I have created a website where the user will login with his email instead of username as Django does. So, I have created an AUTHENTIFICATION_BACKENDS:
class EmailBackend(object):
def authenticate(self, username=None, password=None, **kwargs):
try:
user = User.objects.get(email=username)
except User.MultipleObjectsReturned:
user = User.objects.filter(email=username).order_by('id').first()
except User.DoesNotExist:
return None
if getattr(user, 'is_active') and user.check_password(password):
return user
return None
def get_user(self, user_id):
try:
return User.objects.get(pk=user_id)
except User.DoesNotExist:
return None
My form:
class UserRegisterForm(forms.ModelForm):
username = forms.CharField()
email = forms.EmailField()
age = forms.IntegerField()
password2 = forms.CharField()
password = forms.CharField()
class Meta:
model = User
fields = ['username', 'age', 'email', 'password', 'password2']
At this stage, the login with an email is Working perfectly. The problem starts when I try to register a user. In registration view:
form = UserRegisterForm(request.POST)
register a new user:
user = form.save(commit=False)
username = form.cleaned_data['username']
password = form.cleaned_data['password']
user.set_password(password)
user.save()
user = authenticate(username=username, password=password)
login(request, user)
This is where the problem appears. it seems like user = authenticate(username=username, password=password) is trying to create an anonymous user. What am I doing wrong in my AUTHENTIFICATION_BACKENDS ??
Related
I'm learning Django and tried to write my own custom user model. I'm not using DRF and serializers and stuffs I have no idea about :)
I am using createView to create users but I can't login because "Invalid password."
I checked the user's password in admin and the user's password is "Invalid password format or unknown hashing algorithm." .
here are the codes:
Custome User and User Manager in models
class UserManager(UserManager):
def create_user(self, username, email, password, **extra_fields):
if not email:
raise ValueError('User must have email')
if not username:
raise ValueError('User must have username')
user = User.objects.create_user(
username=username,
email=self.normalize_email(email),
)
user.set_password(password)
user.save()
return user
def create_superuser(self, username, email, password, **extra_fields) :
user = self.create_user(username, email, password)
user.is_staff = True
user.is_superuser = True
user.is_admin = True
user.is_active = True
user.save()
return user
class User(AbstractBaseUser):
username = models.CharField(unique=True, max_length=200)
email = models.EmailField(unique=True)
is_superuser = models.BooleanField(default=False)
is_active = models.BooleanField(default=False)
is_admin = models.BooleanField(default=False)
is_staff = models.BooleanField(default=False)
date_joined = models.DateTimeField(default=timezone.now)
modified_at = models.DateTimeField(auto_now=True)
objects = UserManager()
REQUIRED_FIELDS = ["username","email", "password"]
USERNAME_FIELD = "username"
def __str__(self):
return self.email
def has_perm(self, perm, object=None):
"Does the user have a specific permission?"
return self.is_admin
def has_module_perms(self, app_label):
"Does the user have permissions to view the app `app_label`?"
# Simplest possible answer: Yes, always
return True
SignUp and login in views
class SignUp(CreateView):
model = User
form_class = CUForm
success_url = reverse_lazy('index')
def login(request):
if request.user.is_authenticated:
messages.warning(request, 'You are already logged in.')
return redirect('/list')
elif request.method == 'POST':
username = request.POST['username']
password = request.POST['password']
user = auth.authenticate(username=username, password=password)
if user is not None:
auth.login(request, user)
return redirect('/list')
else:
try:
user = User.objects.get(username=username)
messages.error(request, 'Invalid password.')
except:
messages.error(request, 'Invalid username ')
return redirect('login')
return render(request, 'accounts/login.html')
and forms.py
class CUForm(forms.ModelForm):
username = forms.CharField(max_length=200)
email = forms.EmailField(widget=forms.EmailInput())
password = forms.CharField(widget=forms.PasswordInput())
confirm_password = forms.CharField(widget=forms.PasswordInput())
class Meta:
model = User
fields = ['email','username','password',]
def clean(self):
cleaned_data = super(CUForm, self).clean()
password = cleaned_data.get('password')
confirm_password = cleaned_data.get('confirm_password')
if password != confirm_password:
raise forms.ValidationError('Password does not match.')
and admin
class CostumeUserAdmin(UserAdmin):
list_display = ('email', 'username', 'is_active', 'is_admin')
filter_horizontal = ()
list_filter = ('is_staff',)
fieldsets = ()
admin.site.register(User, CostumeUserAdmin)
I have read some of the solutions and I changed
user = self.model(
username=username,
email=self.normalize_email(email)
)
to
user = User.objects.create_user(
username=username,
email=self.normalize_email(email),
)
Alrigh I have fixed the "Invalid password format or unknown hashing algorithm." issue by adding this to my createView:
def form_valid(self, form):
user = form.save(commit=False)
password = self.request.POST['password']
user.set_password(password)
user.save()
return super().form_valid(form)
and the password now saves correctly, not sure why but it does.
