We Keep Coding

Django Custom User Model is not using The model manager while creating normal users

I'm trying to create a user from the Django rest framework's ModelViewset. (However, I've also tried to do the same with regular Django's model form. In both cases, the CustomUser model is not using the create_user function from the Model manager.
My codes are as follows:
Model Manager
class CustomUserManager(BaseUserManager):
def create_user(self, email, phone, full_name, **other_fields):
email = self.normalize_email(email)
if not email:
raise ValueError("User must have an email")
if not full_name:
raise ValueError("User must have a full name")
if not phone:
raise ValueError("User must have a phone number")
user = self.model(
email=self.normalize_email(email),
phone=phone,
full_name=full_name,
is_active=True,
)
other_fields.setdefault('is_active', True)
user.set_password(phone)
user.save(using=self._db)
return user
def create_superuser(self, email, phone, full_name, password=None, **other_fields):
if not email:
raise ValueError("User must have an email")
if not password:
raise ValueError("User must have a password")
if not full_name:
raise ValueError("User must have a full name")
if not phone:
raise ValueError("User must have a phone number")
user = self.model(
email=self.normalize_email(email),
full_name = full_name,
phone = phone
)
user.set_password(password) # change password to hash
other_fields.setdefault('is_staff', True)
other_fields.setdefault('is_superuser', True)
other_fields.setdefault('is_active', True)
user.save(using=self._db)
return user
Model:
class CustomUserModel(AbstractBaseUser, PermissionsMixin, AbstractModel):
email = models.EmailField(unique=True)
username = models.CharField( max_length=150, unique=True, null=True, blank=True)
phone = PhoneNumberField(unique=True)
full_name = models.CharField(max_length=50, null=True, blank=True)
is_active = models.BooleanField(default=False)
is_staff = models.BooleanField(default=False)
objects = CustomUserManager()
USERNAME_FIELD = 'email'
REQUIRED_FIELDS = ['phone', 'full_name']
class Meta:
verbose_name = 'User'
verbose_name_plural = 'Users'
def __str__(self):
return f'{self.username} - {self.email}'
def save(self, *args, **kwargs):
if not self.username:
uid = str(uuid4()).split('-')[1].upper()
today = str(date.today()).replace('-', '').swapcase()
splitted_uname = self.full_name.split(' ')[0][:2].upper()
self.username = f'{splitted_uname}-{uid}{today}'
super(CustomUserModel, self).save(*args, **kwargs)
Django REST Framework's ViewSet
class UserBaseViewSet(viewsets.ModelViewSet):
allowed_methods = ('GET', 'POST', 'PATCH')
serializer_class = serializers.UserBaseListSerializer
queryset = CustomUserModel.objects.all()
permission_classes = [IsProfileOwnerOrReadOnly, ]
lookup_field = 'username'
def get_serializer_class(self):
if self.action == 'retrieve':
return serializers.UserBaseDetailSerializer
return super().get_serializer_class()
While creating superusers from the command line it works perfectly.
What am I missing in this process?
I debug the process but the model class doesn't users the create_user function of the manager in any way.

You will have to override create of UserBaseListSerializer to call the manager's create_user:
class UserBaseListSerializer(serializers.ModelSerializer):
...
def create(self, validated_data):
return CustomUserModel.objects.create_user(**validated_data)

How to remove username field and password2 field from RegisterSerializer in django rest framework?

