I am using django Django=2.1.7 and rest framework djangorestframework=3.9.2 This is my url for login
path('rest-auth/login', include('rest_auth.urls')),
When I enter username and password I got the token from rest API. But I want my user detail like name, id etc to show in my react components. Please help me how to achieve. I have seen many answers on StackOverflow even the official documentation is not descriptive https://www.django-rest-framework.org/api-guide/authentication/#tokenauthentication
If you use rest-auth you can get the id, username, email, first_name and last_name of the logged user using this URL: http://localhost:8000/rest-auth/user/
The mentioned package provides us the ability to override the settings
In the login process, the response comes from either TOKEN_SERIALIZER or JWT_SERIALIZER. In your case, I assume that you are not using the JWT method.
So, create a new serializer class as per your desired structure and wire it up using REST_AUTH_SERIALIZERS settings dictionary.
Here is one sample
#serializer.py
from django.contrib.auth import get_user_model
from rest_framework import serializers
from rest_framework.authtoken.models import Token
class UserSerializer(serializers.ModelSerializer):
class Meta:
model = get_user_model()
fields = ('id', 'username', 'email')
class MyCustomTokenSerializer(serializers.ModelSerializer):
user = UserSerializer(read_only=True)
class Meta:
model = Token
fields = ('key', 'user')
and in your settings.py,
REST_AUTH_SERIALIZERS = {
'TOKEN_SERIALIZER': 'path.to.custom.MyCustomTokenSerializer',
...
...
}
There is no way to automatically populate user data once a user logs in. You should just be able to take the username the user entered during the login process, save it in a variable, and after receipt of token make another API call to get the user information.
Related
I have a Profile model that has a one to one relationship with the User model from django.contrib.auth.models , when I add a new profile from the admin panel I noticed that the password field is not transformed into dots when typing , it shows the actual password , that's not the issue though , the issue is , when ever I create a new profile which in turns creates a new User , and mark the is staff attribute as true, I can't log in into the admin panel with that created account, unless I reset the password manually with
python manage.py changepassword the-user-name
after I have reset the password and only then even with the same password, I can log in into the account normally, does anybody know why is that happening ?
I made sure it's not a mistake in typing the password and I tried it several times until I made sure that this is what is actually happening
Update
when I enter the Users model from the Authentication and Authorization section opposed to entering it from the app name, I find that written besides the password section
Invalid password format or unknown hashing algorithm
how can I fix it ?
I forgot to say that I am using an UpdateView from generic views , and using the model Profile as the the model attribute set on that view
the code of my update view
class ProfileUpdate(UpdateView):
model = Profile
fields= [
'username',
'bio',
'avatar_thumbnail',
'location',
'tags',
'contact_information'
]
def get_object(self):
return Profile.objects.get(pk = self.kwargs.get('user_pk'))
def get_queryset(self):
base_qs = super(ProfileUpdate, self).get_queryset()
return base_qs.filter(username=self.request.user.username)
That would inherit from ModelAdmin instead of UserAdmin in your admin.py.
Can you instead try this:
from django.contrib.auth.admin import UserAdmin
from django.contrib.auth.models import User
from app.models import Profile
class ProfileAdmin(UserAdmin):
def __init__(self, *args, **kwargs):
super(UserAdmin,self).__init__(*args, **kwargs)
UserAdmin.fieldsets += (('profile', {'fields': ('attr1', 'attr2')}),)
admin.site.unregister(User)
admin.site.register(Profile, ProfileAdmin)
Explanation
When you registered the Profile admin like so, admin.site.register(models.Profile), internally it was inheriting from ModelAdmin class which is perfect for all other classes. But for User we need hashing for saving the passwrd field, so there is a separate class UserAdmin that must be inherited from.
Once you inherited, the password issue was resolved but since the base model was UserAdmin, only user related fields were showing. We needed to append the profile fields for which we added the __init__ method and appended the profile fields to the admin section.