And then I realized I didn't add AUTH_USER_MODEL = 'accounts.User'
in my setting.py!
I still don't know why I need to use set_password in form_valid even tho I used it in UseManager but now It works!
Basically what I have done so far is create a registration page where the user makes their username and password, then that password is stored in as a hashed password (md5 hasher). The problem I am having is logging in. The user inputs their username and password then the password is authenticated by using authenticate() method in django. The problem is that authenticate() is returning None instead of matching the user and password in the database. I dont know if this affects anything but I am using PostgreSQL.
models.py
class MyAccountManager(BaseUserManager):
def create_user(self, email,username,first_name,password= None):
if not email:
raise ValueError('User must have an email address')
if not username:
raise ValueError('User must have a username')
if not first_name:
raise ValueError('User must have a first name')
user= self.model(
email=self.normalize_email(email),
username= username,
first_name= first_name
)
user.set_password(password)
user.save(using=self._db)
return user
def create_superuser(self, email, username, first_name, password):
user= self.create_user(
email= self.normalize_email(email),
username=username,
first_name= first_name,
password= password,
)
user.is_admin= True
user.is_staff= True
user.is_superuser= True
user.save(using=self._db)
return user
class User(AbstractBaseUser, models.Model):
email = models.EmailField(verbose_name='email', max_length=60, unique=True)
username = models.CharField(max_length=30, unique=True)
date_joined = models.DateTimeField(auto_now_add=True, verbose_name='date joined')
last_login = models.DateTimeField(verbose_name='last login', auto_now=True)
is_admin = models.BooleanField(default=False)
is_staff = models.BooleanField(default=False)
is_superuser = models.BooleanField(default=False)
is_active = models.BooleanField(default=True)
first_name = models.CharField(max_length=30)
last_name = models.CharField(max_length=30)
USERNAME_FIELD= 'username'
REQUIRED_FIELDS= ['email','first_name']
objects= MyAccountManager()
def __str__(self):
return self.email
def has_perm(self, perm, obj=None):
return self.is_admin
def has_module_perms(self, app_label):
return True
forms.py
class LoginForm(forms.Form):
username = forms.CharField(initial='' ,label='Username:',max_length=30)
password = forms.CharField(max_length=20, widget=forms.PasswordInput())
class Meta:
model = User
fields = ('username', 'password')
def clean(self):
cleaned_data = super(LoginForm, self).clean()
confirm_password = cleaned_data.get('password')
class SignUpForm(forms.ModelForm):
first_name = forms.CharField(required= True,initial='',max_length=20)
last_name = forms.CharField(required=True,max_length=30, initial='')
username = forms.CharField(max_length=30,initial='', required=True)
password = forms.CharField(max_length= 20, initial='', widget = forms.PasswordInput())
password2= forms.CharField(max_length=20, initial='',widget = forms.PasswordInput())
email = forms.EmailField(max_length=60, initial='',)
class Meta:
model = User
fields = ('first_name', 'last_name','username','password2','email')
def clean(self):
cleaned_data = super(SignUpForm,self).clean()
password = cleaned_data.get('password')
confirm_password = cleaned_data.get('password2')
if(password != confirm_password):
raise forms.ValidationError(
'Password and Confirm Password do not match.'
)
views.py
def signin_and_signup(request):
if request.method == 'POST':
logout(request)
sign_in = LoginForm(request.POST)
signup = SignUpForm(request.POST)
if 'sign-in-name' in request.POST:
if sign_in.is_valid():
username = request.POST.get('username')
password= request.POST.get('password')
user = authenticate(username= username, password= password)
if user:
return HttpResponse('success')
else:
return HttpResponse('fail')
elif 'sign-up-input-name' in request.POST:
if(signup.is_valid()):
user = signup.save(commit=False)
nonHashed = signup.cleaned_data['password']
varhash = make_password(nonHashed, None, 'md5')
user.set_password(varhash)
user.save()
else:
print("Ran3<------------")
signup = SignUpForm()
else:
sign_in = LoginForm()
signup = SignUpForm()
context = {'signin':sign_in, 'signup':signup}
return render(request, 'home.html', context)
Why are you substituting the user model that django provides if you have the same attributes?
