I have a UserProfile model to add some things to my User model and one thing I want to do is have unique email for users so I added an email attribute to my UserProfile model and set it to unique=True like this :
class UserProfile(models.Model):
user = models.OneToOneField(User, related_name="profile")
email = models.EmailField(unique=True)
avatar = models.ForeignKey(Avatar)
...
I created a custom form for the registration to add some infos directly to my UserProfile :
class CreateUserForm(forms.Form):
username = forms.CharField(max_length=30, label="Pseudo")
password1 = forms.CharField(widget=forms.PasswordInput, label="Password")
password2 = forms.CharField(widget=forms.PasswordInput, label="Confirmez pwd")
email = forms.EmailField(widget=forms.EmailInput, label="E-mail")
avatar = AvatarChoiceField(widget=forms.RadioSelect, queryset=Avatar.objects.all(), label="Avatar")
def clean_username(self):
username = self.cleaned_data.get('username')
if User.objects.filter(username=username).exists():
raise forms.ValidationError("This username is already used")
return username
def clean_password2(self):
password1 = self.cleaned_data.get('password1')
password2 = self.cleaned_data.get('password2')
if password1 != password2:
raise forms.ValidationError("Your passwords do not match")
return password1
def clean_email(self):
email = self.cleaned_data.get('email')
if UserProfile.objects.filter(email=email).exists():
raise forms.ValidationError("This email is already used")
return email
And then in my views.py I treat my form like that :
def create_user(request):
if request.method == 'POST':
form = CreateUserForm(request.POST)
if form.is_valid():
username = form.clean_username()
email = form.clean_email()
password = form.clean_password2()
username = form.cleaned_data['username']
avatar = form.cleaned_data['avatar']
user = User.objects.create_user(username=username, password=password)
user.save()
user_profile = UserProfile(user=user, email=email, avatar=avatar)
user_profile.save()
else:
form = CreateUserForm()
return render(request, 'accounts/create.html', locals())
Finally I used the email of the form for my UserProfile model and not for my User model. And by this way I have a unique email for my users. And it's working.
Am I doing it right or is there a better way to achieve what I want ?
You are on the right track, the only thing that doesn't look right is that you shouldn't call clean method manually like this:
# These are not needed in your view method
username = form.clean_username()
email = form.clean_email()
password = form.clean_password2()
They are already called by form.is_valid(). See this SO question for details.
Related
I'm new to Django, I have a registration form, Everything works fine If I fill all fields and when I don't fill all the fields. But when I submit a form without a username field I get a "Key Error" instead of "This field is required" Exception since I have declared the field is required on the form class.
forms.py
class UserRegistration(forms.ModelForm):
first_name = forms.CharField(label='First Name', max_length=50)
last_name = forms.CharField(label='Last Name', max_length=50)
username = forms.CharField(label='Username', max_length=50)
email = forms.EmailField(label='Email', max_length=50)
password = forms.CharField(label='Password', widget=forms.PasswordInput, max_length=50, validators = [validators.MinLengthValidator(6)])
password2 = forms.CharField(label='Repeat Password', widget=forms.PasswordInput, max_length=50)
class Meta:
model = User
fields = ('username', 'first_name', 'last_name', 'email', 'password', 'password2')
def clean_username(self):
username = self.cleaned_data['username']
email = self.cleaned_data['email']
if username and User.objects.filter(username=username).exclude(email=email).count():
raise forms.ValidationError('This username address is already in use.')
return username
def clean_email(self):
email = self.cleaned_data['email']
username = self.cleaned_data['username']
if email and User.objects.filter(email=email).exclude(username=username).count():
raise forms.ValidationError('This email address is already in use.')
return email
def clean_password(self):
password = self.cleaned_data['password']
if len(password) < 6:
raise forms.ValidationError("Password is too short")
return password
def clean_password2(self):
cd = self.cleaned_data
if cd['password'] != cd['password2']:
raise forms.ValidationError('Passwords don\'t match.')
