Develop Reference

username still required o generate token even if it is removed from user model in django restframework

I'm still having this error when trying to do a post request from postman{"username":["This field is required."]}.
Please note that Abstract User class was overrided to support email authentication with username = None.
UserManager and UserAdmin also were overrided
Models.py
class User(AbstractUser):
username = None
email = models.EmailField(max_length=100,
verbose_name='email', unique=True)
USERNAME_FIELD = 'email'
REQUIRED_FIELDS = []
class UserManager(BaseUserManager):
use_in_migrations = True
def create_user(self, email, password, **extra_fields):
if not email:
raise ValueError(_('The Email must be set'))
email = self.normalize_email(email)
user = self.model(email=email, **extra_fields)
user.set_password(password)
user.save()
return user
def create_superuser(self, email, password, **extra_fields):
extra_fields.setdefault('is_staff', True)
extra_fields.setdefault('is_superuser', True)
extra_fields.setdefault('is_active', True)
if extra_fields.get('is_staff') is not True:
raise ValueError(_('Superuser must have is_staff=True.'))
if extra_fields.get('is_superuser') is not True:
raise ValueError(_('Superuser must have
is_superuser=True.'))
return self.create_user(email, password, **extra_fields)
Serializers.py
class UserSerializer(serializers.ModelSerializer):
photo = PhotoSerializer()
class Meta:
model = User
fields = '__all__'
Views.py
class AuthToken(ObtainAuthToken):
username_field = 'email'
def post(self, request, *args, **kwargs):
serializer = self.serializer_class(data=request.data,
context={'request': request})
serializer.is_valid(raise_exception=True)
user = serializer.validated_data['user']
token, created = Token.objects.get_or_create(user=user)
return Response({
'token': token.key,
'user_id': user.pk,
'email': user.email
})
Admin.py
class UserAdmin(DjangoUserAdmin):
fieldsets = (
(None, {'fields': ('email', 'password')}),
(('Permissions'), {'fields': ('is_active', 'is_staff',
'is_superuser','groups', 'user_permissions')}),)
add_fieldsets = (
(None, {
'classes': ('wide',),
'fields': ('email', 'password1', 'password2'),}),)
list_display = ('email', 'first_name', 'last_name', 'is_staff')
search_fields = ('email', 'first_name', 'last_name')
ordering = ('email',)
Settings.py
AUTH_USER_MODEL = "api.User"
ACCOUNT_AUTHENTICATION_METHOD = 'email'
ACCOUNT_USER_MODEL_USERNAME_FIELD = None
ACCOUNT_EMAIL_REQUIRED = True
ACCOUNT_USERNAME_REQUIRED = False

The issue is your fields in the modelserializer is set to all. Try using
class UserSerializer(serializers.ModelSerializer):
photo = PhotoSerializer()
class Meta:
model = User
exclude = ('username', )

this solved the qustion:
class AuthTokenSerializer(serializers.Serializer):
email = serializers.EmailField(label=_("Email"))
password = serializers.CharField(label=_("Password",),
style={'input_type': 'password'},trim_whitespace=False)
def validate(self, attrs):
email = attrs.get('email')
password = attrs.get('password')
if email and password:
user = authenticate(request=self.context.get('request'),
email=email, password=password)
if not user:
msg = ('Unable to log in with provided
credentials.')
raise
serializers.ValidationError(msg,code='authorization')
else:
msg = ('Must include "username" and "password".')
raise serializers.ValidationError(msg,
code='authorization')
attrs['user'] = user
return attrs

Django : profile edition set_password()

