i am trying to use django allauth to send confirmation emails on sign-up,after successfully sending the email i need top have a way to identify if the user has confirmed his email,dajngo allauth provides somthing for that
from allauth.account.signals import email_confirmed
#receiver(email_confirmed)
def email_confirmed_(request, email_address, **kwargs):
user = email_address.user
user.email_verified = True
user.save()
what i can't figure out how to do is access the user.email_verified that i saved
#api_view(['GET'])
def current_user(request,user):
current_user = request.user
return Response({
'id': current_user.id,
'verified': user.email_verified #???????
})
Usually you doing something like this to access a model instance:
(considering the name of your model is User) - User.objects.filter(id=current_user.id)
you can define a variable like this:
user_obj = User.objects.filter(id=current_user.id)
and than you accessing it's field as:
user_obj.email_verified
is this what you need?
Related
Very new to the Django Rest Framework, so would appreciate some help with this one. I get the error in the title when I try and do a POST request in Postman with an appropriate auth token.
I've made a table that I want to send a POST request to, but having issues with getting a user FK to be accepted as one of the columns. Plz see model/serializer/view below:
Model
class TestData (models.Model):
TestSDG = models.DecimalField(decimal_places=0, max_digits=2, default=0)
user = models.ForeignKey("auth.User", related_name="testdata", on_delete=models.CASCADE)
Serializer
class TestDataSerializer(serializers.ModelSerializer):
class Meta:
model = TestData
fields = ('id', 'TestSDG')
View
#csrf_exempt
def testDataApi(request, id=0):
if request.method == 'GET':
testdata = TestData.objects.all()
testdata_serializer = TestDataSerializer(testdata,many=True)
return JsonResponse(testdata_serializer.data,safe=False)
elif request.method == 'POST':
testdata_data=JSONParser().parse(request)
testdata_serializer=TestDataSerializer(data=testdata_data)
if testdata_serializer.is_valid():
testdata_serializer.save(user=request.user)
return JsonResponse("Added Successfully", safe=False)
The POST request works fine if I don't use the user as a foreign key, and I change testdata_serializer.save(user=request.user) back to testdata_serializer.save(), but I want the table to require a user's id.
Appreciate any help, thank you.
You should be using a ModelViewset in your views.py file - then you can override the update method on your serializer:
views.py
from rest_framework.viewsets import ModelViewSet
class TestDataViewSet(ModelViewSet):
queryset = TestData.objects.all()
serializer_class = TestDataSerializer
serializers.py
class TestDataSerializer(serializers.ModelSerializer):
...
def update(self, instance, validated_data):
# get user id from validated data:
user_id = validated_data.pop('user_id')
# get user:
user = User.objects.get(id=user_id)
# set user on instance:
instance.user = user
instance.save()
# continue with update method:
super().update(instance, validated_data)
You mentioned that you are using an auth token. Try verifying in your view testDataApi if request.user was correctly set with an auth.User object. Try logging it with something like below to make sure that it is correctly set to the user for the provided token:
#csrf_exempt
def testDataApi(request, id=0):
print(type(request.user), request.user) # Should display the user for the provided token.
...
If it isn't set, then you have to configure how it would correctly map an auth.User object from a provided token. You might want to look at the following:
AuthenticationMiddleware - Sets the request.user object.
AUTHENTICATION_BACKENDS - Custom authentication of a token and then return the associated auth.User object
DEFAULT_AUTHENTICATION_CLASSES - Only if using djangorestframework. Sets the request.user object.
TokenAuthentication, JSONWebTokenAuthentication, etc. - Only if using djangorestframework. Some implementations that authenticates tokens. Perhaps they weren't configured correctly.
My app does not require password as I want to login with phone and OTP.
I'm trying to implement custom simple JWT token authentication which takes only a phone number and no passwords.
I'm new to Django and I did check some links in stackoverflow and tried this:
class CustomSerializer(TokenObtainPairSerializer):
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
self.fields[self.username_field] = serializers.CharField()
del self.fields['password']
def validate(self,attr):
print(attr)
data = super().validate(attr)
token = self.get_token(self.user)
print (token)
try:
request = self.context["request"]
print(request)
except KeyError:
pass
request_data = json.loads(request.body)
print(request_data)
So here when validate method is executed, it goes to validate TokenObtainPairSerializer init method which in return calls init method of it's parent class which is validating the password.
So even if I'm deleting password field in my custom serializer, it still gives me a key-error of password.
I tried to pass the key-error but again it gets failed at request.body.
I'm stuck on this and I don't know how to implement simple JWT without password.
I had the same question and after a lot of searching and reading the source code of django-rest-framework-simplejwt I got an answer.