This is done in case you want to extend or add new properties to the user, for example, license number, avatar, position.
Anyway, your authenticate() maybe doesn't work because you haven't registered your new model in settings.py.
AUTH_USER_MODEL = 'name_of_the_app.User'
I recommend that you take a look at the official documentation
https://docs.djangoproject.com/en/3.1/topics/auth/customizing/
Antoher thing it could be your authentication backend:
Try:
settings.py
AUTHENTICATION_BACKENDS = [
'name_of_the_app.admin.LoginBackend',
]
Where you want for example admin.py
from django.contrib.auth.backends import ModelBackend, UserModel
from django.db.models import Q
class LoginBackend(ModelBackend):
def authenticate(self, request, username=None, password=None, **kwargs):
try: # to allow authentication through phone number or any other field, modify the below statement
user = UserModel.objects.get(Q(username__iexact=username) | Q(email__iexact=username))
except UserModel.DoesNotExist:
UserModel().set_password(password)
except MultipleObjectsReturned:
return models.User.objects.filter(email=username).order_by('id').first()
else:
if user.check_password(password) and self.user_can_authenticate(user):
return user
def get_user(self, user_id):
try:
user = UserModel.objects.get(pk=user_id)
except UserModel.DoesNotExist:
return None
return user if self.user_can_authenticate(user) else None
As you can see, you can also login with the email
I am trying to login using email instead of username in django, but it is not working. I am not getting any error also.
I also looked up solution for solutions in stackoverflow and other blogs/post also but not getting the output.
Can you please review my code where I am wrong/ modification needed.
Any suggestions or changes are welcome.
Here is my code:
models.py
from django.db import models
from django.contrib.auth.models import (BaseUserManager,AbstractBaseUser)
# Create your models here.
class UserManager(BaseUserManager):
def create_user(self, email,password=None):
"""
Creates and saves a User with the given email, date of
birth and password.
"""
if not email:
raise ValueError('Users must have an email address')
user = self.model(
email=self.normalize_email(email),
)
user.set_password(password)
user.save(using=self._db)
return user
def create_superuser(self, email, date_of_birth, password):
"""
Creates and saves a superuser with the given email, date of
birth and password.
"""
user = self.create_user(
email,
password=password,
)
user.is_admin = True
user.save(using=self._db)
return user
class MyUser(AbstractBaseUser):
email = models.EmailField(verbose_name='email address',
max_length=255,
unique=True,
)
is_active = models.BooleanField(default=True)
is_admin = models.BooleanField(default=False)
objects = UserManager()
USERNAME_FIELD = 'email'
REQUIRED_FIELDS = []
def __str__(self):
return self.email
def has_perm(self, perm, obj=None):
"Does the user have a specific permission?"
# Simplest possible answer: Yes, always
return True
def has_module_perms(self, app_label):
"Does the user have permissions to view the app `app_label`?"
# Simplest possible answer: Yes, always
return True
#property
def is_staff(self):
"Is the user a member of staff?"
