Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Red User, Blue User, MyUser, auth.User

Russell Keith-Magee
September 04, 2013
Technology
4
1.1k

Red User, Blue User, MyUser, auth.User

An exploration of one of the banner features of Django 1.5 -- Custom User models. Includes worked examples, a discussion of design decisions that must be made, and a look at the internal architecture that makes it all possible.

Russell Keith-Magee

September 04, 2013
Tweet

More Decks by Russell Keith-Magee

See All by Russell Keith-Magee
Python All The Things!
freakboy3742
2
300
Snakes in a browser
freakboy3742
1
110
Making a splash with your open source project
freakboy3742
0
350
Things your parents didn't teach you about sharing your toys
freakboy3742
0
360
A tale of two cellphones: Python on Android and iOS
freakboy3742
0
220
Beyond Web 2.0 - Django and Python in the modern web ecosystem
freakboy3742
0
250
Python on the move: The state of Mobile Python
freakboy3742
0
270
I am a doctor...
freakboy3742
0
140
Professional Yak Coiffure
freakboy3742
0
83

Other Decks in Technology

See All in Technology
Android Target SDK 35 (Android 15) 対応の概要
akkie76
0
160
AWS学習者向けにAzureの解説スライドを作成した話
handy
3
190
自己改善からチームを動かす! 「セルフエンジニアリングマネージャー」のすゝめ
shoota
6
1k
Python と Snowflake はズッ友だょ!~ Snowflake の Python 関連機能をふりかえる ~
__allllllllez__
2
140
IPUT App Dev. Co. -Overview 2024/4
iputapp
0
130
コードや知識を組み込む / Incorporate Code and knowledge
ks91
PRO
0
150
DMM.com アルファ室採用案内資料
hsugita
1
230
Amplify 🩷 Bedrock 〜生成AI入門〜
minorun365
PRO
8
720
Babylon.js JAPAN活動紹介 (2024/4)
limes2018
1
120
GrafanaMeetup_AmazonManagedGrafanaのアクセス制御機能とマルチテナント環境下でのアクセス制御について
daitak
0
400
Next.js に疲れた私は Vue3 に癒やされた
akagire
0
140
web-application-security
matsuihidetoshi
1
190

Featured

See All Featured
Clear Off the Table
cherdarchuk
85
310k
Keith and Marios Guide to Fast Websites
keithpitt
408
22k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
20
1.8k
Large-scale JavaScript Application Architecture
addyosmani
504
110k
Building Flexible Design Systems
yeseniaperezcruz
320
37k
Agile that works and the tools we love
rasmusluckow
325
20k
Building Your Own Lightsaber
phodgson
100
5.7k
Into the Great Unknown - MozCon
thekraken
14
1k
Java REST API Framework Comparison - PWX 2021
mraible
PRO
18
6.9k
The Invisible Side of Design
smashingmag
294
49k
Imperfection Machines: The Place of Print at Facebook
scottboms
261
12k
4 Signs Your Business is Dying
shpigford
176
21k

Transcript

  1. Red User, Blue User, MyUser, auth.User Dr Russell Keith-Magee DjangoCon

    US 2013
  2. None
  3. None

  4. Image Source: Amazon.com

  5. Why should we care?

  6. Login using email address

  7. Associating profile data with the User model

  8. What’s in a name?

  9. class User(Model): first_name = CharField(max_length=30) last_name = CharField(max_length=30)

  10. WTF?

  11. ⽑毛泽东 Mao Zedong Image Source: Wikipedia

  12. Yao Ming Image Source: Wikipedia

  13. Björk Guðmundsdóttir Image Source: IMDB

  14. Mahathir bin Mohamad Image Source: Wikipedia

  15. Mohd. Anwar El Sadat Image Source: Wikipedia

  16. Aránzazu Isabel María Sánchez Vicario Image Source: Wikipedia

  17. Ayrton Senna da Silva Image Source: Wikipedia

  18. Stilgherrian Image Source: stilgherrian.com/about; ©2009 Trinn (’Pong) Suwannaph; Used with

    permission

  19. www.w3.org/International/questions/qa-personal-names

  20. class User(Model): first_name = CharField(max_length=30) last_name = CharField(max_length=30)

  21. class User(Model): first_name = CharField(max_length=100) last_name = CharField(max_length=100) NOPE

  22. class User(Model): christian_name = CharField(max_length=10) middle_initial = CharField(max_length=1) last_name =

    CharField(max_length=10)

  23. Names are hard. Lets go shopping.

  24. Do you really need separate fields? Full name

  25. If you do, don’t use first/last name. Family name Other/Given

    names

  26. “How would you like to be addressed?”