return cd['password2']
views.py
def register(request):
if request.method == 'POST':
form = UserRegistration(request.POST)
if form.is_valid():
new_user = form.save(commit=False)
new_user.set_password(
form.cleaned_data.get('password')
)
new_user.save()
return render(request, 'authapp/register_done.html')
else:
return render(request, 'authapp/register.html', {'form':form})
else:
form = UserRegistration()
context = {
"form": form
}
return render(request, 'authapp/register.html', context=context)
Error Traceback
Error Page Screenshot
Request Information Post data
When creating Form, update the username field with required and Null
Yes, by default required will be True but it is a constraint for the DB side while the 'null' field is used when any widget is must from UI side
username = forms.CharField(label='Username', max_length=50,required=True,null=False)
And about error you got : username validator is saving empty name so empty data is accessed and used in email validation
After googling and researching "KeyError" Exception, I have found that the error is caused by accessing a dictionary value with a key 'username' that doesn't exist, hence the KeyError. So it's more of a programming error than Django itself. The solution is to check for the key if it exists before accessing it or use
username = self.cleaned_data.get('username')
instead of
username = self.cleaned_data['username']
according to https://www.journaldev.com/33497/python-keyerror-exception-handling-examples#:~:text=We%20can%20avoid%20KeyError%20by,when%20the%20key%20is%20missing.
I've searched everywhere for a solution to this problem. Yet, no resolution as of yet.
The problem
After successfully creating a user via a front-end registration form, upon logging in using a front-end login form, the "Authenticate" function returns "None".
The interesting part, if I am to create a new user via the admin panel (using similar code), I am then able to login via the front-end login form.
The custom user model I've created does use an email address as the Username. If a user registers using the front-end register form, the user details are saved to the database, where the password is properly hashed.
Here is the code:
From Forms.py
from django import forms
from django.contrib.auth.forms import ReadOnlyPasswordHashField
from .models import User as CustomUser
from django.conf import settings
class RegisterForm(forms.ModelForm):
password1 = forms.CharField(label='', widget=forms.PasswordInput)
password2 = forms.CharField(label='', widget=forms.PasswordInput)
class Meta:
model = CustomUser
fields = ('email', 'full_name')
def __init__(self, *args, **kwargs):
super(RegisterForm, self).__init__(*args, **kwargs)
self.fields['email'].widget.attrs.update(
{'class': 'form-control loginInput', 'placeholder': 'Your Email (you#company.com)'})
self.fields['full_name'].widget.attrs.update(
{'class': 'form-control loginInput', 'placeholder': 'Your Full Name'})
self.fields['email'].label = ''
self.fields['full_name'].label = ''
self.fields['password1'].widget.attrs.update(
{'class': 'form-control loginInput', 'placeholder': 'Your Password'})
self.fields['password2'].widget.attrs.update(
{'class': 'form-control loginInput', 'placeholder': 'Confirm Password'})
def clean_email(self):
email = self.cleaned_data.get('email')
qs = CustomUser.objects.filter(email=email)
if qs.exists():
raise forms.ValidationError("email is taken")
return email
def clean_password2(self):
# Check that the two password entries match
password1 = self.cleaned_data.get("password1")
password2 = self.cleaned_data.get("password2")
if password1 and password2 and password1 != password2:
raise forms.ValidationError("Passwords don't match")
return password2
def save(self, commit=True):
# Saving the provided password in hashed format
user = super(RegisterForm, self).save(commit=False)
user.set_password(self.cleaned_data["password1"])
if commit:
user.save()
return user
class UserAdminCreationForm(forms.ModelForm):
password1 = forms.CharField(label='Password', widget=forms.PasswordInput)
password2 = forms.CharField(label='Password confirmation', widget=forms.PasswordInput)
class Meta:
model = CustomUser
fields = ('email',)
def clean_password2(self):
password1 = self.cleaned_data.get("password1")
password2 = self.cleaned_data.get("password2")
if password1 and password2 and password1 != password2:
raise forms.ValidationError("Passwords don't match")
return password2
def save(self, commit=True):
user = super(UserAdminCreationForm, self).save(commit=False)
user.set_password(self.cleaned_data["password1"])
if commit:
user.save()
return user
From Views.py
def register(request):
registered = False
if request.method == 'POST':
registration = forms.RegisterForm(data=request.POST)
if registration.is_valid():
member = registration.save()
member.set_password(member.password)
member.save()
registered = True
else:
print(registration.errors)
else:
registration = forms.RegisterForm()
print("Registered: " + str(registered))
return render(request, 'accounts/registration.html',
{'registration_form': registration,
'registered': registered,
})
def user_login(request):
if request.method == 'POST':
username = request.POST.get('username')
password = request.POST.get('password')
user = authenticate(username=username, password=password)
if user not None:
if user.is_active:
login(request, user)
return HttpResponseRedirect(reverse('account_index'))
else:
HttpResponse("ACCOUNT NOT ACTIVE")
else:
print("Someone tried to login and failed!")
print("Email: {} and password {}".format(username, password))
return HttpResponse("invalid login details supplied!")
else:
return render(request, 'accounts/user_login.html', {})
I'm at a loss at the present time. Could use some direction or advice.