So even if i am deleting passowrd field in my custom serializer, it still give me key-error of password
If you take a look at the TokenObtainSerializer class, which is the parent Serializer of TokenObtainPairSerializer here, you can see that the password is called like this:
# rest_framework_simplejwt/serializers.py
def validate(self, attrs):
authenticate_kwargs = {
self.username_field: attrs[self.username_field],
'password': attrs['password'],
}
# ...
So even though you delete the password field, it is still called later on.
What I did was setting the password field as not required and assigning an empty string as password.
class TokenObtainPairWithoutPasswordSerializer(TokenObtainPairSerializer):
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
self.fields['password'].required = False
def validate(self, attrs):
attrs.update({'password': ''})
return super(TokenObtainPairWithoutPasswordSerializer, self).validate(attrs)
Now it is possible to use this Serializer in a View.
class TokenObtainPairWithoutPasswordView(TokenViewBase):
serializer_class = TokenObtainPairWithoutPasswordSerializer
Then I created a custom authentication backend so that the user can authenticate without a password.
from django.contrib.auth.backends import BaseBackend
class AuthenticationWithoutPassword(BaseBackend):
def authenticate(self, request, username=None):
if username is None:
username = request.data.get('username', '')
try:
return User.objects.get(username=username)
except User.DoesNotExist:
return None
def get_user(self, user_id):
try:
return User.objects.get(pk=user_id)
except User.DoesNotExist:
return None
You can read the docs for more information on creating your custom authentication backend.
Finally, on settings.py change your AUTHENTICATION_BACKENDS variable.
AUTHENTICATION_BACKENDS = (
'django.contrib.auth.backends.ModelBackend',
'core.custom_authentication.AuthenticationWithoutPassword',
)
Now Django will try to authenticate using the first authentication ModelBackend and then the new AuthenticationWithoutPassword.
Just saying the obvious here, but keep in mind that authentication without password is definitely not safe, so you should add more logic to your custom authentication, remember that you can access the request variable.
Is there any way to create User and UserSocialAuth objects without actually loggin in but only having FACEBOOK_ID of a user you want to create an account for?
I'm creating a simple app where user can select a friend from FB and create some model object for him. Since I have reference to User entity I need to have it whether that friend has been registered or not. And if not I need to create the whole object graph programmatically. It is possible to do using standard functionality of django-social-auth or should I create records in 'auth_user' and 'social_auth_usersocialauth' by hand?
Use this custom backend that sets the username to the person's FACEBOOK_ID.
from social_auth.backends.facebook import FacebookBackend
class IDFacebookBackend(FacebookBackend):
"""Facebook OAuth2 authentication backend"""
def get_user_details(self, response):
"""Return user details from Facebook account"""
return {'username': response.get('id'),
'email': response.get('email', ''),
'fullname': response.get('name', ''),
'first_name': response.get('first_name', ''),
'last_name': response.get('last_name', '')}
Use this version of get_username in your auth pipleline instead of social_auth.backends.pipeline.user.get_username
def get_username(details, user=None, *args, **kwargs):
" Make Username from User Id "
if user:
return {'username': UserSocialAuth.user_username(user)}
else:
return details['username']
Your pipeline should look like this:
SOCIAL_AUTH_PIPELINE = (
'social_auth.backends.pipeline.social.social_auth_user',
'our_custom_auth.get_username', # <= This should be the previous function
'social_auth.backends.pipeline.user.create_user',
'social_auth.backends.pipeline.social.associate_user',
'social_auth.backends.pipeline.social.load_extra_data',
'social_auth.backends.pipeline.user.update_user_details'
)
Then all you need to do is call User.objects.create(username=friends_facebook_id) and you have a User that cannot login with username/pass, but can be referenced easily through ForeignKey fields.
Also, when that "Friend" comes and joins up with your site at a later date (Using SocialAuth), they will automatically be given this User object and your internal graph will stay accurate.
So I used the idea described above but with less effort and eventually I ended up with the following:
I overrode associate_by_email stage from SOCIAL_AUTH_PIPELINE to my own implementation of associate_by_username. Since username is unique in Django auth we can use that.
So totally changes are
Implement associate_by_username
from django.core.exceptions import MultipleObjectsReturned, ObjectDoesNotExist
from social_auth.exceptions import AuthException
from django.contrib.auth.models import User
def associate_by_username(details, user=None, *args, **kwargs):
"""Return user entry with same email address as one returned on details."""
if user:
return None
username = details.get('username')
if username:
try:
return {'user': User.objects.get(username=username)}
except MultipleObjectsReturned:
raise AuthException(kwargs['backend'], 'Not unique email address.')
except ObjectDoesNotExist:
pass
Then I add this method to pipeline
SOCIAL_AUTH_PIPELINE = (
'social_auth.backends.pipeline.social.social_auth_user',
'core.auth.associate_by_username',
'social_auth.backends.pipeline.user.get_username',
'social_auth.backends.pipeline.user.create_user',
'social_auth.backends.pipeline.social.associate_user',
'social_auth.backends.pipeline.social.load_extra_data',
'social_auth.backends.pipeline.user.update_user_details',
)
And when I need to get user I look it up by facebookId (recipient = UserSocialAuth.objects.filter(uid=target_facebook_id)
) but create by facebookUsername (User(username=target_username))
I've created a User model for my django app
class User(Model):
"""
The Authentication model. This contains the user type. Both Customer and
Business models refer back to this model.
