I'm using the authentication that ships with django, and as such, it comes with its own SQL table. I have a few more attributes I'd like to use with the User model that are custom to my app such as a user photo or a random user blob where users can type in notes.
what's the best way of extending the existing user table that ships with django's authentication/authorization modeling to allow for my custom fields?
Please see my (and others) answer to this question:
The other way to handle this is to do table inheritance on the User model and develop your own derived EnhancedUser model. Typically a custom wrapper backend is also written to make sure the auth subsystem returns the EnhancedUser model as well.
There's a very good blog post answer here.
Related
I have just started developing a bookstore site with Django and I have a question about user authentication.
I want users to have a wallet, shopping cart and additional information for their account such as profile picture, phone number, address, etc. to buy books.
And now I am faced with the dilemma of whether to change the User model itself, or create a Profiles model for each and link it to the User model, or create a separate model (in other words, the authentication system) and do everything from scratch.
Now I have started building a separate authentication system. Everything was going well until I had problems in sending and receiving user data in the template contexts.
Finally, in general, I want to know if Django authentication system is really suitable for all users of a site?
Django is one of the most battle-hardened and well tested 'batteries-included' frameworks out there, so the built-in Authentication is more than acceptable. The Docs have an overview, with a guide on how to extend.
You can make an assessment of 3rd party packages relating to authentication here, and make a judgement as to whether or not any of these packages are suited to your e-commerce use-case.
With regards to your User model, its widely considered best practice to begin your project with a custom user model (i.e. before your first migration). The official docs even state this, however some people still prefer the 'old' way of doing this, which is to create a separate 'one-to-one' profile model.
Here is a tutorial about beginning a project with a custom User model.
Here is one about changing mid-project.
If the default Django's User model does not contain everything you need, you can always extend it with your own model. Django docs have it covered with some examples here: https://docs.djangoproject.com/en/4.0/topics/auth/customizing/#extending-the-existing-user-model
By extending the User model you can add additional fields and/or functions to the User model (for example, you can add an image, description, age, relationship status, etc.).
Having said that, I really recommend using Django's authentication backend. It's well-tested and secure.
I know how to make custom user models, my question is about style and best practices.
What are the consequences of custom user model in Django? Is it really better to use auxiliary one-to-one model?
And for example if I have a UserProfile models which is one-to-one to User, should I create friends relationship (which would be only specific to my app) between UserProfile or between User?
Also all 3rd-party packages rely on get_user_model(), so looks like if I don't use custom user model, all your relations should go to User, right? But I still can't add methods to User, so if User has friends relation, and I want to add recent_friends method, I should add this method to UserProfile. This looks a bit inconsistent for me.
I'd be glad if someone experienced in Django could give a clear insight.
Also all 3rd-party packages rely on get_user_model(), so looks like if I don't use custom user model, all your relations should go to User, right? But I still can't add methods to User, so if User has friends relation, and I want to add recent_friends method, I should add this method to UserProfile.
I have gone down the "one-to-one" route in the past and I ended up not liking the design of my app at all, it seems to me that it forces you away from SOLID. So if I was you I would rather subclass AbstractBaseUser or AbstractUser.
With AbstractBaseUser you are provided just the core implementation of User and then you can extend the model according to your requirements.
Depending on what sort of 3rd-party packages you are using you might need more than just the core implementation: if that's the case just extend AbstractUser which lets you extend the complete implementation of User.
I would definitely recommend using a custom user model - even if you use a one-to-one with a profile. It is incredibly hard to migrate to a custom user model if you've committed to the default user model, and there's almost always a point where you want to add at least some custom logic to the user model.
Whether you use a profile or further extend the user model should then be based on all considerations that usually apply to your database structure. The rightâ„¢ decision depends on the exact details of your profile, which only you know.
I created my own user table. I've been learning how to use the admin panel and I saw there's already a user table.
Should I use it or mine? (for example connection, member panel etc...)
If I should use it how to update it?
If I shouldn't what do I have to use it for?
Use the one django provides.
If you want extra fields on your user, create an extension to the user model.
