Actually, I am working on a project and I have to modify the authentication system so that I am able to log in using email instead of a username. Also, I have to remove the username field as it's not relevant for the use case scenario. The problem i am getting is after user registers the password is saved as a plain text in database. Below is my implementation
My views.py
def signup(request):
if request.method == 'POST':
password = request.POST['cr-pwd']
email = request.POST['cr-eml']
phone_number = request.POST['cr-phone']
print(password, email, phone_number)
user = User.objects.create_user(email, password)
# user.username = username
user.password = password
user.email = email
user.phone_number = phone_number
user.save()
messages.success(request, 'Your account has been created successfully')
return render(request, 'index.html')
return render(request, 'index.html')
My models.py
from django.contrib.auth.models import AbstractUser, BaseUserManager
from django.db import models
from django.utils.translation import gettext_lazy as _
class UserManager(BaseUserManager):
"""Define a model manager for User model with no username field."""
use_in_migrations = True
def _create_user(self, email, password, **extra_fields):
"""Create and save a User with the given email and password."""
if not email:
raise ValueError('The given email must be set')
email = self.normalize_email(email)
user = self.model(email=email, **extra_fields)
user.set_password(password)
user.save(using=self._db)
return user
def create_user(self, email, password=None, **extra_fields):
"""Create and save a regular User with the given email and password."""
extra_fields.setdefault('is_staff', False)
extra_fields.setdefault('is_superuser', False)
return self._create_user(email, password, **extra_fields)
def create_superuser(self, email, password, **extra_fields):
"""Create and save a SuperUser with the given email and password."""
extra_fields.setdefault('is_staff', True)
extra_fields.setdefault('is_superuser', True)
if extra_fields.get('is_staff') is not True:
raise ValueError('Superuser must have is_staff=True.')
if extra_fields.get('is_superuser') is not True:
raise ValueError('Superuser must have is_superuser=True.')
return self._create_user(email, password, **extra_fields)
class CustomUser(AbstractUser):
#Email as auth removing username
username = None
email = models.EmailField(('email address'), unique=True)
USERNAME_FIELD = 'email'
REQUIRED_FIELDS = []
#Adding extra fields
is_student = models.BooleanField(default=False)
is_teacher = models.BooleanField(default=False)
phone_number = models.CharField(max_length=200, blank=True)
objects = UserManager()
class Meta:
model = CustomUser
fields = ("email", "password")
CodePudding user response:
In _create_user method in models.py, you are saving the hashed password correctly but in the signup method in views.py, you are reassigning the value of the password with the plain text so simple remove that line.
views.py
def signup(request):
if request.method == 'POST':
password = request.POST['cr-pwd']
email = request.POST['cr-eml']
phone_number = request.POST['cr-phone']
print(password, email, phone_number)
user = User.objects.create_user(email, password)
# user.username = username
user.email = email
user.phone_number = phone_number
user.save()
messages.success(request, 'Your account has been created successfully')
return render(request, 'index.html')
return render(request, 'index.html')