I am building an API with Django Tastypie and I am trying to implement the ApiKeyAuthentication.
My system doesn't use the built in User model that Django provides and all the examples seem to rely on that.
I've created my own version of the User model called Author which is much simpler. For the ApiKeyAuthorization I was hoping to be able to use the id of an Author rather than the username of the User model.
Is there a way I can build this authorization system without using the User model?
ApiKeyAuthentication relies on Django's builtin User object. It's a fairly simple class implementation, looking at its source should give you an idea how to write your own Authentication model.
Related
I am building a food ordering website with Django. I want my users to register an account on my site, and they should sign in to actually order. I want to use the User class built in with Django, but that doesn't include necessary fields like address, confirmation ID, and phone number. If I build a custom User model, that doesn't have many good helper functions which I can use like auth.authenticate. I searched this topic, and I found that I could use AbstractUser. But when I inherited my CustomUser class from AbstractUser, some strange things began to happen. After some more research, I found out that changing the User model after applying my built-in migrations give some errors as there are some relationships or something.
I deleted my database and created a new one. Now, I am extending my CustomUser class from the built-in User class. This works fine, only you can't do auth.authenticate checking with the, confirmation ID for instance. Also, it seems to create two models every time I create a new CustomUser, the other on in the Users under the auth tab.
Can you tell me any good way to connect the User model with a few more fields after applying the built-in migrations? Thanks in advance.
You should extend from AbstractUser and not User class ( behaviour you are experiencing is Multi-table inheritance (as documented))
Whole process of substituting default user model is well documented
I have a Django app that uses django-authtools which provides a custom auth model so that I can use email as user id.
I am wondering if there is a reusable app that I can reuse for doing registrations. Something like django-registration-redux but that works well with the just using email as user id. Or can django-registration-redux be used in this scenario?
I figured that what I was trying to achieve is achieved by using django-allauth instead. This link shows the way how to achieve it:
I think I can achieve what I am trying to do how it is specified in Remove 'username' field from django-allauth. So I guess
this is my first question on stackoverflow. I am a beginner programmer and kind of have issues with programming logic.
My issue is that I have a model(which happens to be a form) which collects important information from the users, I want to be able relate this model with the individual user since it has the information about them that I need.
Any form of help is appreciated...By the way am using the Django web framework.
Before 1.5: https://docs.djangoproject.com/en/dev/topics/auth/#auth-profiles, add a model that links OneToOne to the User model provided by Django and telling about that model in settings.py with the global AUTH_PROFILE_MODULE
After 1.5: https://docs.djangoproject.com/en/dev/topics/auth/#auth-custom-user, the previous method is deprecated. Now you have to fully customize the User model provided by Django.
If you are a new user, I suggest the following links:
EXTENDING USER MODEL IN DJANGO
Storing additional information about users
Generally, you create a normal model with a foreign key to the Django User model. Then add any other fields you would want to store for a user e.g. date of birth, website, favorite color, etc.
Since i'm not using the Auth User from Django, I have my own model CustomUser and I want make authentication on site through this model (CustomUser does not inherit from User model and not related to it at all).
class CustomUser(models.Model):
password = models.CharField(max_length = 40)
email = models.EmailField(max_length = 72, unique = True)
#stuff...
I checked https://docs.djangoproject.com/en/dev/topics/auth/#writing-an-authentication-backend and the main thing I don't understand is:
from django.contrib.auth.models import User
Do I need to import Django User if I want to use my CustomUser?
I can't find a good tutorial which explains how you can use Django without standard Auth User.
*edit:
I know I can extend with User. But I just don't want that. The question is not: what is the best way to use User and store additional information etc etc. I appreciate it though.
BUT how I can use a Custom User without using Auth User. Even if I don't have a reason to. *
If it is possible I want to know how.