When I call the api/seller/register api, the fields appear are username, password1 and password2. I want these removed and only want simple password, email and phone_num.
How to remove this?
I am trying to make a seller registration using RegisterSerializer. I tried with ModelSerailzers and provided fields as I want but this will lead to me the error saying save() only takes 1 argument.So, I just want these unnecessary fields removed using RegisterSerializer.
My model:
class CustomUserManager(BaseUserManager):
"""
Custom user model manager with email as the unique identifier
"""
def create_user(self, first_name, last_name, email, password, **extra_fields):
"""
Create user with the given email and password.
"""
if not email:
raise ValueError("The email must be set")
first_name = first_name.capitalize()
last_name = last_name.capitalize()
email = self.normalize_email(email)
user = self.model(
first_name=first_name, last_name=last_name, email=email, **extra_fields
)
user.set_password(password)
user.save()
return user
def create_superuser(self, first_name, last_name, email, password, **extra_fields):
"""
Create superuser with the given email and password.
"""
extra_fields.setdefault("is_staff", True)
extra_fields.setdefault("is_superuser", True)
extra_fields.setdefault("is_active", True)
if extra_fields.get("is_staff") is not True:
raise ValueError("Superuser must have is_staff=True.")
if extra_fields.get("is_superuser") is not True:
raise ValueError("Superuser must have is_superuser=True.")
return self.create_user(first_name, last_name, email, password, **extra_fields)
class CustomUser(AbstractUser):
username = models.CharField(max_length=255,blank=False)
first_name = models.CharField(max_length=255, verbose_name="First name")
last_name = models.CharField(max_length=255, verbose_name="Last name")
email = models.EmailField(unique=True)
is_seller = models.BooleanField(default=False)
is_customer = models.BooleanField(default=False)
USERNAME_FIELD = "email"
REQUIRED_FIELDS = ["first_name", "last_name"]
objects = CustomUserManager()
def __str__(self):
return self.email
My serializer:
class SellerRegisterSerializer(RegisterSerializer):
seller = serializers.PrimaryKeyRelatedField(read_only=True,)
# username = serializers.CharField(required=True)
phone_num = serializers.CharField(required=False)
# class Meta:
# model = User
# fields = ['seller','email', 'phone_num', 'first_name', 'last_name', 'password']
def get_cleaned_data(self):
data = super(SellerRegisterSerializer, self).get_cleaned_data()
extra_data = {
'phone_num': self.validated_data.get('phone_num', ''),
}
data.update(extra_data)
return data
def save(self, request, **kwargs):
user = super(SellerRegisterSerializer, self).save(request)
# user = super().save(is_seller=True)
user.is_seller = True
user.save()
seller = Seller(seller=user,
phone_num=self.cleaned_data.get('phone_num'))
seller.save()
return user
My view:
class SellerRegisterView(RegisterView):
serializer_class = SellerRegisterSerializer

Unable to login because Django saving passwords in plain text but

class UserManager(BaseUserManager):
def create_user(self, username, email, password=None):
if username is None:
raise TypeError('User should have a username')
if email is None:
raise TypeError('User should have an email')
user = self.model(
username=username,
email=self.normalize_email(email)
)
user.set_password(password)
user.save(using=self._db)
return user
def create_superuser(self, username, email, password=None):
if password is None:
raise TypeError('Password should not be none')
user = self.create_user(username, email, password)
user.is_superuser = True
user.is_staff = True
user.save()
return user
class User(AbstractBaseUser, PermissionsMixin):
username = models.CharField(
max_length = 255,
unique = True,
db_index = True
)
email = models.EmailField(
max_length = 255,
unique = True,
db_index = True
)
is_verified = models.BooleanField(default = False)
is_staff = models.BooleanField(default = True)
is_active = models.BooleanField(default = True)
USERNAME_FIELD = 'email'
REQUIRED_FIELDS = ['username']
objects = UserManager()
def __str__(self):
return self.email
def tokens(self):
refresh = RefreshToken.for_user(self)
return {
'refresh': str(refresh),
'access': str(refresh.access_token)
}
class RegisterSerializer(serializers.ModelSerializer):
password = serializers.CharField(
max_length = 255,
min_length = 6,
write_only = True
)
class Meta:
model = User
fields = ['email', 'username', 'password']
extra_kwargs = {'password': {'write_only': True, 'min_length': 5}}
def validate(self, attrs):
email = attrs.get('email', '')
username = attrs.get('username', '')
if not username.isalnum():
raise serializers.ValidationError(
"Username should contain only alphanumeric characters"
)
return attrs
def create(self, validated_data):
return User.objects.create_user(**validated_data)
class RegisterView(generics.GenericAPIView):
permission_classes = (AllowAny,)
serializer_class = RegisterSerializer
def post(self, request):
serializer = self.serializer_class(data=request.data)
serializer.is_valid(raise_exception=True)
serializer.save()
user_data = serializer.data
return Response(
serializer.data,
status=status.HTTP_201_CREATED
)
Currently I'm using django 3.1.3 and djangorestframework 3.12.2. While I'm able to login with superuser and getting tokens properly but couldn't login with staff users. From Django admin I have seen only superuser has hashed password and all other users have plain text password.

