I have a Crew Model. The table has a password field. I dont want to display password in plain text. So I have added forms where I have used widget=forms.PasswordInput(). But this doesnt display the password after saving the data. How do I display password in hidden format?
class Crew(models.Model):
crew_id = models.AutoField(primary_key=True)
crew_code = models.CharField(max_length=200, null=False, unique=True)
crew_name = models.CharField(max_length=200, null=False)
crew_password = models.CharField(max_length=200, null=False)
Forms.py
class UserForm(forms.ModelForm):
crew_password = forms.CharField(widget=forms.PasswordInput())
class Meta:
model = Crew
fields = ('crew_name', 'crew_password', 'crew_code', 'crew_id')
In case you need to safe passwords ( I totally agree this is not the way for django users, but I do have some other connections with passwords saved) you should have a look at django-extensions, using python-keyczar to encrypt passwords).
To answer your question, i aslo found out the password widget does not show whether a password is filled in or empty. (i would expect dots or asterics to show there is something in the field, but should not be shown of course).
this does that exactly:
class SomeConnectionForm(forms.ModelForm):
class Meta:
widgets = {
'password': forms.PasswordInput(render_value = True),
}
the trick is the render_value=True
Related
I ran into a problem
I am making a job search site on Django, I have the following logic:
Authorization and authentication of ordinary job seekers using Django's built-in model - User
Also separate authorization and authentication for users who provide work, i.e. employers,
which are placed in my own model Employer
Here is my Employer model
class Employer(AbstractUser):
full_name = models.CharField(max_length=150, verbose_name="Ім'я")
main_office_city = models.ForeignKey(City, on_delete=models.CASCADE,
verbose_name='Місто головного офісу')
phone_number = models.ForeignKey(Phone, on_delete=models.CASCADE)
email = models.CharField(max_length=50, unique=True, verbose_name='Email')
hashed_password = models.CharField(max_length=120, default='')
date_joined = models.DateTimeField(verbose_name='Дата реєстрації',
default=timezone.now)
def __str__(self):
return self.full_name
class Meta:
verbose_name = 'Роботодавець'
verbose_name_plural = 'Роботодавці'
I read in the documentation that to create your own authentication system you can use the imitation from the AbstractUser class
But in my case this is not the best choice, because AbstractModel adds its own fields by default.
That is, I think that I need to either somehow make it so that the AbstractUser class does not add its fields, or think of some other authentication logic using another technology
Maybe someone has some ideas how it can be done?
I have a model named UserProfile and a model PersonalInformation. I would like to fetch all the data of PersonalInformation using UserProfile model when the user is logged into the webiste but i have a foreign key refernce in the PersonalInformation model with the UserProfile model so how do i fetch the personal information using UserProfile model?
User Profile Model :
class UserProfile(models.Model):
"""Represents a user's model inside our system"""
email = models.EmailField(max_length=255, unique=True)
name = models.CharField(max_length=255)
profile_picture = models.ImageField(upload_to='photos/%y/%m/%d/')
is_active = models.BooleanField(default=True)
is_staff = models.BooleanField(default=False)
highest_degree_earned = models.CharField(max_length=255, blank=False)
college_name = models.CharField(max_length=255, blank=False)
graduation_year = models.IntegerField(default=2020, blank=False)
Personal Information Model :
class PersonalInformation(models.Model):
"""Represents a user's personal Infromation inside our system"""
user = models.ForeignKey(UserProfile, on_delete=models.CASCADE)
mobile = models.CharField(max_length=10 ,blank=True)
bio = models.TextField(max_length=200, blank=True)
college_university = models.CharField(max_length=100, blank=False)
course = models.CharField(max_length=100, blank=False)
First of all, in the code, you are showing you have the names of the models wrong. The UserProfile model name is set as PersonalInformation, change it or the migrations won't work (it's not accepted on the database no matter which one you're using).
Referent to the question you're asking, to fetch the related instance of PersonalInformation of a certain UserProfile instance you should just query the next:
user = UserProfile.objects.get(id='') #Introduce the id of the user you want to fetch its personal information.
user.personalinformation_set.all() # This will return you a QuerySet with all the related instances of PersonalInformation class.
user.personalinformation_set.get(id='') #To get a specific one or you may use a filter to get a filtered QS.
