django-authtools - A Custom User Model For Everyone

Transcript

1. Django Custom User Models Aaron Merriam Rocky Meza

2. None

3. On Github • github.com/fusionbox • github.com/aaronmerriam • github.com/rockymeza

4. • Support introduced in 1.5. https://docs.djangoproject.com/en/dev/topics/auth/customizing/ Custom User Models

5. Why a Custom User? • Email as username. ◦ Most

   apps don’t really need a username

6. Why a Custom User? • Email as username. ◦ Most

   apps don’t really need a username • Name ◦ First/Last name is wrong.

7. Why a Custom User? • Email as username. ◦ Most

   apps don’t really need a username • Name ◦ First/Last name is wrong. • Control over your User model ◦ methods and properties ◦ managers and queryset methods

8. How to use a Custom User Model?

9. Do this: models.py settings.py

10. Implement these: • Model ◦ USERNAME_FIELD ◦ REQUIRED_FIELDS ◦ is_active

    ◦ get_full_name() ◦ get_short_name() ◦ get_username() ◦ is_anonymous() ◦ is_authenticated() ◦ set_password() ◦ check_password() ◦ set_unusable_password() ◦ has_usable_password() • Custom Manager ◦ create_user() ◦ create_superuser()

11. Admin • UserCreationForm • UserChangeForm • ModelAdmin

12. Forms • User Creation • Update Account

13. models.py admin.py Full example (from Django docs)

14. Custom Login Logic? Custom Password Reset Logic?

15. A Custom User Model app for everyone! Introducing django-authtools

16. Installation 1. Add authtools to your INSTALLED_APPS 2. AUTH_USER_MODEL =

    ‘authtools.User’ 3. url(r'^accounts/', include('authtools.urls'))

17. Email As Username

18. Extensible Views

19. Extensible Views And (mostly) drop in class based replacements for

    all of the views provided by the built in auth app.

20. Password Reset • built in password_reset_confirm doesn’t log you in?

    • django-authtools provides an additional view password_reset_confirm_and_login that does.

21. Generic Forms • built in UserChangeForm and UserCreationForm don’t work

    with custom users. • django-authtools forms do.

22. Generic ModelAdmin Classes

23. django-authtools • email as username • name instead of first_name,

    last_name • extensible class based views • better password reset • generic forms • generic admin

24. Migrating to a Custom User (with South)

25. Choices • Ease of migration and model.Meta warts vs •

    More difficult migration

26. More on Migrations • Unique constraints (email address) • 3rd

    party applications aren’t all up to speed.

27. Storing additional user information.

28. Don’t do this

29. Don’t do this • Not reusable • Mixes profile code

    with authentication and authorization.

30. UserProfiles

31. UserProfile support in Django settings.py models.py

32. Lets you do this.

33. Deprecated in 1.5

34. Still a great pattern.

35. Do this instead Don’t do this

36. And if you want to get fancy.

37. UserProfile

38. UserProfile • Reusable • Keeps authentication and authorization separate. •

    Composability

39. Dos and Don’ts Don’t: Import `User` from `django.contrib.auth.models` or directly

    reference that class anywhere in your code. Do: Use the ‘get_user_model’ function from ‘django. contrib.auth’

40. Dos and Don’ts Don’t: Make ForeignKeys that point to users

    via the actual User model, or ‘auth.User’. Do: Point ForeignKeys to `settings.AUTH_USER_MODEL`

41. Links • django-authtools source ◦ https://github.com/fusionbox/django-authtools • django-authtools documentation ◦

    https://django-authtools.readthedocs.org • Django documentation on custom user model ◦ https://docs.djangoproject. com/en/dev/topics/auth/customizing/ https://docs. djangoproject. com/en/1. 6/topics/auth/c ustomizing/