You do not set the password with user.password, that is just a text field on a model and works like any other. You must either:
preferred: Call user.set_password(value)
backup: Calculate the password manually using make_password before saving
You already have a create method so we'll work with that first.
from django.contrib.auth.hashers import make_password
def create(self, validated_data):
pwd = validated_data.pop("password")
user = User.objects.create(**attrs)
user.set_password(pwd)
user.save(updated_fields=["password"])
return user
# or you could replace it in validated_data
def create(self, validated_data):
validated_data["password"] = make_password(validated_data["password"])
return User.objects.create(**attrs)
You have a validation routine, but it is global. If you make it specific to the password field then you can calculate it there and leave create alone. People don't usually do that, because it is standard to have a "confirm password" field as well.
def validate_password(self, value):
# ...
return make_password(value)
Now if you want to add a confirm_password field then you are going to need to a validate(self, attrs) anyway to compare the two fields, so I would recommend against this last method.

django AttributeError: dict object has no attribute 'pk'

I'm making a simple django rest framework project.
This is just creating a new user, and logging in.
When I used django basic auth user model, everything worked well.
But after changing basic user model to custom user, this error comes out when creating a new user:
dict object has no attribute 'pk'
Custom user model is made referred to django docs.
Error says that:
File "/home/seokchan/server/mdocker/lib/python3.5/site-packages/django/contrib/auth/__init__.py",
line 100, in login
if _get_user_session_key(request) != user.pk or ( AttributeError: 'dict' object has no attribute 'pk'
This seems to say that user model has no pk, but I don't get it.
models.py
class MyUserManager(BaseUserManager):
def create_user(self, username, email, password=None):
if not email:
raise ValueError('Users must have an email address')
if not username:
raise ValueError('Users must have an user name')
user = self.model(
email=self.normalize_email(email),
username = username
)
user.set_password(password)
user.save(using=self._db)
return user
def create_superuser(self, username, email, password):
user = self.create_user(
username,
password=password,
email = email,
)
user.is_admin = True
user.save(using=self._db)
return user
class MyUser(AbstractBaseUser):
id = models.AutoField(primary_key=True)
username = models.CharField(
verbose_name='user name',
max_length=30,
unique=True,
)
email = models.EmailField(
verbose_name='email address',
max_length=255,
unique=True,
)
is_active = models.BooleanField(default=True)
is_admin = models.BooleanField(default=False)
sth_test = models.TextField(blank = True)
objects = MyUserManager()
USERNAME_FIELD = 'username'
REQUIRED_FIELDS = ['email']
def __str__(self):
return self.username
def has_perm(self, perm, obj=None):
"Does the user have a specific permission?"
# Simplest possible answer: Yes, always
return True
def has_module_perms(self, app_label):
"Does the user have permissions to view the app `app_label`?"
# Simplest possible answer: Yes, always
return True
#property
def is_staff(self):
"Is the user a member of staff?"
# Simplest possible answer: All admins are staff
return self.is_admin
serializers.py
class CreateUserSerializer(serializers.ModelSerializer):
class Meta:
model = get_user_model
fields = ('id', 'username', 'email', 'password', 'is_active')
email = serializers.EmailField(
required=True,
validators=[UniqueValidator(queryset=User.objects.all())]
)
username = serializers.CharField(
max_length=32,
validators=[UniqueValidator(queryset=User.objects.all())]
)
password = serializers.CharField(min_length=8, write_only=True)
def validate_email(self,value):
if User.objects.filter(email=value).exists():
raise serializers.ValidationError("err.")
return value
def create(self, validated_data):
user = User.objects.create_user(
validated_data['username'],
validated_data['email'],
validated_data['password'],
)
user.is_active = False
user.save()
message=render_to_string('accounts/account_activate_email.html',{
'user':user,
'domain':'localhost:8000/api/accounts/activate',
'uid':urlsafe_base64_encode(force_bytes(user.pk)).decode('utf-8'),
'token':account_activation_token.make_token(user)
})
mail_subject = 'Bplus'
to_email = user.email
AuthEmail = EmailMessage(mail_subject, message, to=[to_email])
AuthEmail.send()
return validated_data
views.py
class UserCreateAPI(generics.GenericAPIView):
serializer_class = CreateUserSerializer
def post(self, request, *args, **kwargs):
if len(request.data["username"]) < 4 or len(request.data["password"]) < 8:
body = {"message":"short field"}
return Response(body, status = 400)
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
user = serializer.save()
user_for_auth = User.objects.get(username=user['username'])
login(request, user)
return Response(
{
"user":UserSerializer(
user, context=self.get_serializer_context()
).data,
"token":AuthToken.objects.create(user_for_auth),
}
)
How can I fix this error?

Your serializer create method returns the validated data instead of the created object. Since that is a dict, that is what you end up passing to the login function.
You should have return user instead of return validated_data.

