Django Abstract BaseUser

Question

Can I use same authentication system as provided by Django User models for models subclassing Abstract Base User models and, if not, then what else can we do? Also, how to configure ModelAdmin for providing admin access to these models?

Using custom user model is descirbed in [docs](https://docs.djangoproject.com/en/dev/topics/auth/customizing/#a-full-example) — Dmit3Y, Feb 04 '14 at 12:53
It is but I am still confused about the modeladmin and the admin class used for abstract base user which is not completely defined in the docs — saurabh, Feb 04 '14 at 13:00

score 2 · Accepted Answer · answered Feb 04 '14 at 13:12

The fact that you prefer using Django's built-in authentication system as is, is probably an indicator that substituting a custom User class based on the Abstract Base User model is unnecessary. You might want to consider extending the User class with a one-to-one relationship (how-to from the docs). This will allow you to keep all of Django's default behaviour, as well as add any additional fields, methods, etc. that you would want a User to have. We've found this to be adequate for most of our cases, and far less hassle than creating an entirely new Use class.

Anyways, that being said, you can create a custom authentication by inheriting from BaseUserManager and creating a new manager, then assigning your custom User's objects field to this new manager. Alternatively, you could assign your custom User's objects field to Django's manager. You should only create your own manager if you need some sort of custom authentication (for example, logging in with an email instead of with a username). Here is a link to the docs on how to do that.

To register the custom User model with Django's admin, you'll need to do a few things in your specific app's admin.py file. First, create custom forms for creating and editing Users, then subclass UserAdmin in your custom User Admin class, and reference the forms you previously created. Finally, register the new User Admin using admin.site.register(). Here's a full example of the admin.py file:

from django import forms
from django.contrib import admin
from django.contrib.auth.models import Group
from django.contrib.auth.admin import UserAdmin
from django.contrib.auth.forms import ReadOnlyPasswordHashField

from customauth.models import MyUser


class UserCreationForm(forms.ModelForm):
    """A form for creating new users. Includes all the required
    fields, plus a repeated password."""
    password1 = forms.CharField(label='Password', widget=forms.PasswordInput)
    password2 = forms.CharField(label='Password confirmation', widget=forms.PasswordInput)

    class Meta:
        model = MyUser
        fields = ('email', 'date_of_birth')

    def clean_password2(self):
        # Check that the two password entries match
        password1 = self.cleaned_data.get("password1")
        password2 = self.cleaned_data.get("password2")
        if password1 and password2 and password1 != password2:
            raise forms.ValidationError("Passwords don't match")
        return password2

    def save(self, commit=True):
        # Save the provided password in hashed format
        user = super(UserCreationForm, self).save(commit=False)
        user.set_password(self.cleaned_data["password1"])
        if commit:
            user.save()
        return user


class UserChangeForm(forms.ModelForm):
    """
    A form for updating users. Includes all the fields on
    the user, but replaces the password field with admin's
    password hash display field.
    """
    password = ReadOnlyPasswordHashField()

    class Meta:
        model = MyUser
        fields = ['email', 'password', 'date_of_birth', 'is_active', 'is_admin']

    def clean_password(self):
        # Regardless of what the user provides, return the initial value.
        # This is done here, rather than on the field, because the
        # field does not have access to the initial value
        return self.initial["password"]


class MyUserAdmin(UserAdmin):
    # The forms to add and change user instances
    form = UserChangeForm
    add_form = UserCreationForm

    # The fields to be used in displaying the User model.
    # These override the definitions on the base UserAdmin
    # that reference specific fields on auth.User.
    list_display = ('email', 'date_of_birth', 'is_admin')
    list_filter = ('is_admin',)
    fieldsets = (
        (None, {'fields': ('email', 'password')}),
        ('Personal info', {'fields': ('date_of_birth',)}),
        ('Permissions', {'fields': ('is_admin',)}),
    )
    # add_fieldsets is not a standard ModelAdmin attribute. UserAdmin
    # overrides get_fieldsets to use this attribute when creating a user.
    add_fieldsets = (
        (None, {
            'classes': ('wide',),
            'fields': ('email', 'date_of_birth', 'password1', 'password2')}
        ),
    )
    search_fields = ('email',)
    ordering = ('email',)
    filter_horizontal = ()

# Now register the new UserAdmin...
admin.site.register(MyUser, MyUserAdmin)
# ... and, since we're not using Django's built-in permissions,
# unregister the Group model from admin.
admin.site.unregister(Group)

Once done with the admin.py file, specify the custom model as your default user model using the AUTH_USER_MODEL variable in your settings.py file.

AUTH_USER_MODEL = 'customauth.MyUser'

Thanks I had this confusion only about using MyUserAdmin. Also can I use authenticate function defined in django user model or I have to define it again in Myusermodel to authenticate any user who surfs my site. @sgarza62 — saurabh, Feb 04 '14 at 13:21
If your custom User model includes a `username` field, then Django's built-in `authenticate()` method will suffice. If your User model only includes, say, an email as the unique identifier, then you'll have to specify the `email` as the `USERNAME_FIELD` inside the User class. Please read through the following two exchanges for more information: [1] http://stackoverflow.com/questions/16689056/authenticating-a-custom-user-in-django-1-5 [2] https://groups.google.com/forum/#!topic/django-users/4lNWuyv16hg — sgarza62, Feb 04 '14 at 23:27
Its still not working I mean after logging in admin as superuser I get the following I mean I logged in successfully but it says > Site administration >You don't have permission to edit anything — saurabh, Feb 05 '14 at 11:41
What version of Django are you using? If it's anything older than 1.7, then in your `urls.py` file, `from django.contrib import admin`, then add `admin.autodiscover()` to your project's `urls.py` file, before declaring your `urlpatterns`. Link to docs: https://docs.djangoproject.com/en/1.6/ref/contrib/admin/#hooking-adminsite-instances-into-your-urlconf — sgarza62, Feb 05 '14 at 13:26
After you've done that, if you're still having permission problems, then it could be that your custom User model needs permissions to be defined. Subclass the `PermissionsMixin` in your User model (https://docs.djangoproject.com/en/1.6/topics/auth/customizing/#django.contrib.auth.models.PermissionsMixin) as shown in the code of this answer (http://stackoverflow.com/a/15605899/1337422) — sgarza62, Feb 05 '14 at 13:34
Thanx for the help actually the problem was in defining the user creation form but its clear now and working.Great help from you thanx @sgarza62 — saurabh, Feb 06 '14 at 15:03

Django Abstract BaseUser

1 Answers1