I am trying to save user form data to database. I tried in these way but its not save anything i'm getting None value.
views.py
from django.shortcuts import render, redirect
from .forms import Signup
from .models import Signup
def Sign_up(request):
username = request.POST.get('username')
mobile_number = request.POST.get('mobile_number')
email = request.POST.get('email')
password = request.POST.get('password')
address = request.POST.get('address')
print("Hello form is submitted")
print(username)
print(mobile_number)
print(email)
print(password)
print(address)
post = Signup(username= username, mobile_number=mobile_number,email=email,
password=password, address=address)
post.save()
return render(request, 'sign_up/sign_up.html',{})
models.py
from django.db import models
class Signup(models.Model):
username = models.CharField(max_length=300, default='SOME STRING',
blank=True, null=True)
mobile_number = models.CharField(max_length=12, blank=True, null=True)
email = models.EmailField(max_length=50, blank=True, null=True)
password = models.CharField(max_length=50, blank=True, null=True)
address = models. CharField(max_length=100, blank=True, null=True)
print("Hi")
def __str__(self):
return self.username or ''
def __str__(self):
return self.mobile_number or ''
def __str__(self):
return self.email or ''
def __str__(self):
return self.password or ''
def __str__(self):
return self.address or ''
forms.py
from django import forms
from .models import Signup
class SignupForm(forms.Form):
username = forms.CharField(max_length=30, required=True)
mobile_number = forms.CharField(max_length=12)
email = forms.EmailField(max_length=50, required=True)
password = forms.CharField(max_length=50, required=True)
address = forms.CharField(max_length=100)
I'm getting like this
Django version 2.2, using settings 'project.settings'
Starting development server at http://127.0.0.1:8000/
Quit the server with CTRL-BREAK.
Hello form is submitted
None
None
None
None
None
[01/May/2019 22:39:18] "GET /signup/? HTTP/1.1" 200 3360
You are creating a Signup object in a wrong manner, create it like this:
you can create model form instead like this:
class SignupForm(forms.ModelForm):
class Meta:
model = Signup
fields = ('username', )#pass fields here
and in your view you get the values entered by user like this:
formToSave = SignupForm(request.POST,request.FILES)
if formToSave.is_valid():
product = formToSave.save()
but if you don't want to use the model form you can create the object Signup and then save it as you are doing but make sure before creating the object you are getting all the form values in your views by printing them(as you are already doing)
post = Signup.objects.create(username= username, mobile_number=mobile_number,email=email,
password=password, address=address)
then save it
post.save()
If you are using this model in production be careful.
Storing non hashed password is a really bad practice.
I think you are trying to reinvent the wheel here.
There is several ways to manage the User model in django.
If you decide to create your own User system, please read this first:
https://docs.djangoproject.com/en/2.2/topics/auth/customizing/
Extending the existing User model
There are two ways to extend the default User model without substituting your own model. If the changes you need are purely behavioral, and don’t require any change to what is stored in the database, you can create a proxy model based on User. This allows for any of the features offered by proxy models including default ordering, custom managers, or custom model methods.
If you wish to store information related to User, you can use a OneToOneField to a model containing the fields for additional information. This one-to-one model is often called a profile model, as it might store non-auth related information about a site user. For example you might create an Employee model:
from django.contrib.auth.models import User
class Employee(models.Model):
user = models.OneToOneField(User, on_delete=models.CASCADE)
department = models.CharField(max_length=100)
Using a custom user model when starting a project
If you’re starting a new project, it’s highly recommended to set up a custom user model, even if the default User model is sufficient for you. This model behaves identically to the default user model, but you’ll be able to customize it in the future if the need arises:
from django.contrib.auth.models import AbstractUser
class User(AbstractUser):
pass
Don’t forget to point AUTH_USER_MODEL to it. Do this before creating any migrations or running manage.py migrate for the first time.
Also, register the model in the app’s admin.py
Further in the Doc
Specifying a custom user model
When you start your project with a custom user model, stop to consider
if this is the right choice for your project.
Keeping all user related information in one model removes the need for
additional or more complex database queries to retrieve related
models. On the other hand, it may be more suitable to store
app-specific user information in a model that has a relation with your
custom user model. That allows each app to specify its own user data
requirements without potentially conflicting or breaking assumptions
by other apps. It also means that you would keep your user model as
simple as possible, focused on authentication, and following the
minimum requirements Django expects custom user models to meet.