Ok, I've resolved this issue. It seems as though I just needed to sleep on it.
Here is the code that was causing the issue:
In Views.py
member.set_password(member.password)
It seems as if though it was setting a hashed version of the password. But "set_password" must be the raw version of the password.
To fix this I changed it to:
member.set_password(request.POST.get('password1'))
Behold, it works!
So I'm trying to use the authentication method in my views, but always return "Does not exist", I'm using MD5 hash for my password field, so I don't know if thats the problem
forms.py
class LoginForm(forms.Form):
email = forms.EmailField()
password = forms.CharField(widget=forms.PasswordInput)
#This Method Hash the password
def clean_password(self):
clearPassNoHash = self.cleaned_data['password']
self.password = md5.new(clearPassNoHash).hexdigest()
return self.password
views.py
def auth_login(request):
args = {}
form = LoginForm(request.POST)
email = request.POST['email']
password = request.POST['password']
user = authenticate(email=email, password=password)
if user is not None:
login(request, user)
print("Exist")
else:
print("Does not exist")
I've tried with check_password() method(in my forms) that actually works
but I don't know why I'm having trouble with the authenticate()
-----------------------------UPDATE--------------------------------
Views.py
def auth_login(request):
args = {}
form = LoginForm(request.POST)
if form.is_valid():
username = form.cleaned_data['username']
password = form.cleaned_data['password']
user = authenticate(username=username, password=password)
if user is not None:
print("existe")
print user
else:
print user
args['form'] = form
return render(request, 'login/login.html', args)
forms.py
class LoginForm(forms.Form):
username = forms.CharField()
password = forms.CharField(widget=forms.PasswordInput)
Other observation:
I have this in my settings.py to use my custom model
AUTH_PROFILE_MODULE = 'StudentUsers.StudentRegistration'
and this is the username field I add to my model:
class StudentRegistration(AbstractBaseUser, models.Model):
username = models.CharField(max_length = 25, null=False, default="", unique=True)
You need to get the email and password from the form's cleaned_data, not from the request directly. Read more on the cleaned_data attribute from the docs : https://docs.djangoproject.com/en/1.9/ref/forms/api/#django.forms.Form.cleaned_data
password = form.cleaned_data['password']
You should not be hashing the password value yourself. That is what authenticate already does; so in effect you are hashing twice.
I have looked at a lot of posts that had similar issues and the answers did nothing for my code.
I am using a custom registration form for a site I'm working on that makes email required. most of the code in it is based off of the one built in to django. I have tried to create a new form class based on django.contrib.auth.forms.UserCreationForm and still get the same error.
The form based on the one in django
class UserCreateFrom(UserCreationForm):
"""
A form that creates a user, with no privileges, from the given username and
password.
"""
error_messages = {
'duplicate_username': _("A user with that username already exists."),
'duplicate_email': _("That email is already in use"),
'password_mismatch': _("The two password fields didn't match."),
}
email = forms.EmailField(label=_("Email Address"),
required=True,
help_text="Required. Your Email Address for password resets, and other emails from us")
def clean_email(self):
email = self.cleaned_data["email"]
try:
User._default_manager.get(email=email)
except User.DoesNotExist:
return email
raise forms.ValidationError(
self.error_messages['duplicate_email'],
code='duplicate_email',
)
the form currently in use
class UserCreateFrom(forms.ModelForm):
"""
A form that creates a user, with no privileges, from the given username and
password.
"""
error_messages = {
'duplicate_username': _("A user with that username already exists."),
'duplicate_email': _("That email is already in use"),
'password_mismatch': _("The two password fields didn't match."),
}
username = forms.RegexField(label=_("Username"), max_length=30,
regex=r'^[\w.#+-]+$',
help_text=_("Required. 30 characters or fewer. Letters, digits and "
"#/./+/-/_ only."),
error_messages={
'invalid': _("This value may contain only letters, numbers and "
"#/./+/-/_ characters.")
