When using django allauth for social account registration allauth defines the username automatically as first_name grabed from 3rdparty. So, for example: if facebooks John Cucumber registers he gets username "john". I would like to change this to "john cucumber". Use both his first and last name as username. Didn't see anything about this in docs.
Thanks
EDIT : Some more explanation:
Anonymity is not default
I am trying to achieve that as default the users are not anonymous (using nicknames). They have the ability to change username to nick, but only after fully registered, by default they use full name from social network.
Registration is quick (no forms)
I also want to have them registered and login quickly (that is why I am using social network login in the first place, one click and you are a user of my page). So, I don't wanto bother users with registration forms. As pointed out in Andrew's post below the
current setup of allauth causes many names conflicts (there can be only one John all others need to change they username). There will be less conflicts with full names than with first names. But this is something I go after later, once this issue is solved.
I think it will be a short matter of time before your users start seeing conflicts with the generated usernames. As soon as you have more than one "John Smith" then you'll have a problem.
Also, many users may prefer not to have their full name as their username.
Personally, I always use email for the login, never usernames, but if you're adamant about it, I'd recommend that you show a form allowing the choice of username and giving the default as "%s %s" % (first_name, last_name) or similar.
To ensure the form is displayed, edit settings:
SOCIALACCOUNT_AUTO_SIGNUP = False # require social accounts to use the signup form
From the documentation:
[If true] Attempt to bypass the signup form by using fields (e.g. username,
email) retrieved from the social account provider. If a conflict
arises due to a duplicate e-mail address the signup form will still
kick in.
You should be able to use a hook to supply the suggested username before the form is rendered.
A working example* of django-allauth with Twitter Bootstrap is at https://github.com/aellerton/demo-allauth-bootstrap. However, it does not use usernames but it does show the signup form after social signup.
*Disclaimer: I wrote the example.
Related
I have created an apex application and I have some end users which should log in to the application and use it, I realized that there is not any change password or reset password option for end users !!!
How can I add it to login page ??
I have done that based on this link, but the problem is when any username is not entered, it goes to the change password page and after presseing the change password button an internal error box appears !
https://apex-de.blogspot.com/2017/11/change-apexuser-password-for-end-users.html
That page in the blog does not mention a username. And it shouldn't because a user should only be able to set/change a password for himself. Usually there are 2 ways to change a password, both can be implemented together:
A form that is accessible to any user that is logged in. That way you're sure that the password is changed for the actual user.
A link on the home page that points to a public form in which the user can enter his email address that is linked to his account. When the form is submitted the user gets an email with a link that contains a unique code that is linked to his email and only valid for x minutes. The email verification is needed to ensure the user that wants to change the password is who he says he is. Clicking on the link allows the user change the password. At no point the password is displayed to the user or emailed to the user.
Both of those can be implemented in apex - the api to change a users password is APEX_UTIL.CHANGE_CURRENT_USER_PW as mentioned in the blog.
The reason that by default there is no password management is that the authentication scheme "Application Express users" is rarely used for production applications. Usually it's social sign in, LDAP, SSO or SAML and "Application Express users" is only there for development purposes.
When I create the Django superuser , if I try to add a weak password Django doesn't let me, but for normal users, in admin, or using register form I can add very simple password.
How can I ad the password validation from the superuser creation to all users ?
Can the number of login bad tries be limited (I prefer without third-party)
When creating users or super users alike both use the same Django configuration settings AUTH_PASSWORD_VALIDATORS and if left unmodified it'll contain a list of validators that all passwords will validate against when creating users via Django admin.
This is also the place where you strengthen your validators by adding more if you want harder or remove if you want to be more lax.
However, if you're creating users via the management commands create_user and create_superuser this list of validators will not apply. This is because Django assumes that only developers are interacting with Django at this level.
For your second ask, there is nothing built-in to Django that supports login tries and following blocking of further logins. This is something that either comes from 3rd party apps such as django-defender or from own implementation.
The broad strokes of that implementation is
Add a new tablemechanism that stores number of tries
Add a new settings in settings.py LOGIN_ATTEMPTS = 3
Override the login flow for a user in which you check this table for attempts
If failed attempt increment counter, if successful reset counter.
If user hits the limit of attempts, set users is_active to False and always return False from your login override.
I mean using the default django authentication backend and functions.
If two users have the same usernames but different passwords is django able to login that user and return the correct User object? Or is the authenticate function not able to handle that scenario? I looked in the github and I don't think the username field in the User model has to be unique
Short answer: no.
Long answer:
Django doesn't support having more than one user with the same username because, even with what you are proposing (password differentiation) there is still a chance two users will have the same password.
Even if it weren't like this, I find it very hard to find a reason to let users share their usernames. You can create an "alias" or something additional, and let it be "not unique"
I use Django social-auth (omab version just to avoid any confusion with the other similarly named project) and right now I am trying it with Facebook. It is possible to register a new user and to login/logout without any issue. The only thing that I would like to add is a form during registration to let the user enter the desired username to be used on site because at the moment the username is either a facebook username (I do not want to force the user to use the same username) or a uuid if there is no facebook username (and that is ugly).
I am reading the docs, the pipelines and all that stuff but I'm not sure to understand, any hint or explanation would be welcome.
I found it in the example app that comes with social-auth https://github.com/omab/django-social-auth/tree/master/example/app. There is an example of the pipeline to use and even the form and views you need to implement. Very few to no changes are necessary to have a working implementation. At least some work needs to be done on the form at the time I write this because you can enter a username already taken.
The accepted answer links to an entire GitHub project without explaining anything about what parts of it are relevant, and some of it is outdated, so I'll try to share what I've learned.
django-social-auth is deprecated and the replacement is social-app-django, which integrates Django with the python-social-auth project.
The documentation on python-social-auth Pipelines is relevant. In the default pipeline, this is the stage that generates the username:
# Make up a username for this person, appends a random string at the end if
# there's any collision.
'social_core.pipeline.user.get_username',
The implementation of get_username shows the default behavior. We will have to copy these aspects:
It ensures that the username it comes up with is unique, by checking storage.user.user_exists(username=...) and modifying the username until it is unique.
It returns the dictionary {'username': '...'}, which is passed to the next stages in the pipeline.
To prompt the user, we need a custom "partial" pipeline stage. This lets us pause the pipeline to wait for the user to submit the username form and then resume it once we have the username.
For my app, I'd just like people to register with an email address and password and use that to log in. Essentially I dont want the username to ever be seen by the end user.
I'm using django-registration. Is there a super simple way to set it this way? Seems like a fairly common need.
Thanks!
http://djangosnippets.org/snippets/1001/
In your registration form, you'll need to remove the username and have it be autogenerated. The username field isn't very long in Django so just using an email isn't a viable option without (monkey)patching Django.
Once you are registering users with a autogenerated username, you'll need to enable authenication. To do this you need to use a custom Authentication backend that enables signing in by email. Pinax has one that you can use as a reference:
Link