I would like to create an API for a mobile application. In this application, we can create an account, and of course, edit our profile.
For create an account, I use the django account default model like that:
models.py:
def create_user(self, email, username, phone, deliveryAddress, postalCode, city, password=None):
if not email:
raise ValueError("Users must have an email address")
if not username:
raise ValueError('Users must have an username')
if not phone:
raise ValueError('Users must have a phone number')
if not deliveryAddress:
raise ValueError('Users must have a delivery Address')
if not postalCode:
raise ValueError("Users must have a postal code")
if not city:
raise ValueError('Users must have a city')
user = self.model(
email = self.normalize_email(email),
username = username,
phone = phone,
deliveryAddress = deliveryAddress,
postalCode = postalCode,
city = city,
)
user.set_password(password)
user.save(using = self._db)
return user
def create_superuser(self, email, username, phone, deliveryAddress, postalCode, city, password=None):
user = self.create_user(
email = self.normalize_email(email),
username = username,
password = password,
phone = phone,
deliveryAddress = deliveryAddress,
postalCode = postalCode,
city = city,
)
user.is_admin = True
user.is_staff = True
user.is_superuser = True
user.save(using = self._db)
class memberArea(AbstractBaseUser):
username = models.CharField(max_length=255)
email = models.EmailField(max_length=255, unique=True)
phone = models.TextField()
date_joined = models.DateTimeField(verbose_name='date joined', auto_now_add=True)
last_login = models.DateTimeField(verbose_name='last login', auto_now=True)
deliveryAddress = models.TextField()
postalCode = models.CharField(max_length=255)
forget = models.TextField(null=True, blank=True)
city = models.CharField(max_length=255)
is_admin = models.BooleanField(default=False)
is_active = models.BooleanField(default=True)
is_staff = models.BooleanField(default=False)
is_superuser = models.BooleanField(default=False)
USERNAME_FIELD = 'email'
REQUIRED_FIELDS = ['username', 'phone', 'deliveryAddress', 'postalCode', 'city']
objects = MyAccountManager()
def __str__(self):
return self.email + ' : ' + self.username
def has_perm(self, perm, obj=None):
return self.is_admin
def has_module_perms(self, app_label):
return True
#receiver(post_save, sender=settings.AUTH_USER_MODEL)
def create_auth_token(sender, instance=None, created=False, **kwargs):
if created:
Token.objects.create(user=instance)
When I create an account, I automaticaly encrypt the user password with set_password()
Now, I want to make a view to edit an account.
Of course I want the password to be encrypted too.
This is my code:
serializer.py:
class AccountSerializer(serializers.ModelSerializer):
class Meta:
model = memberArea
fields = ['username', 'email', 'phone', 'password', 'deliveryAddress', 'postalCode', 'city']
extra_kwargs = {
'password': {'write_only': True},
}
views.py:
#Edit account
#api_view(['PUT', ])
def edit_account(request, pk):
try:
account = memberArea.objects.get(pk=pk)
except memberArea.DoesNotExist:
return HttpResponse(status=404)
if request.method == 'PUT':
serializer = AccountSerializer(account, data=request.data)
data = {}
if serializer.is_valid():
serializer.save()
data['response'] = 'Account updated with success !'
return Response(data)
return Response(serializer.errors)
I don't know where and how I can encrypt the password before updating the profile.
Maybe I can do that in my serializer file by finding the account that we want to edit but I don't know how to do that in this file...
Thanks by advance for your help

You can do Field-level validation in your serializer to encrypt the raw password to a hashed one.
Here is an example of encrypting the raw password in your AccountSerializer. Then, every raw password from a request's json payload will be encrypted to a hashed one.
from django.contrib.auth.hashers import make_password
class AccountSerializer(serializers.ModelSerializer):
class Meta:
model = memberArea
fields = ['username', 'email', 'phone', 'password', 'deliveryAddress', 'postalCode', 'city']
extra_kwargs = {
'password': {'write_only': True},
}
def validate_password(self, raw_password):
return make_password(raw_password)