}
)
email = forms.EmailField(label=_("Email Address"),
required=True,
help_text="Required. Your Email Address for password resets, and other emails from us")
password1 = forms.CharField(label=_("Password"),
widget=forms.PasswordInput)
password2 = forms.CharField(label=_("Password confirmation"),
widget=forms.PasswordInput,
help_text=_("Enter the same password as above, for verification."))
class Meta:
model = User
fields = ("username",)
def clean_username(self):
# Since User.username is unique, this check is redundant,
# but it sets a nicer error message than the ORM. See #13147.
username = self.cleaned_data["username"]
try:
User._default_manager.get(username=username)
except User.DoesNotExist:
return username
raise forms.ValidationError(
self.error_messages['duplicate_username'],
code='duplicate_username',
)
def clean_email(self):
email = self.cleaned_data["email"]
try:
User._default_manager.get(email=email)
except User.DoesNotExist:
return email
raise forms.ValidationError(
self.error_messages['duplicate_email'],
code='duplicate_email',
)
def clean_password2(self):
password1 = self.cleaned_data["password1"]
password2 = self.cleaned_data["password2"]
if password1 and password2 and password1 != password2:
raise forms.ValidationError(
self.error_messages['password_mismatch'],
code='password_mismatch',
)
return password2
def save(self, commit=True):
user = super(UserCreateFrom, self).save(commit=False)
user.set_password(self.cleaned_data["password1"])
if commit:
user.save()
return user
the view, I have not been able to work on if the form is valid since I cant get it to work with no data UserCreateFrom is my custom registration form imported from froms.py in the same app.
#sensitive_post_parameters()
#csrf_protect
#never_cache
def register(request):
"""
Allow registration of new users
:param request:
:return:
"""
context = {}
form = UserCreateFrom(data=request.post)
context.update({'form': form})
if request.method == 'POST' and form.is_valid():
return render(request, 'test.html', context)
else:
return render(request, 'register.html', context)
if I switch form = UserCreateFrom(data=request.post) to form = UserCreateFrom(request) I get 'WSGIRequest' object has no attribute 'get' error, but this way at least errors in the template right where the form is called via `{{ form }}, and not the view.
The data attribute is called request.POST.
But you should move that into the block that checks the method.
I'm trying to create edit user profile functionality. But I get the following error. I feel like it's trying to create a new user instead of editing the existing one. So that might result into username not being unique. I've no idea what to change/add here.
Here is my views
def showProfile(request, id):
profile = DoctorSeeker.objects.get(id=id)
return render(request,'meddy1/seekerprofile.html',{'doctorSeeker': profile})
def update_profile(request):
args = {}
if request.method == 'POST':
form = UserUpdateForm(request.POST)
if form.is_valid():
form.save()
return render(request, showProfile())
else:
form = UserUpdateForm()
args['form'] = form
return render(request, 'meddy1/editseekerprofile.html', args)
Here is my forms
class UserUpdateForm(forms.ModelForm):
name = forms.CharField(max_length=200, widget=forms.TextInput(attrs={'class': 'form-control','placeholder':'FirstName LastName'}))
email = forms.EmailField(required=True, widget=forms.TextInput(attrs={'class': 'form-control','placeholder':'Please enter a valid email address so we can reach you. No spam. Ever.'}))
password1 = forms.CharField(label="Old Password",widget=forms.PasswordInput(attrs={'class': 'form-control','placeholder':'Enter your password to save the changes.'}),required=False)
password2 = forms.CharField(label="New Password?",widget=forms.PasswordInput(attrs={'class': 'form-control','placeholder':'Only enter new password if you want to change it.'}),required=False)
password3 = forms.CharField(label="Confirm New Password",widget=forms.PasswordInput(attrs={'class': 'form-control','placeholder':'Confirm New Password'}),required=False)
class Meta:
model = DoctorSeeker
fields = ("name","email")
class Meta:
model = User
fields = ("password2", "password3")
def clean_password2(self):
password2 = self.cleaned_data.get("password2")
password3 = self.cleaned_data.get("password3")
if password2 and password3 and password2 != password3:
raise forms.ValidationError(
self.error_messages['password_mismatch'],
code='password_mismatch',
)
return password2
def save(self, commit=True):
user = super(UserUpdateForm, self).save(commit=False)
user.set_password(self.cleaned_data["password2"])
fullName = self.cleaned_data["name"]
Email = self.cleaned_data["email"]
if commit:
user.save()
userProfile = DoctorSeeker(user=user, name=fullName, email=Email)
userProfile.save()
return user
the save method of django form will create a new object (if no instance are suplied) and not an update of this one. You have to retreive your user first pass the instance through the form and then save it.
For more informations see: https://docs.djangoproject.com/en/dev/topics/forms/modelforms/#the-save-method