I am currently working on expanding https://github.com/suutari/drf-jwt-2fa, which provides two-factor authentication over jwt for rest-framework.
I would like to make the two-factor auth non-enforced; that is, users should be able to choose if they want this extra security.
For that purpose, I would like to add a boolean field (lets call it two_auth) to the user model.
What is the best approach to add this field?
I am currently thinking on some possibilities, but none of them seems to be neat enough:
Create a relation table (user_id, two_auth) without foreign-key enforcement: I should use signals for user deletion
Create a relation table (user_id, two_auth) with foreign-key enforcement: The foreign key should point to the model specified at settings.AUTH_USER_MODEL. I generally like model declaration parameters to be explicit, not patchable.
This is a nice guide on options to extend the built-in user model.
Related
I am new to Django.
I am going to build simple register and login fullstack application by using React and Django.
My problem is when I received register request with form data.
Is it ok to create custom table for users?
I am going to create another table related to user table.
So in that case, there must be id in the users.
That's why I am going to create custom table.
Please help me it is good practice.
You can abstract from AbstractBaseUser and then you can customise the user model and to specify it in your settings file.
Please see the django documentation here:
https://docs.djangoproject.com/en/4.1/topics/auth/customizing/#substituting-a-custom-user-model
In Django you can link between multiple table by different relationships depends on what you want like:
OneToOne
ForeignKey
ManyToMany
And by default when you create a model django create a pk field it is ID for table, you can make another field as a primary key for model
When you use one of those relationships django by default use model id to link between them
and you can also create a custom user model to use it
Good luck
I am trying to implement a model where only a subset of the fields should be presented in forms, based on a foreign key in the model.
The total number of fields is relatively low (~20), but may change frequently with different values of the foreign key.
I would like to use something like single table inheritance, but with a single model (no inheritance). I looked at existing packages eav, dynamic models... but they did not seem to fit my needs.
I part of the requirement is that I would like to query the models by sql without too many joins.
Here is a use case representing applications to grants based on a request for application (rfa). The rfa is entered in the admin by staff and the applications are made by end users.
application class
rfa (request for application): foreign key
field_1
...
field_20
rfa class:
app_fields (coma separated list of field names)
In the forms, only the fields in app_fields should be visible for a particular rfa.
I have the rfa part covered with django-separatedvaluesfield and I was wondering how to implement the application pages so that they work with generic views in the frontend and admin, and be DRY.
For the update views, I could have a method in the application model, but it would not work for create as the rfa is not defined for create:
def get_current_app_fields(self):
return self.rfp.app_fields
Any ideas on the best DRY strategy to implement frontend views and admin?
Thanks.
I am trying to Edit Users Table in Django. I am using Users Table to login or register a users. I have to add a new field name Role in that Table but i can't find any option to edit that existing table in admin section.
i just try to field some files to field out where the code of that existing Table is but did't get it.
is there any way to Edit the Table or I have to Create a New Table and have to create a new method of registration.
i am not expert so it's hard to me understand things.
Well first, the Django admin interface it's just for performing CRUD operations over already existing models, you are not able to change in any way the database tables (at lest not using the "out of the box features") using the admin interface.
Said that in order to do what you want to do, with any model (not just User), you should:
Add the field to the model.
Instruct the admin interface to list this fields along the others.
Now the user model is kind of a special model here so I'll recommend a couple of readings you should complete before go forward with the model User customization.
References (User customization): Substituting a custom User model, Extending the User model.
And for the admin interface ...
Reference (admin interface): ModelAdmin options, special attention here to list_display
I'm trying to use the oauth2_provider library which provides a model for AccessToken, which foreign keys into a User model. My User model will actually live in a different database from the OAuth2 token models. I can use a router to direct which DB to use for a particular model, but am I correct in concluding that Django would not support a foreign key to a model in a different DB?
If I still wanted to extend from the AbstractAccessToken with my User in a different DB, is there any way that Django allows me to populate the user_id foreign key column at all? Or would I simply need to leave it null and define and have my custom AccessToken class define its own unconstrained external_user_id column?
Django doesn't support any ForeignKey operations that span multiple databases. So, as you suggested, I think the best you can do is to provide your own IntegerField for the user and use it manually. Unfortunately that may require a lot of fiddling with that third-party library if it has a lot of internal code that's expecting to pull the user from the database.
Django - Models extension Vs User Profile
I want add some custom fields like following
1. ssn
2. is_manager
3. manager
I have 2 choices -
Extend AbstractBaseUser
OR
Create User profile based on signal and have OnetoOne field.
Which one is better, future proof, DB migration friendly and maintainable ?
The Django documentation answers this question in detail:
If you wish to store information related to User, you can use a OneToOneField to a model containing the fields for additional information. This one-to-one model is often called a profile model, as it might store non-auth related information about a site user.
In your case, the added fields do not seem to be authentication related, so your best bet is to use the user profile method. Substituting a custom user model is overkill for such purposes.