  27. Other tips • Don’t assume a single letter is an

    initial • Be wary of name-part algorithms • Spaces, Apostrophes and Hyphens are all legal characters in names • Don’t require a “family name” • “Previous name”, not “Maiden name” • Honorifics even more complex

  28. On the subject of “do you need to ask”...

  29. http://www.tizag.com/phpT/examples/formex.php

  30. Kuzdu and the California Marriage Amendment http://linuxmafia.com/faq/Essays/marriage.html

  31. When it comes to questions of identity: You need to

    think

  32. Do I need to ask at all?

  33. Custom User Models

  34. This is all in the docs.

  35. 1. Define user model • 2 possible abstract base classes:

    • AbstractBaseUser • AbstractUser • Maybe with PermissionsMixin • Define USERNAME_FIELD • Define REQUIRED_FIELDS • Define get_full_name() and get_short_name()

  36. 2. Define your Manager • Need to describe: • How

    to create users • How to create superusers

  37. 3. Define forms • UserCreationForm • UserChangeForm • PasswordResetForm (maybe)

  38. 4. Register with admin • Only need to do this

    if you’re using admin • Subclass contrib.admin.UserAdmin • admin.site.register() • Don’t need to unregister default User

  39. 5. Register model • In settings, define: AUTH_USER_MODEL = ‘myapp.MyUser’

  40. 6. Update Foreign Keys • Before: • ForeignKey(User) • After:

    • ForeignKey(settings.AUTH_USER_MODEL)

  41. Documented Gotchas

  42. USERNAME_FIELD must be unique and not in REQUIRED_FIELDS

  43. Signal registration

  44. What isn’t in the docs?

  45. Reverse lookup naming

  46. Reverse lookup naming class Department(Model): ... class User(AbstractUser): full_name =

    CharField() department = ForeignKey(Department) department = Department.objects.get(...) print department.user_set.all()

  47. Reverse lookup naming class Department(Model): ... class MyUser(AbstractUser): full_name =

    CharField() department = ForeignKey(Department) department = Department.objects.get(...) print department.myuser_set.all()

  48. Reverse lookup naming class Department(Model): ... class MyUser(AbstractUser): full_name =

    CharField() department = ForeignKey(Department, related_name=‘user_set’) department = Department.objects.get(...) print department.user_set.all()

  49. Reverse lookup naming class Department(Model): ... class MyUser(AbstractUser): full_name =

    CharField() department = ForeignKey(Department) department = Department.objects.get(...) attr = “%s_set” % user._meta.object_name print getattr(department,attr).all()

  50. The User Contract

  51. Examples of use

  52. Email based login

  53. Email-based login • Define a user model with • email

    = EmailField(max_length=254) • USERNAME_FIELD = ‘email’ • Define forms, admin, etc • Set AUTH_USER_MODEL

  54. Better yet: Don’t reinvent the wheel!

  55. Ticket #20824

  56. API-based login

  57. Kerberos Single Sign-on

  58. Kerberos Single Sign-on • “username” is your Kereros token: username@domain

    • Define an authentication backend that converts credentials into users

  59. Authentication Backends • On login, you provide a credentials dict

    • Usually, Username and Password • Can be anything • Authentication backend turns credentials into a validated user • Can have multiple authentication backends.

  60. www.roguelynn.com /words/django-custom-user-models/

  61. Profile data

  62. Option 1 class User(AbstractUser): full_name = CharField() birth_date = DateField()

    avatar = FileField()

  63. Option 2: class User(AbstractUser): ... class UserProfile(Model): full_name = CharField()

    user = OneToOneField(User) birth_date = DateField() avatar = FileField()

  64. Option 2: class User(AbstractUser): ... class IdentityProfile(Model): user = OneToOneField(User)

    full_name = CharField() birth_date = DateField() class DisplayProfile(Model): user = OneToOneField(User) avatar = FileField()

  65. Option 3: Hybrid class User(AbstractUser): full_name = CharField() class UserProfile(Model):

    user = OneToOneField(User) birth_date = DateField() avatar = FileField()

  66. So which approach should you use?

  67. It depends.

  68. Broadly: Profiles are better architecture

  69. But: there’s a cost

  70. Where to draw the line for the hybrid models?

  71. One more thing...

  72. How does it all work?

  73. THE FOLLOWING SLIDES WILL SELF DESTRUCT AFTER THIS PRESENTATION

  74. How it works • No internal references to auth.User •

    auth.User has a Meta property: swappable = ‘AUTH_USER_MODEL’ • Defines the name of a setting • Inspected at runtime for the “real” class • generates Meta.swapped • The rest is just validation

  75. ForeignKeys + M2M • No new features in ForeignKey or

    M2M • ForeignKey(‘auth.User’) has always worked • Now, we’re just using a setting • Validation that ForeignKey doesn’t point at a “swapped” model.

  76. The dirty secret: You can make your own models swappable.

  77. None

  78. Questions? http://cecinestpasun.com [email protected] @freakboy3742