Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Model inherited from AbstractUser doesn't hash password field

I have a model that is inherited of AbstractUser, something like this :

class Driver(AbstractUser):
  dni = models.CharField(max_length=8,validators=[validate_dni],unique=True)
  license = models.CharField(max_length=9,unique=True)
  birthday = models.DateField()
  sex = models.CharField(max_length=1, choices=SEX_CHOICES)
  creation_date = models.DateField(auto_now = True)

According to this : https://docs.djangoproject.com/en/dev/topics/auth/customizing/

If you’re entirely happy with Django’s User model and you just want to add some additional profile information, you can simply subclass django.contrib.auth.models.AbstractUser and add your custom profile fields. This class provides the full implementation of the default User as an abstract model.

But, in my admin view, the field of password is a simple text input and the password is saved as raw text. I could try with AbstractBaseUser but first I need to clarify this issue. I'm starting with Django, so I'm a little newbie.

Thanks.

like image 841
Daniel Flores Avatar asked Mar 13 '13 05:03

Daniel Flores


People also ask

Is user password hashed in REST_framework?

when inheriting from rest_framework.serializers.ModelSerializer, and also the Meta.fieldsis equal to __all__, the user passwordis not hashed, and instead, saved in plain text in database. Expected behavior I would expect some kind of default hashing like the following (that I had to add for now apparently):

Does serializer hash password when fields is __all__#6737?

serializer does not hash password when fields is __all__#6737 Closed 3 of 6 tasks meysam81opened this issue Jun 9, 2019· 6 comments Closed 3 of 6 tasks serializer does not hash password when fields is __all__#6737 meysam81opened this issue Jun 9, 2019· 6 comments Comments Copy link Task lists! Give feedback

How can I hashing a password using the PBKDF2 algorithm?

The package currently offers a method KeyDerivation.Pbkdf2 which allows hashing a password using the PBKDF2 algorithm. This API is very similar to the .NET Framework's existing Rfc2898DeriveBytes type, but there are three important distinctions:

What is the difference between get_user() and authenticate() methods?

The get_user method takes a user_id – which could be a username, database ID or whatever, but has to be the primary key of your user object – and returns a user object or None. The authenticate method takes a request argument and credentials as keyword arguments. Most of the time, it’ll look like this:


2 Answers

You don't have to actually define your own function. You just need to use register it with the UserAdmin class from django.contrib.auth.admin and it works out of the box.

Explicitly, in your admin.py file make sure you have the following:

from django.contrib.auth.admin import UserAdmin
admin.site.register(CustomUserModel, UserAdmin)

If you have additional custom fields on your model, the above way of registering will make them not shown in the admin. In this case, you can make it work by making your custom Admin class inherit from the UserAdmin class, like the following:

from django.contrib import admin
from django.contrib.auth.admin import UserAdmin

@admin.register(CustomUserModel)
class CustomUserModelAdmin(UserAdmin):
    ...
like image 188
Kenny Loveall Avatar answered Sep 26 '22 05:09

Kenny Loveall


You need to define a function to hash that password. I think you directly save it to database.

class MyForm(forms.ModelForm):
    ............
    def save(self, commit=True):
        # Save the provided password in hashed format
        user = super(MyForm, self).save(commit=False)
        user.set_password(self.cleaned_data["password"])
        if commit:
            user.save()
        return user
like image 26
catherine Avatar answered Sep 26 '22 05:09

catherine