django how to create hashed password using create_user() method

I have this problem for a month.
I'm using abstractbasemodel and basemanagerto to create a login and signup API using rest framework.
However, when I create a user password, it is saved as raw data since I use set_password() method and custom model manager confuses me...
This is my code :
class UserProfileSerializer(serializers.ModelSerializer):
class Meta:
model = UserProfile
fields = ('id' ,'email' ,'name' ,'password')
extra_kwargs = {
'password':{
'write_only':'True',
'style': {'input_type': 'password'}
}
}
def create(self, validated_data):
user = UserProfile.people.create_user(
email = validated_data['email'],
name = validated_data['name'],
password = validated_data['password']
)
class UserProfileViewSet(viewsets.ModelViewSet):
serializer_class = serializers.UserProfileSerializer
queryset = models.UserProfile.people.all()
authentication_classes = (TokenAuthentication, )
permission_classes = (UpdateOwnProfile, )
filter_backends = (SearchFilter, )
search_fields = ('name', 'email')
class UserLoginApiView(ObtainAuthToken):
renderer_classes = api_settings.DEFAULT_RENDERER_CLASSES
class UserProfileManager(BaseUserManager):
def create_user(self, email, name, password=None):
print("user model manager")
if not email:
raise ValueError('User Must Have an Email Address')
email = self.normalize_email(email)
user = self.model(email=email, name=name )
user.set_password(password)
user.save(using=self._db)
return user
def create_superuser(self, email, name, password):
user = self.create_user(email, name, password)
user.is_superuser = True
user.is_staff = True
user.save(using=self._db)
return user
class UserProfile(AbstractBaseUser,PermissionsMixin):
email = models.EmailField(max_length=255,unique=True)
name = models.CharField(max_length=255)
is_active = models.BooleanField(default=True)
is_staff = models.BooleanField(default=False)
people = UserProfileManager()
USERNAME_FIELD = 'email'
REQUIRED_FIELDS = ['name']
def get_full_name(self):
return self.name
def get_short_name(self):
return self.name
def __str__(self):
return self.email
class Profile(models.Model):
user = models.OneToOneField(UserProfile,on_delete=models.CASCADE,relat ed_name="Profile")
location = models.CharField(max_length=100,blank=True,null=True)
bio = models.CharField(max_length=100,blank=True,null=True)
creationDate = models.DateTimeField(auto_now_add=True)
follower = models.ManyToManyField(UserProfile,related_name="Following",blank=True)
class Meta:
verbose_name='Profile'
verbose_name_plural='Profiles'
I also defined auth user model in settings :
AUTH_USER_MODEL='profiles.UserProfile'
to make sure Django uses my custom user model.
I don't know whats wrong as there is no error and only superusers that are created in terminal using manage.py are saved with hashed password.
Users which are created with my viewsets are saved with raw password.
First, I named the model manager "objects" and now, its people but the create user method wont run at all.

You can use django's built in hasher to create hashed password. It can be applied in .create method. First import from django.contrib.auth.hashers import make_password and then modify .create() method,
def create(self, validated_data):
user = UserProfile.people.create_user(
email = validated_data['email'],
name = validated_data['name'],
password = make_password(validated_data['password']) # here
)
return user
Or
if you don't override the .create() method then add the following validate_password method in serializer,
The validate_password is ran, everytime a new object has to be created
class UserProfileSerializer(serializers.ModelSerializer):
class Meta:
model = UserProfile
fields = ('id' ,'email' ,'name' ,'password')
extra_kwargs = {
'password':{
'write_only':'True',
'style': {'input_type': 'password'}
}
}
def validate_password(self, value: str) -> str:
return make_password(value)

How to fix "Invalid password format or unknown hashing algorithm." in a custom User Model Django