# Simplest possible answer: All admins are staff
return self.is_admin
views.py
from django.shortcuts import render
from django.contrib.auth.models import User
from django.contrib.auth import get_user_model,authenticate
from .forms import RegisterForm,LoginForm
# Create your views here.
def home(request):
return render(request,'home.html',{})
def register_view(request):
form = RegisterForm(request.POST or None)
context = {"form":form}
if form.is_valid():
email = form.cleaned_data['email']
password = form.cleaned_data['password']
new_user = User.objects.create_user(email,password)
return render(request,'register.html',context)
def login_view(request):
form = LoginForm(request.POST or None)
context = {"form" : form}
if form.is_valid():
username = form.cleaned_data.get("username")
password = form.cleaned_data.get("password")
user = authenticate(request,username = username,password=password)
if user is not None:
login(request, user)
print("Looged In")
return redirect('home')
else:
print("Username or Password is Wrong")
return render(request,'login.html',context)
backends.py
from django.contrib.auth import get_user_model
from django.contrib.auth.backends import ModelBackend
class EmailBackend(ModelBackend):
def authenticate(self, username=None, password=None, **kwargs):
UserModel = get_user_model()
try:
user = UserModel.objects.get(email=username)
except UserModel.DoesNotExist:
return None
else:
if user.check_password(password):
return user
return None
settings.py
AUTHENTICATION_BACKENDS = ['profile_manager.backends.EmailBackend']
AUTH_USER_MODEL = 'profile_manager.MyUser'
forms.py
from django import forms
from django.contrib.auth import get_user_model
from django.contrib.auth.models import User
from .models import MyUser
User = get_user_model()
class RegisterForm(forms.Form):
email =forms.EmailField(widget = forms.TextInput(
attrs = {"class":"form-control",
"placeholder":"Email"
}),label='')
password = forms.CharField(widget =forms.PasswordInput(attrs = {"class":"form-control",
"placeholder":"Password"
}),label='')
password2 = forms.CharField(label ='' , widget = forms.PasswordInput(attrs = {"class":"form-control",
"placeholder":"Confirm Password"
}))
def clean_email(self):
email = self.cleaned_data.get('email')
qs = User.objects.filter(email =email)
if qs.exists():
raise forms.ValidationError("Email is already taken")
return email
def clean(self):
data =self.cleaned_data
password = self.cleaned_data.get('password')
password2 = self.cleaned_data.get('password2')
if password2!= password:
raise forms.ValidationError("Password must match")
return data
class LoginForm(forms.Form):
email = forms.EmailField(widget = forms.TextInput(
attrs = {"class":"form-control",
"placeholder":"Username"
}),label='')
password = forms.CharField(widget =forms.PasswordInput(attrs = {"class":"form-control",
"placeholder":"Password"
}),label='')
This line in your login_view can't be right:
username = form.cleaned_data.get("username")
Your form doesn't have a username field, it only has an email field.
i am a beginner in django. I am working on a project in which customer and companies have their own accounts the models.py is:
class Company_SignUp(models.Model):
comp_name = models.CharField(_('Company Name'), max_length=30)
email = models.EmailField(_('E-mail'), unique=True)
raise forms.ValidationError("This email address already exists.")
password1 = models.CharField(_('Password'), max_length=128)
password2 = models.CharField(_('Confirm Password'), max_length=30)
def __unicode__(self):
return smart_unicode(self.comp_name)
class Customer_SignUp(models.Model):
cust_name = models.CharField(_('Customer Name'), max_length=30)
email = models.EmailField(_('E-mail'), unique=True)
password1 = models.CharField(_('Password'), max_length=128)
password2 = models.CharField(_('Confirm Password'), max_length=30)
def __unicode__(self):
return smart_unicode(self.cust_name)
my forms.py is:
class Company(forms.ModelForm):
class Meta:
model = Company_SignUp
widgets = {
'password1': forms.PasswordInput(),
'password2': forms.PasswordInput(),
}
fields = ('email','password1','password2','comp_name')
def clean(self):
if 'password1' in self.cleaned_data and 'password2' in self.cleaned_data:
if self.cleaned_data['password1'] != self.cleaned_data['password2']:
raise forms.ValidationError(_("The two password fields did not match."))
elif len(self.cleaned_data['password1']) < 8:
raise forms.ValidationError(_("The password must be 8 characters long."))
return self.cleaned_data
class Customer(forms.ModelForm):
class Meta:
model = Customer_SignUp
widgets = {
'password1': forms.PasswordInput(),
'password2': forms.PasswordInput(),
}
def clean(self):
if 'password1' in self.cleaned_data and 'password2' in self.cleaned_data:
if self.cleaned_data['password1'] != self.cleaned_data['password2']:
raise forms.ValidationError(_("The two password fields did not match."))
elif len(self.cleaned_data['password1']) < 8:
raise forms.ValidationError(_("The password must be 8 characters long."))
return self.cleaned_data
how will i authenticate a company or a customer using their email and passwords.
i tried authenticate() but it doesn't work.
also how will i check during registration , the email address given already exists
ok now i created a backend which is:
from django.contrib.auth.models import User
from prmanager.models import Company_SignUp, Customer_SignUp
class EmailBackend(object):
def authenticate(self, username=None, password=None):
try:
o = Company_SignUp.objects.get(email=username, password1=password)
except Company_SignUp.DoesNotExist:
try:
o = Customer_SignUp.objects.get(email=username, password1=password)
except Customer_SignUp.DoesNotExist:
return None
return User.objects.get(email=o.email)
def get_user(self, user_id):
try:
return User.objects.get(pk=user_id)
except User.DoesNotExist:
return None
But now i cannot login to admin page using superuser credentials. what should i do
Models
Consider extending the User model from django.contrib.auth.models like so. If you don't want to do this, skip to the next section (Authentication).
from django.contrib.auth.models import User
class Customer(User):
# extra fields
The User model has common fields such as username,first_name,last_name,email, etc. You only need to specify any extra attributes your model may have.