"""
email = EmailField(unique=True)
name = CharField(max_length=50)
passwd = CharField(max_length=76)
user_type = CharField(max_length=10, choices=USER_TYPES)
created_on = DateTimeField(auto_now_add=True)
last_login = DateTimeField(auto_now=True)
def __unicode__(self):
return self.email
def save(self, *args, **kw):
# If this is a new account then encrypt the password.
# Lets not re-encrypt it everytime we save.
if not self.created_on:
self.passwd = sha256_crypt.encrypt(self.passwd)
super(User, self).save(*args, **kw)
I've also created an authentication middleware to use this model.
from accounts.models import User
from passlib.hash import sha256_crypt
class WaitformeAuthBackend(object):
"""
Authentication backend fo waitforme
"""
def authenticate(self, email=None, password=None):
print 'authenticating : ', email
try:
user = User.objects.get(email=email)
except User.DoesNotExist:
user = None
if user and sha256_crypt.verify(password, user.passwd):
return user
else:
return None
def get_user(self, user_id):
try:
return User.objects.get(pk=user_id)
except User.DoesNotExist:
return None
I have ammended the settings.py file correctly and if I add some print statements to this backend I can see the user details print out. I don't recall reading that I need to implement is_authenticated in the django docs. Am I missing something silly?
I'm not quite sure why you have created a new User model instead of using Django's built-in one and adding a linked UserProfile, which is the recommended thing to do (until 1.5 is released, when pluggable user models will be available). However, yes you need to define an is_authenticated method, which always returns True: this is exactly what the built-in model does. The reason is that if you have an actual User, it will always be authenticated: otherwise, you will have an AnonymousUser object, whose is_authenticated method always returns False.
you dont have to reinvent the wheel. Just use Djangos build in authentication system and save yourself a lot of trouble. You can also extend it to your needs or use different authentication backends. Have a read here. HTH.
I have run into the following error trying to create a user in django:
>>> email = 'verylongemail#verylongemail.com'
>>> user_object = User.objects.create_user(username=email, email=email, password='password')
Data truncated for column 'username' at row 1
It seems Django has a limit on the number of chars allowed in a username. How would I get around this?
I've had to modify the auth_user table by hand to make the field longer and then convert emails into a username by removing the # symbol and the period (maybe other characters too, it's really not a great solution). Then, you have to write a custom auth backend that authenticates a user based on their email, not the username, since you just need to store the username to appease django.
In other words, don't use the username field for auth anymore, use the email field and just store the username as a version of the email to make Django happy.
Their official response on this topic is that many sites prefer usernames for auth. It really depends if you are making a social site or just a private site for users.
If you override the form for Django users you can actually pull this off pretty gracefully.
class CustomUserCreationForm(UserCreationForm):
"""
The form that handles our custom user creation
Currently this is only used by the admin, but it
would make sense to allow users to register on their own later
"""
email = forms.EmailField(required=True)
first_name = forms.CharField(required=True)
last_name = forms.CharField(required=True)
class Meta:
model = User
fields = ('first_name','last_name','email')
and then in your backends.py you could put
class EmailAsUsernameBackend(ModelBackend):
"""
Try to log the user in treating given username as email.
We do not want superusers here as well
"""
def authenticate(self, username, password):
try:
user = User.objects.get(email=username)
if user.check_password(password):
if user.is_superuser():
pass
else: return user
except User.DoesNotExist: return None
then in your admin.py you could override with
class UserCreationForm(CustomUserCreationForm):
"""
This overrides django's requirements on creating a user
We only need email, first_name, last_name
We're going to email the password
"""
def __init__(self, *args, **kwargs):
super(UserCreationForm, self).__init__(*args, **kwargs)
# let's require these fields
self.fields['email'].required = True
self.fields['first_name'].required = True
self.fields['last_name'].required = True
# let's not require these since we're going to send a reset email to start their account
self.fields['username'].required = False
self.fields['password1'].required = False
self.fields['password2'].required = False
Mine has a few other modifications, but this should get you on the right track.
You have to modify the username length field so that syncdb will create the proper length varchar and you also have to modify the AuthenticationForm to allow greater values as well or else your users won't be able to log in.
from django.contrib.auth.forms import AuthenticationForm
AuthenticationForm.base_fields['username'].max_length = 150
AuthenticationForm.base_fields['username'].widget.attrs['maxlength'] = 150
AuthenticationForm.base_fields['username'].validators[0].limit_value = 150