models.py
class UserManager(BaseUserManager):
def create_user(self, phone, password=None):
if not phone:
raise ValueError('Please provide a valid Phone')
user = self.model(
phone = phone,
)
user.set_password(password)
user.save(using=self._db)
return user
def create_staffuser(self, phone, password):
user = self.create_user(
phone,
password=password,
)
user.staff = True
user.save(using=self._db)
return user
def create_superuser(self, phone, password):
user = self.create_user(
phone,
password=password,
)
user.staff = True
user.admin = True
user.save(using=self._db)
return user
phone_regex = RegexValidator(regex=r'^(\+\d{1,3})?,?\s?\d{8,13}',
message="Phone number should be in the format '+9999999999', Up to 14 digits allowed.")
class User(AbstractBaseUser):
phone = models.CharField(validators=[phone_regex],max_length=15,unique=True)
active = models.BooleanField(default=True)
staff = models.BooleanField(default=False)
admin = models.BooleanField(default=False)
USERNAME_FIELD = 'phone'
REQUIRED_FIELDS = []
objects = UserManager()
def __str__(self):
return self.phone
def has_perm(self, perm, obj=None):
return True
def has_module_perms(self, app_label):
return True
#property
def is_staff(self):
return self.staff
#property
def is_admin(self):
return self.admin
#property
def is_active(self):
return self.active
admin.py
class UserCreationForm(forms.ModelForm):
password1 = forms.CharField(label='Password', widget=forms.PasswordInput)
password2 = forms.CharField(label='Password confirmation', widget=forms.PasswordInput)
class Meta:
model = User
fields = ('phone',)
def clean_password2(self):
password1 = self.cleaned_data.get("password1")
password2 = self.cleaned_data.get("password2")
if password1 and password2 and password1 != password2:
raise forms.ValidationError("Passwords don't match")
return password2
def save(self, commit=True):
# Save the provided password in hashed format
user = super().save(commit=False)
user.set_password(self.cleaned_data["password1"])
if commit:
user.save()
return user
class UserChangeForm(forms.ModelForm):
password = ReadOnlyPasswordHashField()
class Meta:
model = User
fields = ('phone', 'password')
def clean_password(self):
# Regardless of what the user provides, return the initial value.
# This is done here, rather than on the field, because the
# field does not have access to the initial value
return self.initial["password"]
class UserAdmin(BaseUserAdmin):
# The forms to add and change user instances
form = UserChangeForm
add_form = UserCreationForm
# The fields to be used in displaying the User model.
# These override the definitions on the base UserAdmin
# that reference specific fields on auth.User.
list_display = ('phone', 'admin')
list_filter = ('admin',)
fieldsets = (
(None, {'fields': ('phone', 'password')}),
('Personal info', {'fields': ()}),
('Permissions', {'fields': ('admin',)}),
)
# add_fieldsets is not a standard ModelAdmin attribute. UserAdmin
# overrides get_fieldsets to use this attribute when creating a user.
add_fieldsets = (
(None, {
'classes': ('wide',),
'fields': ('phone', 'password1', 'password2')}
),
)
search_fields = ('phone',)
ordering = ('phone',)
filter_horizontal = ()
admin.site.register(User, UserAdmin)
admin.site.register(PhoneOTP)
admin.site.unregister(Group)
serializers.py
User = get_user_model()
class CreateUserSerializer(serializers.ModelSerializer):
class Meta:
model = User
fields = ('phone','password')
extra_kwargs = {"password":{'write_only': True}}
def create(self,validated_data):
user = User.objects.create(validated_data['phone'],None,validated_data['password'])
return user
class UserSerializer(serializers.ModelSerializer):
class Meta:
model = User
fields = ['id','phone']
class LoginSerializer(serializers.Serializer):
phone = serializers.CharField()
password = serializers.CharField(style= { 'input_type': 'password'},trim_whitespace=False)
def validate(self, data):
user = authenticate(**data)
if user.phone and user.password:
return user
raise serializers.ValidationError("Unable to log in with provided credentials.")
When I try to create user using APIView the user is created and I can see the user in the Django admin as well but the password field is unhashed and it says Invalid password format or unknown hashing algorithm. I have used a custom user model here to use the phone number as the username field but the problem remains the same. I am on the current version of Django i.e, 2.2 and because of this, I am also not able to login into the app as well.

use set_password() method for creating password
or
use User.objects.create_user() for your code.
Edit your code like this.
class CreateUserSerializer(serializers.ModelSerializer):
class Meta:
model = User
fields = ('phone','password')
extra_kwargs = {"password":{'write_only': True}}
def create(self,validated_data):
user = User.objects.create_user(validated_data['phone'],None,validated_data['password'])
return user

I used this, and worked well.
class CreateUser(APIView):
permission_classes = [AllowAny]
def post(self, request, format='json'):
print(request.data)
data = request.data
reg_serializer = RegisterUserSerializer(data=data)
if reg_serializer.is_valid():
password = reg_serializer.validated_data.get('password')
reg_serializer.validated_data['password']=make_password(password)
new_user = reg_serializer.save()
if new_user:
return Response(status=status.HTTP_201_CREATED)
return Response(reg_serializer.errors,status=status.HTTP_400_BAD_REQUEST)

Write the create method outside the meta class and it will work.