The whole Django auth system is tightly coupled with django.contrib.auth.models.User, so you should use it in the backend. Quoting Django docs
For now, the best way to deal with this is to create a Django User object for each user that exists for your backend
But the main question here is: what is so special about your CustomUser that you can't implement with normal User model (may be extended)? In 99% of cases using User is the best way.
Check out this post.
Most of the Django projects I’ve worked on need to store information about each user in addition to the standard name and email address held by the contrib.auth.models.User model.
If you’re using trunk as of revision 7477 (26th April 2008), your model classes can inherit from an existing model class. Additional fields are stored in a separate table which is linked to the table of the base model. When you retrieve your model, the query uses a join to get the fields from it and the base model.
http://scottbarnham.com/blog/2008/08/21/extending-the-django-user-model-with-inheritance/
And this post.
Copy the auth application over into your own project and modify it to your needs. This avoids some of the maintenance troubles, but removes the utility of Django bundling an auth system in the first place. It can also cause compatibility problems with other applications which expect the User model to be in django.contrib.auth.
http://www.b-list.org/weblog/2006/jun/06/django-tips-extending-user-model/
Perhaps this answers your question:
From 'https://docs.djangoproject.com/en/1.6/topics/auth/customizing/#substituting-a-custom-user-model':
Substituting a custom User model
New in Django 1.5.
Some kinds of projects may have authentication requirements for which Django’s built-in User model is not always appropriate. For instance, on some sites it makes more sense to use an email address as your identification token instead of a username.
Django allows you to override the default User model by providing a value for the AUTH_USER_MODEL setting that references a custom model:
AUTH_USER_MODEL = 'myapp.MyUser'
This dotted pair describes the name of the Django app (which must be in your INSTALLED_APPS), and the name of the Django model that you wish to use as your User model.
Of course there are some requisite warnings to consider (available at the above link), but this is looking like a good answer to your question: https://docs.djangoproject.com/en/1.6/ref/settings/#auth-user-model
There are also some custom model compliance expectations to consider (too many to list here): https://docs.djangoproject.com/en/1.6/topics/auth/customizing/#specifying-a-custom-user-model
Unless there can be more than one value for AUTH_USER_MODEL (I doubt that is sane), then I think I will need to build my own custom authentication backend: https://docs.djangoproject.com/en/1.6/topics/auth/customizing/#writing-an-authentication-backend
I hope this helps any other lost souls out there that need distinct User and Device authentication schemes (perhaps because of some pre-existing spec that makes messy what could be soooo easy).
Cheers!
Need to integrate Django with an existing authentication system. That system has it's own database, API, login/logout,edit profile web pages and cookie.
(I may have to add a few additional profile fields stored/updated locally)
What's the proper approach to substitute the out-of-the-box authentication in Django?
The proper approach to substitute authentication from django's out-of-the-box to your own is to substitute your classes in the AUTHENTICATION_BACKENDS tuple in settings.py as described in http://docs.djangoproject.com/en/dev/topics/auth/#specifying-authentication-backends. This is incredibly useful for just the issue you're describing.
A good example of an authentication backend done this way is django-cas. This uses CAS to authenticate in a django application. You can use this as your template and just write hooks into your own authentication system identically.
HTH
I've created a custom authentication backend when I've had to do something similar to what you have to do. See: http://docs.djangoproject.com/en/dev/topics/auth/#writing-an-authentication-backend
In the authenticate function you call your api to authenticate the user, and then map them to a django.contrib.auth.model.User object on some primary key, like username for example. If the primary key is something other than username I usually create a mapping object, or put it into the profile object for the project.
This depends on how you want to handle the problem. If you don't need to keep the existing system running, your best bet is to import their data into the django project.
If the authentication system must stay in tact, you might have to write a wrapper for django.auth. I've done this in the past using SQLAlchemy http://www.sqlalchemy.org to integrate to the external database.
It might be helpful to take a look at the Django 1.2 multi-db support http://djangoadvent.com/1.2/multiple-database-support
In either case I'd try to get the user information into django.auth rather than to write your own authentication system.