Django Custom User Authentication Backend
Introduction
In some Django projects we need to customize user model. We don’t want to go with the Django’s existing user model because we need more fields in user model. Sometimes we want to login user with the unique-id of third party service like Facebook, Twitter and etc.
In this blog I describe how to create custom user model and custom authentication backend to perform such requirements.
Creating Custom User Model
In this example I have created custom user model named as ‘Staff’. I have extended this Staff model with Django’s User model and added more fields in Member which I needed.
from django.contrib.auth.models import User, UserManager
from django.db import models
class Designation(models.Model):
key = models.CharField(max_length=5)
name = models.CharField(max_length=32)
def __unicode__(self):
return str(self.name)
class Staff(User):
"""User with app settings."""
avatar = models.ImageField(upload_to="static/member_avatar/", blank=True,
null=True)
designation = models.ForeignKey(Designation)
# Use StaffManager to get the create_user method, etc.
objects = StaffManager()
class Meta(object):
verbose_name = 'Staff'
verbose_name_plural = 'Staffs'
Changes Required in Settings File
Then, in settings.py file you have to explicitly mention custom user model and custom authentication backend.
AUTHENTICATION_BACKENDS = ('auth_backends.StaffModelBackend',)
CUSTOM_USER_MODEL = 'app.Staff'
Creating custom authentication backend
Create the custom authentication backend class and in this class we have to change user_class property method to get user instance from our custom model instead of Django’s User model. We have mentioned this class in settings file so that Django will get user instance of our custom model using this class (instead of Django’s User model).
from django.conf import settings
from django.contrib.auth.backends import ModelBackend
from django.core.exceptions import ImproperlyConfigured
from django.db.models import get_model
class StaffModelBackend(ModelBackend):
def authenticate(self, username=None, password=None):
try:
user = self.user_class.objects.get(username=username)
if user.check_password(password):
return user
except self.user_class.DoesNotExist:
return None
def get_user(self, user_id):
try:
return self.user_class.objects.get(pk=user_id)
except self.user_class.DoesNotExist:
return None
@property
def user_class(self):
if not hasattr(self, '_user_class'):
self._user_class = get_model(*settings.CUSTOM_USER_MODEL.split('.', 2))
if not self._user_class:
raise ImproperlyConfigured('Could not get custom user model')
return self._user_class
Admin interface to add/edit custom User
You can also make a admin interface of your custom user model (i.e Staff). In below example, I have created StaffAdmin class which is used by Django’s admin to create/modify an instance of custom user model. In this class I have changed the fieldsets to create and modify forms.
from django.contrib import admin
from django.contrib.auth.admin import UserAdmin
from django.contrib.auth.forms import UserChangeForm, UserCreationForm
from django.utils.translation import ugettext_lazy as _
from app.models import Staff
class StaffChangeForm(UserChangeForm):
class Meta(UserChangeForm.Meta):
model = Staff
class StaffCreationForm(UserCreationForm):
class Meta(UserCreationForm.Meta):
model = Staff
class StaffAdmin(UserAdmin):
form = StaffChangeForm
add_form = StaffCreationForm
fieldsets = (
(None, {'fields': ('username', 'password')}),
(_('Personal info'), {'fields': ('first_name', 'last_name', 'email')}),
(_('Permissions'), {'fields': ('is_active', 'is_staff', 'is_superuser',
'user_permissions')}),
(_('Important dates'), {'fields': ('last_login', 'date_joined')}),
(None, {'fields': ('designation', 'avatar')}),
)
add_fieldsets = UserAdmin.add_fieldsets + (
(_('Personal info'), {'fields': ('first_name', 'last_name', 'email')}),
(_('Permissions'), {'fields': ('is_active', 'is_staff', 'is_superuser',
'user_permissions')}),
(None, {'fields': ('designation')}),
)
admin.site.register(Staff, StaffAdmin)
<========Thank You ========>
No comments:
Post a Comment