This solved this problem for me:
USERS = {
"a_user_name" : ["User group","email#domain.com","Password1234*"],
}
for user_name in USERS:
new_user, created = User.objects.get_or_create(username=user_name,is_staff = True, email = USERS[user_name][1])
new_user.set_password(USERS[user_name][2])
new_user.save()

try this
from django.contrib.auth.hashers import make_password
...
def create(self,validated_data):
user = User.objects.create(validated_data['phone'],None,make_password(validated_data['password']))
return user

In view.py "use make_password()"
if validated:
temp_data = {
'phone': phone,
'password': make_password(password),
}

Authenticating a Django user with email

I'm using Django 1.7 and am trying to authenticate a user with email instead of the provided Django auth user.
This is my models.py
from django.db import models
from django.contrib.auth.models import AbstractBaseUser, BaseUserManager
class MyUserManager(BaseUserManager):
def create_user(self, email, password=None):
if not email:
raise ValueError('Users must have an email address')
user = self.model(
email=MyUserManager.normalize_email(email),
)
user.set_password(password)
user.save(using=self._db)
return user
def create_superuser(self, email, password):
user = self.create_user(email,
password=password,
)
user.is_admin = True
user.save(using=self._db)
return user
class MyUser(AbstractBaseUser):
"""
Custom user class.
"""
email = models.EmailField('email address', unique=True, db_index=True)
joined = models.DateTimeField(auto_now_add=True)
is_active = models.BooleanField(default=True)
is_admin = models.BooleanField(default=False)
USERNAME_FIELD = 'email'
def __unicode__(self):
return self.email
and this is a snippet from my views.py
def auth_view(request):
username = request.POST.get('username', '')
password = request.POST.get('password', '')
user = auth.authenticate(username=username, password=password)
if user is not None:
auth.login(request, user)
return HttpResponseRedirect('/')
else:
return HttpResponseRedirect('/invalid/')
def register_user(request):
if request.method == 'POST':
form = MyRegistrationForm(request.POST)
if form.is_valid():
print "Form is valid"
form.save()
return HttpResponseRedirect('/register_success/')
args = {}
args.update(csrf(request))
args['form'] = MyRegistrationForm()
return render_to_response('register.html', args, context_instance=RequestContext(request))
and finally, my forms.py
from django import forms
from django.contrib.auth.models import User
class MyRegistrationForm(forms.ModelForm):
"""
Form for registering a new account.
"""
email = forms.EmailField(widget=forms.EmailInput,label="Email")
password1 = forms.CharField(widget=forms.PasswordInput,
label="Password")
password2 = forms.CharField(widget=forms.PasswordInput,
label="Password (again)")
class Meta:
model = User
fields = ['email', 'password1', 'password2']
def clean(self):
"""
Verifies that the values entered into the password fields match
NOTE: Errors here will appear in ``non_field_errors()`` because it applies to more than one field.
"""
cleaned_data = super(MyRegistrationForm, self).clean()
if 'password1' in self.cleaned_data and 'password2' in self.cleaned_data:
if self.cleaned_data['password1'] != self.cleaned_data['password2']:
raise forms.ValidationError("Passwords don't match. Please enter both fields again.")
return self.cleaned_data
def save(self, commit=True):
user = super(MyRegistrationForm, self).save(commit=False)
user.set_password(self.cleaned_data['password1'])
if commit:
user.save()
return user
Whenever I try to register an account, I get an error 'NoneType' object has no attribute '_insert' from forms.py calling user.save and views.py calling form.save. I don't really know how to write the user.save, but I'd imagine that would fix both errors.
Can anyone help me?

look at forms.py imports
from django.contrib.auth.models import User
must import MyUser instead of that
same in
class Meta:
model = User
fields = ['email', 'password1', 'password2']
and add to MyUser class
objects = MyUserManage()
change to
class Meta:
model = MyUser
fields = ['email', 'password1', 'password2']
and settings.py must set:
AUTH_USER_MODEL = '<apppath>.MyUser'