User Models
Default User Model
Django comes with a built-in user model, User, which is located in the django.contrib.auth.models module. This model provides several fields and methods to manage users, such as:
usernamefirst_namelast_nameemailpasswordis_staffis_activeis_superuserlast_logindate_joined
Creating a Superuser
To create an admin/superuser, use the createsuperuser management command: > This command prompts you to enter a username, email, and password.
python manage.py createsuperuser
## Authenticating Users
> Django provides an `authenticate()` function in `django.contrib.auth` to verify user credentials:
```python
from django.contrib.auth import authenticate
user = authenticate(username='john', password='secret')
if user is not None:
# A backend authenticated the credentials
else:
# No backend authenticated the credentialsLogging In Users
To log in a user, use the
login()function fromdjango.contrib.auth
from django.contrib.auth import login
login(request, user)Logging Out Users
To log out a user, use the
logout()function
from django.contrib.auth import logout
logout(request)Custom User Model
Django allows you to customize the user model by extending the base model or by creating a completely new one. This is especially useful if you need to add extra fields or change the behavior of the user model.
Extending the Default User Model
If you only need to add a few extra fields to the existing user model, you can extend
AbstractUser
from django.contrib.auth.models import AbstractUser
class CustomUser(AbstractUser):
bio = models.TextField(max_length=500, blank=True)Creating a Custom User Model
If you need more control over the user model, you can create a custom user model by extending
AbstractBaseUserandPermissionsMixin:
UserManager: djangos default user managerBaseUserManager: customAbstractUser: djangos default user modelAbstractBaseUser: customPermissionsMixin: all the methods for django permission model
from django.contrib.auth.models import AbstractBaseUser, BaseUserManager, PermissionsMixin
from django.db import models
class CustomUserManager(BaseUserManager):
def create_user(self, email, password=None, **extra_fields):
if not email:
raise ValueError('The Email field must be set')
if not password:
raise ValueError('The Password field must be set')
email = self.normalize_email(email)
user = self.model(email=email, **extra_fields)
user.set_password(password)
user.save(using=self._db)
return user
def create_superuser(self, email, password=None, **extra_fields):
extra_fields.setdefault('is_staff', True)
extra_fields.setdefault('is_superuser', True)
if extra_fields.get('is_staff') is not True:
raise ValueError('Superuser must have is_staff=True.')
if extra_fields.get('is_superuser') is not True:
raise ValueError('Superuser must have is_superuser=True.')
return self.create_user(email, password, **extra_fields)
class CustomUser(AbstractBaseUser, PermissionsMixin):
email = models.EmailField(unique=True)
first_name = models.CharField(max_length=30, blank=True)
last_name = models.CharField(max_length=30, blank=True)
date_joined = models.DateTimeField(auto_now_add=True)
is_active = models.BooleanField(default=True)
is_staff = models.BooleanField(default=False)
objects = CustomUserManager()
USERNAME_FIELD = 'email'
REQUIRED_FIELDS = ['first_name', 'last_name']
def __str__(self):
return self.emailUsing the Custom User Model
To use the custom user model, update the
AUTH_USER_MODELsetting in yoursettings.py
AUTH_USER_MODEL = 'yourapp.CustomUser'Migrating to a Custom User Model
Switching to a custom user model after running migrate can be complex. It’s generally recommended to set up the custom user model at the start of your project. If you need to switch to a custom user model later, you may need to: - Create a new model. - Write custom migration scripts to handle the transition. - Update all references to the old user model.
User Managers
Custom user models often require a custom manager. The manager is responsible for creating users and superusers.
create_user(): Method to create a regular user.create_superuser(): Method to create a superuser.
The custom manager should inherit from BaseUserManager.
Example of Custom User Manager
class CustomUserManager(BaseUserManager):
def create_user(self, email, password=None, **extra_fields):
# Implementation here...
def create_superuser(self, email, password=None, **extra_fields):
# Implementation here...User Authentication Backends
Django uses authentication backends to verify credentials. The default backend is ModelBackend, which authenticates against username and password.
You can create custom authentication backends by subclassing BaseBackend
from django.contrib.auth.backends import BaseBackend
class EmailBackend(BaseBackend):
def authenticate(self, request, username=None, password=None, **kwargs):
try:
user = CustomUser.objects.get(email=username)
except CustomUser.DoesNotExist:
return None
if user.check_password(password):
return user
return None
def get_user(self, user_id):
try:
return CustomUser.objects.get(pk=user_id)
except CustomUser.DoesNotExist:
return NoneTo use the custom backend, add it to
AUTHENTICATION_BACKENDSinsettings.py:
AUTHENTICATION_BACKENDS = ['yourapp.backends.EmailBackend']Signals
Django signals can be used to perform actions based on user-related events, such as user creation, login, or logout.
Example of Using Signals
from django.contrib.auth.models import User
from django.db.models.signals import post_save
from django.dispatch import receiver
@receiver(post_save, sender=User)
def create_user_profile(sender, instance, created, **kwargs):
if created:
Profile.objects.create(user=instance)