The Django docs suggest extending AbstractBaseUser, which may work for you too.
Read more here: https://docs.djangoproject.com/en/1.7/topics/auth/customizing/#extending-the-existing-user-model
Authentication
For email-based authentication, you need to write your own authentication backend: https://docs.djangoproject.com/en/1.7/topics/auth/customizing/#writing-an-authentication-backend
Once you have that in place, you need to accept email / password and authenticate using authenticate and login.
from django.contrib.auth import authenticate, login
def my_view(request):
email = request.POST['email']
password = request.POST['password']
user = authenticate(email=email, password=password)
if user is not None:
if user.is_active:
login(request, user)
# Redirect to a success page.
else:
# Return a 'disabled account' error message
else:
# Return an 'invalid login' error message.
The above snippet is from the docs and I have modified it to fit your use-case.
More about authentication in Django: https://docs.djangoproject.com/en/1.7/topics/auth/default/#how-to-log-a-user-in
I'm using Django 1.7 and am trying to authenticate a user with email instead of the provided Django auth user.
This is my models.py
from django.db import models
from django.contrib.auth.models import AbstractBaseUser, BaseUserManager
class MyUserManager(BaseUserManager):
def create_user(self, email, password=None):
if not email:
raise ValueError('Users must have an email address')
user = self.model(
email=MyUserManager.normalize_email(email),
)
user.set_password(password)
user.save(using=self._db)
return user
def create_superuser(self, email, password):
user = self.create_user(email,
password=password,
)
user.is_admin = True
user.save(using=self._db)
return user
class MyUser(AbstractBaseUser):
"""
Custom user class.
"""
email = models.EmailField('email address', unique=True, db_index=True)
joined = models.DateTimeField(auto_now_add=True)
is_active = models.BooleanField(default=True)
is_admin = models.BooleanField(default=False)
USERNAME_FIELD = 'email'
def __unicode__(self):
return self.email
and this is a snippet from my views.py
def auth_view(request):
username = request.POST.get('username', '')
password = request.POST.get('password', '')
user = auth.authenticate(username=username, password=password)
if user is not None:
auth.login(request, user)
return HttpResponseRedirect('/')
else:
return HttpResponseRedirect('/invalid/')
def register_user(request):
if request.method == 'POST':
form = MyRegistrationForm(request.POST)
if form.is_valid():
print "Form is valid"
form.save()
return HttpResponseRedirect('/register_success/')
args = {}
args.update(csrf(request))
args['form'] = MyRegistrationForm()
return render_to_response('register.html', args, context_instance=RequestContext(request))
and finally, my forms.py
from django import forms
from django.contrib.auth.models import User
class MyRegistrationForm(forms.ModelForm):
"""
Form for registering a new account.
"""
email = forms.EmailField(widget=forms.EmailInput,label="Email")
password1 = forms.CharField(widget=forms.PasswordInput,
label="Password")
password2 = forms.CharField(widget=forms.PasswordInput,
label="Password (again)")
class Meta:
model = User
fields = ['email', 'password1', 'password2']
def clean(self):
"""
Verifies that the values entered into the password fields match
NOTE: Errors here will appear in ``non_field_errors()`` because it applies to more than one field.
"""
cleaned_data = super(MyRegistrationForm, self).clean()
if 'password1' in self.cleaned_data and 'password2' in self.cleaned_data:
if self.cleaned_data['password1'] != self.cleaned_data['password2']:
raise forms.ValidationError("Passwords don't match. Please enter both fields again.")
return self.cleaned_data
def save(self, commit=True):
user = super(MyRegistrationForm, self).save(commit=False)
user.set_password(self.cleaned_data['password1'])
if commit:
user.save()
return user
Whenever I try to register an account, I get an error 'NoneType' object has no attribute '_insert' from forms.py calling user.save and views.py calling form.save. I don't really know how to write the user.save, but I'd imagine that would fix both errors.
Can anyone help me?
look at forms.py imports
from django.contrib.auth.models import User
must import MyUser instead of that
same in
class Meta:
model = User
fields = ['email', 'password1', 'password2']
and add to MyUser class
objects = MyUserManage()
change to
class Meta:
model = MyUser
fields = ['email', 'password1', 'password2']
and settings.py must set:
AUTH_USER_MODEL = '<apppath>.MyUser'