Django has builtin User model is_active field. I assume that django-allauth sets this field to True after successful e-mail verification.
I would manually enable the user and change this field to "true" via the Django admin interface instead.
Is it possible to change this behavior from django-allauth?
is_active is, like you mentioned, used to determine whether its an active account, and can be flipped to False instead of deleting the acccount. But I don't think all-auth does anything with this value, it is automatically set to True when you create a User object.
What you are looking for is in a separate table, usually "email_addresses". This will show which email addresses have been verified.
Related
I was wonder if it is possible to include a way that when someone fill the user registration form to register, can the details be sent to an admin email for authorization before the user can login in django?
Since you did not provide any code I will guide you the process, you can later come back more specific question if you are stuck :
Use the field is_active provided by Django from the User model to authorised access within your website.
Extends the field is_active to set the default to False or set it to false in the begging of your user view
Create a link with the ID of the user and a path to the Django Admin where you can update the user and active to True
In short yes, possible and pretty easy if you know a bit of Django.
I am using djnago all-auth to create custom user accounts. When creating an account with email and password, if account with a email already exits it gives an error (UNIQUE constraint failed: account_emailaddress.email) but I would like to display message that an account with this email already exists instead of throwing an error. What is the best way to handle this? In general I would use AJAX to verify and display message for my own views but I do not know how to deal here with django all-auth package.
I'll suggest that you should override the signup/login form in order to manage this error. Have you checked the documentation? https://django-allauth.readthedocs.io/en/latest/forms.html
I think this answer is related to your question.
A relatively similar approach is given in this answer:
Create your custom view that inherits SignupView and overrides the form class
Create a custom form that inherits from SignupForm and overrides the email validation message
In your own urls.py add the following after include('allauth.urls') to override the account_signup url
Since djangoallauth take care of unique constrain you don't have to add unique=True to your field if user try to login with any social media account with email id already present in your database it djangoallauth will simple ignore and will not set email id in your user model. :)
I am handling my unique fields i.e Email field manually
I only use Linked-In as means to authenticate. When the user gives permission in Linked-In, he get's send to my own form so I can gather extra information. But it seems Allauth only lets me add fields to the default form using:
ACCOUNT_SIGNUP_FORM_CLASS = 'myapp.forms.MySignUpForm'
But the email field is always visible (and filled in with the email from Linked-In). Is it true that I have no way of dropping this field? I don't want the user to be able to change his email into something else than his Linked-In email.
This seems like it should be fine, since I'm not touching the User model itself.
I want to register users purely based on email and password. Username is required in the User model. My thought is that I can just create a custom UserCreationForm that saves email address AS username and validates the email address.
Unfortunately, with that, I'll have to refer to email address via user.username going forward.
Is this standard? Is there a better way?
Thanks
Some answers here.
Seems like the best method may be to write a custom auth backend (not too difficult) to accept email addresses to log in, and store a hash of the email in the username field to satisfy the required, unique username.
My thought is that I can just create a custom UserCreationForm that saves email address AS username and validates the email address.
Close.
Use the clean method to copy email address to username. This works out pretty well for everything but the default login form.
The default login form needs to be tweaked to allow username to be an email address. The default form expects characters only, and rejects punctuation.
Okay, this one is pretty obvious to everyone who use Django and frequently asked by newbies, but I'd like to make it clear and discuss if there are any other ways to do it. The most widespread and convenient approach now is to store email in username field as Django 1.2 allows "#", "_" and "-" characters, but this way has following issues:
The worst one: username field is restricted by max_length=30 property, which is ridiculously small for emails. Even if you override form validation, DB will have varchar(30) instead of EmailField's varchar(75) unless you alter your table manually.
You need to store your email data both in username and email field to make User.email_user() working. I think there are some other places when User.email is used.
Code readability fail. Sure, other djangonauts know about this pitfall, but treating field called 'username' (especially when there is still email field) as email obviously makes your code less understandable.
The other approach could be authentication using email field by passing it to your auth backend like so, but it still has problems:
authenticate(self, email=None, password=None)
User.email doesn't have unique=True property, which means that your DB won't have index, making your lookups by email slow like hell.
You have to deal with username field, which has unique=True, by completely removing it from your table or altering it to allow NULL and removing index.
Resuming, both ways are evil and require DB-specific code to be executed after syncdb, which is unacceptable if you need DB-independent application.
I've packaged up django-email-as-username which should pretty much do everything you need if you're looking to remove usernames, and only use emails.
The brief overview is:
Provides an email auth backend and helper functions for creating users.
Patches the Django admin to handle email based user authentication.
Overides the createsuperuser command to create users with email only.
Treats email authentication as case-insensitive.
Under the hood usernames are hashed versions of the emails, which ends up meaning we're not limited to the Django's username 30 char limit (Just the regular email 75 char limit.)
Edit: As of Django 1.5, you should look into using a custom User model instead of the 'django-email-as-username' package.
David Cramer came up with a solution to this problem that I love. I'm currently using it on a production site where the user has to be able to log in using their email OR their username. You can find it here:
Logging In With Email Addresses in Django
If the login name provided on the form is an email (contains the '#' symbol), it will attempt to authenticate with that, and will fall back on the username if it isn't an email. (Naturally, you just need to make sure your registration form captures an email for this work.)
Well, I haven't had to use emails as usernames in Django but I guess You could create a UserProfile model and aggregate fields to it, like another email field and make it unique. So you could do user.get_profile().email for your authentication.
I guess other way to go would be to inherit User and redefine the fields, but I think this still not recommended by Django developers.
Finally you could define your own custom User model and back on the django.contrib.auth.models.User for some logic.
Code to alter User table within Django:
from django.db import connection
cursor = connection.cursor()
cursor.execute("ALTER TABLE auth_user MODIFY COLUMN username varchar(75) NOT NULL")