It's really easy to do, you can just create your own model and make it inherit from the django.contrib.auth.User model, or you can also look here:
Extending the User model with custom fields in Django for more awesome answers of how people are doing this exact thing
We're running django alongside - and sharing a database with - an existing application. And we want to use an existing "user" table (not Django's own) to store user information.
It looks like it's possible to change the name of the table that Django uses, in the Meta class of the User definition.
But we'd prefer not to change the Django core itself.
So we were thinking that we could sub-class the core auth.User class like this :
class OurUser(User) :
objects = UserManager()
class Meta:
db_table = u'our_user_table'
Here, the aim is not to add any extra fields to the customized User class. But just to use the alternative table.
However, this fails (likely because the ORM is assuming that the our_user_table should have a foreign key referring back to the original User table, which it doesn't).
So, is this sensible way to do what we want to do? Have I missed out on some easier way to map classes onto tables? Or, if not, can this be made to work?
Update :
I think I might be able to make the change I want just by "monkey-patching" the _meta of User in a local_settings.py
User._meta.db_table = 'our_user_table'
Can anyone think of anything bad that could happen if I do this? (Particularly in the context of a fairly typical Django / Pinax application?)
You might find it useful to set up your old table as an alternative authentication source and sidestep all these issues.
Another option is to subclass the user and have the subclass point to your user-model. Override the save function to ensure that everything you need to do to preserve your old functionality is there.
I haven't done either of these myself but hopefully they are useful pointers.
Update
What I mean by alternative authentication in this case is a small python script that says "Yes, this is a valid username / password" - It then creates an instance of model in the standard Django table, copies fields across from the legacy table and returns the new user to the caller.
If you need to keep the two tables in sync, you could decide to have your alternative authentication never create a standard django user and just say "Yes, this is a valid password and username"
I'm wondering what the common project/application structure is when the user model extended/sub-classed and this Resulting User model is shared and used across multiple apps.
I'd like to reference the same user model in multiple apps.
I haven't built the login interface yet, so I'm not sure how it should fit together.
The following comes to mind:
project.loginapp.app1
project.loginapp.app2
Is there a common pattern for this situation?
Would login best be handled by a 'login app'?
Similar to this question but more specific.
django application configuration
UPDATE
Clarified my use-case above.
I'd like to add fields (extend or subclass?) to the existing auth user model. And then reference that model in multiple apps.
Why are you extending User? Please clarify.
If you're adding more information about the users, you don't need to roll your own user and auth system. Django's version of that is quite solid. The user management is located in django.contrib.auth.
If you need to customize the information stored with users, first define a model such as
class Profile(models.Model):
...
user = models.ForeignKey("django.contrib.auth.models.User", unique=True)
and then set
AUTH_PROFILE_MODULE = "appname.profile"
in your settings.py
The advantage of setting this allows you to use code like this in your views:
def my_view(request):
profile = request.user.get_profile()
etc...
If you're trying to provide more ways for users to authenticate, you can add an auth backend. Extend or re-implement django.contrib.auth.backends.ModelBackend and set it as
your AUTHENTICATION_BACKENDS in settings.py.
If you want to make use of a different permissions or groups concept than is provided by django, there's nothing that will stop you. Django makes use of those two concepts only in django.contrib.admin (That I know of), and you are free to use some other concept for those topics as you see fit.
You should check first if the contrib.auth module satisfies your needs, so you don't have to reinvent the wheel:
http://docs.djangoproject.com/en/dev/topics/auth/#topics-auth
edit:
Check this snippet that creates a UserProfile after the creation of a new User.
def create_user_profile_handler(sender, instance, created, **kwargs):
if not created: return
user_profile = UserProfile.objects.create(user=instance)
user_profile.save()
post_save.connect(create_user_profile_handler, sender=User)
i think the 'project/app' names are badly chosen. it's more like 'site/module'. an app can be very useful without having views, for example.
check the 2008 DjangoCon talks on YouTube, especially the one about reusable apps, it will make you think totally different about how to structure your project.