1

How to write a custom authentication backend in Django taking scenario as Phone Number & OTP(One-Time Password) to authenticate against each user.

How to authenticate each user in form of multiple conditions.

  1. If email is verified and password exist ( authenticate using email and password).
  2. If phone is verified and exist( authenticate using phone and otp or if password exist then auth using phone and password).
Mukul Mantosh
  • 358
  • 4
  • 15

2 Answers2

3
from django.contrib.auth import backends, get_user_model
from django.db.models import Q

class AuthenticationBackend(backends.ModelBackend):
"""
Custom authentication Backend for login using email,phone,username 
with password
"""

def authenticate(self, username=None, password=None, **kwargs):
    usermodel = get_user_model()
    try:
        user = usermodel.objects.get(
            Q(username__iexact=username) | Q(email__iexact=username) | Q(phone__iexact=username)

        if user.check_password(password):
            return user
    except usermodel.DoesNotExist:
        pass

For you have to specify the authclass in settings.py

AUTHENTICATION_BACKENDS = ( 'applications.accounts.auth_backends.AuthenticationBackend', )

Nakul Narayanan
  • 1,412
  • 13
  • 17
  • Hey Nakul, can you provide the code for using email and password or phone with otp or phone with password. – Mukul Mantosh Sep 15 '17 at 04:03
  • and you can combine this [https://stackoverflow.com/questions/6560182/django-authentication-without-a-password] to check with otp – Nakul Narayanan Sep 15 '17 at 04:09
  • If you are satisfied with my code then can you mark this aswer – Nakul Narayanan Sep 15 '17 at 04:12
  • If you can combine the otp logic in the above provided code then it would be a great help. I'm actually new to Django so i'm little bit confused. – Mukul Mantosh Sep 15 '17 at 04:15
  • We will get the relevant user from the authenticate function. That is the main idea of authenticate. I can't give an exact code unless I get the exact logic you have implemented there. You can add necessary changes to the filter and get the verified user. Happy coding :) – Nakul Narayanan Sep 15 '17 at 04:37
  • Thanks. Let me try it. If i face any problem i will reach you again. – Mukul Mantosh Sep 15 '17 at 04:44
0

There are many ways to extend user model, here I leave you this page and you can choose which of them is better for you https://simpleisbetterthancomplex.com/tutorial/2016/07/22/how-to-extend-django-user-model.html

Mauricio Cortazar
  • 4,049
  • 2
  • 17
  • 27
  • I have been already using a custom user model but specifying email as my username using AbstractBaseUser. My condition is how can i authenticate using email or phone. If email then get password to authenticate or if phone then send otp message or phone with password to authenticate. I want to authenticate user based on E-MAIL or PHONE NUMBER. – Mukul Mantosh Sep 15 '17 at 03:57
  • https://stackoverflow.com/questions/31370118/multiple-username-field-in-django-user-model maybe this help, of course you can add more logic according what you need, for example if PHONE NUMBER is verified – Mauricio Cortazar Sep 15 '17 at 04:01
  • The above example is great. But how to authenticate a phone number if password is not present and we have to send an otp to authenticate that user. Can you explain me how to solve this flow. – Mukul Mantosh Sep 15 '17 at 04:07
  • well you can call a function setting a temporary password, anyway your question is too broad. Read this maybe can help you https://django-otp-official.readthedocs.io/en/latest/ – Mauricio Cortazar Sep 15 '17 at 04:22