If you want, you can use the related_name attribute for ForeignKey class in order to set a different name from personalinformation_set.
I recommend you too to read the Django documentation, it's really well explained and clear I think:
https://docs.djangoproject.com/en/2.2/topics/db/examples/many_to_one/
As I've seen in a comment, you may also think to use a OneToOne relation instead of ForeignKey if you only expect one instance of PersonalInformation per User. The documentation is at:
https://docs.djangoproject.com/en/2.2/topics/db/examples/one_to_one/
I know that some may say that there is no need to provide password in api-response if i have to hide it. but the point is, even if i go to admin section, i can see the password hash value, that's why i'm doing this.
So my question is, how can I hide that password in my API response. For ex. using asterisks.
Note: I have a custom model for my data.
i just need a function and where to put it to work.
models.py
from django.db import models
from django.contrib.auth.hashers import make_password
class MyUser(models.Model):
full_name = models.CharField(max_length=128)
profile_picture = models.ImageField(upload_to="user_data/profile_picture", blank=True)
username = models.CharField(max_length=128, unique=True)
birth_date = models.DateField(blank=True)
gender = models.CharField(max_length=10, blank=True)
password = models.CharField(max_length=255)
contact = models.CharField(max_length=15, blank=True)
email = models.CharField(max_length=100, unique=True)
time_stamp = models.DateTimeField(auto_now_add=True)
def __str__(self):
return self.username
def save(self, *args, **kwargs):
if not self.pk:
self.password = make_password(self.password)
super(MyUser, self).save()
You can provide any number of asterisks you like, or provide the hashed password (user.password). There is no way for you to know what a user's password is, or how many characters are in it, though, so providing somepassword as ************ (same number of characters) is not possible.
If you feel you need to provide something, I recommend just picking an arbitrary number of asterisks.
As an aside, I would strongly suggest you look at the documentation for extending the Django User model, rather than fully rolling your own.
It's better to override the BaseUserManager, AbstractBaseUser from django.contrib.auth.models to work with your custom model. Thus it will act as a default User model(built-in model) and it will do all. Follow this link to the guide(Code) or Follow this link for step by step brief guide(video tutorial)
I'm developing a Django app with these models:
class GenericUser(AbstractBaseUser, PermissionsMixin):
email = models.EmailField(max_length=254, unique=True)
....
class Usertype1(GenericUser):
phone = models.CharField(max_length=20, blank=False)
....
class Usertype2(GenericUser):
mobile = models.CharField(max_length=20, blank=False)
....
I'm using django-registration. Every user has their own register template, and I've already solved that. The GenericUser only has basic common fields and doesn't have any registration template. I'm using it as the main Auth model.
The problem comes when I try to register as a new user of Usertype1 or Usertype2. Django falls back and creates a new GenericUser element, without doing anything in the Usertype1/2 tables. My question is: Do I need to do something else to create the Usertype registers? I think I'm missing something.
Django only supports one authentication user. The best solution to your situation is to use the default user with two fields:
phone = models.CharField(max_length=20, blank=False)
mobile = models.CharField(max_length=20, blank=False)
and make a form to validate that you need either phone or mobile. Another option is to have:
phone = models.CharField(max_length=20, blank=False)
is_mobile = models.BoleanField()
and use is_mobile to ask whether the user is using phone or mobile.
More specific situations have to be address in a similar way.
class Users(models.Model):
username = models.CharField(max_length=255)
password = models.CharField(max_length=300)
password_token = models.CharField(max_length=300, default='0')
The password text input field is regular text input field. It's not password field.
How can I get password field in django?
I tried password = models.CharField(max_length=300, widget=forms.PasswordInput ) but got error.
One way if you have a forms.py in your app is to specify the widgets in your class Meta e.g.
from django.forms import ModelForm, PasswordInput
class UserForm(ModelForm):
class Meta:
model = Users
widgets = {
'password' : PasswordInput(),
}
Widgets are assigned in the forms, not on the model.
Please see the docs for forms documentation: https://docs.djangoproject.com/en/dev/ref/forms/widgets/
You can use this approach. Create a file named forms.py inside your app.
for example:
from django import forms
from models import Users
class UsersForm(forms.ModelForm):
password = forms.CharField(widget=forms.PasswordInput)
class Meta:
model = Users