Django UserCreationForm

We have built our platform using django and created a custom user model for our usage.
Up until now our platform was invite only and now we want to open the invites to everyone.
I've modified our custom form and view for the user registration and everything is working, but we're facing one issue. When sending an invite if the user's email is not registered on our platform we create a new user for him and set a boolean to mark him as not active. When coming in with the invite everything works OK, but if the user goes directly to our page and opens the registration form we get the error that a user with this email already exists.
We're extending the CreateView and the UserCreationForm to implement our custom registration form, so I'm guessing I must override one of the methods in these classes but not quite sure which one, I've tried with the save method of the UserCreationForm but it doesn't seem to work, it pops up the error messages without going into that method.
Any ideas on how I could do this? The implementation required would be that we look if a user with that email exists and he is inactive then save the registration form elements and set him to active, otherwise just show the error message.
class CustomUserCreationForm(UserCreationForm):
"""A form for creating new users. Includes all the required
fields, plus a repeated password."""
password1 = forms.CharField(label='Password', widget=forms.PasswordInput)
password2 = forms.CharField(label='Password confirmation', widget=forms.PasswordInput)
def __init__(self, *args, **kwargs):
super(CustomUserCreationForm, self).__init__(*args,**kwargs)
self.fields.pop('username')
class Meta:
model = DealCircleUser
#fields = ('email', 'dob', 'first_name', 'last_name')
fields = ('email', 'first_name', 'last_name')
def clean_password2(self):
# Check that the two password entries match
password1 = self.cleaned_data.get("password1")
password2 = self.cleaned_data.get("password2")
if password1 and password2 and password1 != password2:
raise forms.ValidationError ("Passwords don't match")
return password2
def save(self, commit=True):
exits = DealCircleUser.objects.filter(email=self.cleaned_data["email"]).exists()
if exits:
print('We have the user')
user = DealCircleUser.objects.get(email=self.cleaned_data["email"])
else:
print('No user found')
# Save the provided password in hashed format
user = super(UserCreationForm, self).save(commit=False)
#check if there is a user already created with this
user.set_password(self.cleaned_data["password1"])
if commit:
user.save()
return user
And the view is:
class RegisterUserView(CreateView):
model = DealCircleUser
template_name = 'register.html'
form_class = CustomUserCreationForm
success_url = reverse_lazy('frontend_profile')
invitation = None
def get_form(self, form_class):
code = self.request.GET.get('code')
if code:
self.invitation = Invitation.validate_code(code)
if not self.request.user.is_anonymous():
form_class = InputEmailForm
self.object = self.request.user
form = super(RegisterUserView, self).get_form(form_class)
form.fields['email'].widget.attrs['class'] = 'form-control'
if self.request.user.is_anonymous():
if self.invitation and self.invitation.email:
form.fields['email'].widget.attrs['readonly'] = True
form.fields['first_name'].widget.attrs['class'] = 'form-control'
form.fields['last_name'].widget.attrs['class'] = 'form-control'
form.fields['password1'].widget.attrs['class'] = 'form-control'
form.fields['password2'].widget.attrs['class'] = 'form-control'
if self.invitation:
form.initial['email'] = self.invitation.email
return form
def get_context_data(self, **kwargs):
ret = super(RegisterUserView, self).get_context_data(**kwargs)
ret['twitterEnabled'] = settings.ENABLE_TWITTER
if self.request.user.is_anonymous():
#if not self.invitation or self.invitation.is_used():
# ret['invalid_code'] = True
# return ret
if self.invitation and self.invitation.is_used():
ret['invalid_code'] = True
return ret
ret['code'] = self.request.GET.get('code')
return ret
def form_valid(self, form):
ret = super(RegisterUserView, self).form_valid(form)
if type(ret) == HttpResponseRedirect:
if self.invitation:
self.invitation.status = Invitation.STATUS_REGISTERED
self.invitation.save()
messages.add_message(self.request, messages.SUCCESS,
_('Your account has been created. Welcome to DealCircle!'))
else:
messages.add_message(self.request, messages.SUCCESS, _('Your account has been updated successfully.'))
user = authenticate(email=form.cleaned_data.get('email'), password=form.cleaned_data.get('password1'))
if user and user.is_active:
login(self.request, user)
return ret
def get_success_url(self):
if self.invitation and self.invitation.deal:
return reverse('frontend_invitation_response', args=(self.invitation.code,))
else:
return reverse('frontend_profile')
def linkedin_info(user):
import oauth2 as oauth
