn/graphics/file-and-local-data/isolated-storage-(silverlight-quickstart)
i thinking of using the isolated storage to store the user logged in boolean but sound like not so secure
http://msdn.microsoft.com/en-us/library/ee942451(v=vs.91).aspx
the resources mention of using the default asp.net membership but no comment on how to edit the default set.
You can use default MembershipProvider to manage general user information such as username, password, security question, login etc. Then you create additional table to store your own information, of course you need to create Page to manage these data by yourself.
Table: aspnet_users
UserId
UserName
...
Table: YourCustomData
UserId
AdminId
AdminText
...
I've created a custom user model in my application. This user model is working fine, but there
are a couple of problems I have with it.
The change password link in the my register.html page doesn't work?
The default password box on the add/edit page for a user is a
little unfriendly.
Ideally, what I'd like is the two password fields
from the change password form on the add/edit user form in the admin,
which will automatically turn convert the entered password into a
valid encrypted password in Django.
This would make the admin system MUCH friendlier and much more suited
to my needs, as a fair number of user accounts will be created and
maintained manually in this app, and the person responsible for doing
so will likely be scared off at the sight of that admin field, or just
type a clear text password and wonder why it doesn't work.
Is this possible / How do I do this?
You can write your own view for editing user, or try to customize admin template for user.