If you use the default authentication backend, then your model must
have a single unique field that can be used for identification
purposes. This can be a username, an email address, or any other
unique attribute. A non-unique username field is allowed if you use a
custom authentication backend that can support it.
The easiest way to construct a compliant custom user model is to
inherit from AbstractBaseUser. AbstractBaseUser provides the core
implementation of a user model, including hashed passwords and
tokenized password resets. You must then provide some key
implementation details
As a reference here is the doc page about user authentication: https://docs.djangoproject.com/en/2.2/topics/auth/
If you want to choose the default django User system: https://docs.djangoproject.com/en/2.2/topics/auth/default/ and more info about the default user api : https://docs.djangoproject.com/en/2.2/ref/contrib/auth/
Is there a way to send an e-mail to a user when their account is activated through the Django admin application? I can do it independently of the Django admin application but I want the admin to be signed in before they activate a user. Is there a way to achieve this without customizing the Django admin application code? Thanks in advance.
Well, you can override the ModelForm and add the email sending logic in clean method. Also use that modelform in the Admin class. For example:
class UserForm(forms.ModelForm):
manual_activation = forms.BooleanField() # a flag which determines if the user should be manually activated
class Meta:
model = User
fields = '__all__'
def clean(self):
manual_activation = self.cleaned_data.pop('manual_activation', False)
if manual_activation:
# send_email logics
return self.cleaned_data
class UserAdmin(admin.ModelAdmin):
form = UserForm
What will happen is that, in the User admin page, if you click on an user it will show an extra field in the form, named manual_activation. If you check and save the form, then in clean method, you can catch the value of manual_activation and based on that send email.
Hey I'm new to allauth package.
I would like to know how to write a user model that extends the all auth user.
for example i would like to have a user that has allauth user fields in it and also an image, list of favorite text field.
I would realy appreciate any help!!
You can extend the Django user model using an OneToOneField(User).
Here's the relevant part of the Django docs: Extending the existing User model
IF you need it you can use a custom user model but this will be more difficult. In this case see allauth custom user models and Django documentation
Since you want allauth user fields with some extra fields, you can inherit default user model and add your custom fields to it.
from django.contrib.auth.models import AbstractUser
class ExtendedUser(AbstractUser):
favourites = models.charField(max_length=255)
....
....
In your settings.py file, add this line
AUTH_USER_MODEL = 'users.ExtendedUser'
To store the extra fields when user signs up, use django-allauth signals as in your views as follows.
from django.dispatch import receiver
from allauth.account.signals import user_signed_up
#receiver(user_signed_up)
def user_signed_up(request, user, **kwargs)
#get extra fields from kwargs and save to database
Does anyone have specific examples of using the authentication from Mongoengine?
A couple questions I have are:
extending the User class
from mongoengine.django.auth import User
from mongoengine import *
class User(User):
location = GeoPointField()
When I create a user with no documents are saved
User.create_user('bob','bobpass','bobsaget#fullhouse.gov')
User.objects
>>>[]
explicitly call the .save() method has the same affect
Can the User class not be inherited?
Also
Is there a login() method like in the standard authentication backend?
I am starting to feel like I am trying to put a square peg in a round hole with MongoDB and Django...
I haven't used MongoEngine, but I've been looking at it documentation.
First, don't use the User name for your extension, there could be name clashes. Call it for example Profile:
from mongoengine.django.auth import User
from mongoengine import *
class Profile(User):
location = GeoPointField()
If that is not working, try:
class Profile(Document):
user = ReferenceField(User)
location = GeoPointField()
For your login question, look at this.
create instance.
user = User.create_user('bob','bobpass','bobsaget#fullhouse.gov')
user.save()
or
user = User(username='bob', password='bobpass', email='bobsaget#fullhouse.gov')
user.save()
or
user = User()
user.username = 'bob'
user.password = 'bobpass'
user.email = 'bobsaget#fullhouse.gov'
user.save()