consumer = oauth.Consumer(settings.SOCIAL_AUTH_LINKEDIN_KEY, settings.SOCIAL_AUTH_LINKEDIN_SECRET)
access_token = oauth.Token(key=user.linkedin_token, secret=user.linkedin_token_secret)
client = oauth.Client(consumer, access_token)
resp, content = client.request("http://api.linkedin.com/v1/people/~:(first-name,last-name,phone-numbers,picture-urls::(original))?format=json", "GET", "")
return resp, content
The custom user manager is this:
class DealCircleUserManager(BaseUserManager):
def create_user(self, email=None, password=None, **extra_fields):
now = timezone.now()
if not email:
raise ValueError('The given email must be set')
email = UserManager.normalize_email(email)
user = self.model(email=email,
is_staff=False, is_active=True, is_superuser=False,
last_login=now, date_joined=now, **extra_fields)
user.set_password(password)
user.save(using=self._db)
from postman.models import AddressBook
AddressBook.objects.get_or_create(user=user)
return user
def create_superuser(self, email, password, **extra_fields):
u = self.create_user(email, password, **extra_fields)
u.is_staff = True
u.is_active = True
u.is_superuser = True
u.save(using=self._db)
from postman.models import AddressBook
AddressBook.objects.get_or_create(user=u)
return u
And the model is this:
class DealCircleUser(AbstractBaseUser, PermissionsMixin):
USERNAME_FIELD = 'email'
AVATAR_STORAGE_URL = 'https://%s.s3.amazonaws.com/%s'
avatar = models.ImageField(storage=s3, upload_to="users", null=True, blank=True)
avatar_thumb = ImageSpecField(cachefile_storage=s3, source='avatar',
processors=[ResizeToFill(*settings.THUMB_AVATAR)],
format='JPEG',
options={'quality': 60})
avatar_square_thumb = ImageSpecField(cachefile_storage=s3, source='avatar',
processors=[SmartResize(*settings.THUMB_AVATAR_SQUARE)],
format='JPEG',
options={'quality': 60})
email = models.EmailField(max_length=254, unique=True)
address = models.CharField(max_length=254, blank=True)
postal_code = models.CharField(max_length=100, blank=True)
city = models.CharField(max_length=254, blank=True)
country = models.ForeignKey(Country, verbose_name='country', null=True, blank=True)
phone = models.CharField(max_length=30, blank=True)
first_name = models.CharField(max_length=100)
last_name = models.CharField(max_length=100)
dob = models.DateField(null=True, blank=True)
bio = models.TextField(blank=True)
twitter_token = models.CharField(max_length=100, null=True, blank=True)
twitter_token_secret = models.CharField(max_length=100, null=True, blank=True)
linkedin_token = models.CharField(max_length=100, null=True, blank=True)
linkedin_token_secret = models.CharField(max_length=100, null=True, blank=True)
linkedin_connection_hash = models.CharField(max_length=64, blank=True)
google_access_token = jsonfield.JSONField(null=True, blank=True)
google_user_extras = jsonfield.JSONField(null=True, blank=True)
company = models.ForeignKey(Company, verbose_name='company', blank=True, null=True)
date_joined = models.DateField(null=True)
first_visit = models.BooleanField(default=True)
is_staff = models.BooleanField(_('staff status'), default=False,
help_text=_('Designates whether the user can log into this admin '
'site.'))
is_active = models.BooleanField(_('active'), default=True,
help_text=_('Designates whether this user should be treated as '
'active. Unselect this instead of deleting accounts.'))
objects = DealCircleUserManager()
def get_avatar_from_url(self, url):
try:
self.avatar.save(os.path.basename(url), ContentFile(urllib2.urlopen(url).read()))
self.save()
return True
except Exception, e:
return False
def get_avatar_url(self):
return self.AVATAR_STORAGE_URL % (settings.BOTO_S3_BUCKET, self.avatar)
def get_full_name(self):
full_name = '%s %s' % (self.first_name, self.last_name)
return full_name.strip()
def get_short_name(self):
return self.first_name
def get_dealinvestor(self, deal):
return self.dealinvestor_set.get(deal=deal)
def is_email_valid(self):
try:
validate_email(self.email)
return True
except:
return False
def disable_first_visit(self):
self.first_visit = False
self.save()

I think that your form does not validate :
you should take a look at the clean method(s) of the UserCreationForm and then do something like this (didn't tested) :
def clean_email(self):
"""
First checking if the there is an invited user (User with same email exists and active==False ), if so validate the email.
If the user exists and is active that means that the email is already in use, we raise a ValidationError
If none of the above are True, the user does not exists at all, we should create it.
"""
email = self.cleaned_data['email']
if DealCircleUser.objects.filter(email=self.cleaned_data["email"], active=False).exists():
return email
elif DealCircleUser.objects.filter(email=self.cleaned_data["email"], active=True).exists():
raise forms.ValidationError(u'Email "%s" is already in use.' % email)
return email