django authenticate() pour le modèle utilisateur personnalisé

Question

Voici mon modèle d'utilisateur personnalisé:

class CUserManager(BaseUserManager): 

     def _create_user(self, email, first_name, password, 
         is_staff, is_superuser, **extra_fields): 
      """ 
     Creates and saves a User with the given email and password. 
     """ 
     now = timezone.now() 
     if not email: 
      raise ValueError('The given email must be set') 
     email = self.normalize_email(email) 
     user = self.model(email=email, 
          first_name = first_name, 
          is_staff=is_staff, is_active=False, 
          is_superuser=is_superuser, last_login=now, 
          date_joined=now, **extra_fields) 
     user.set_password(password) 
     user.save(using=self._db) 
     return user 

    def create_user(self, email, first_name, password=None, **extra_fields): 
     return self._create_user(email, first_name, password, False, False, 
           **extra_fields) 

    def create_superuser(self, email, first_name, password, **extra_fields): 
     return self._create_user(email, first_name, password, True, True, 
           **extra_fields) 


class CUser(AbstractBaseUser, PermissionsMixin): 
    email = models.EmailField(_('email address'), max_length=254, unique=True) 
    first_name = models.CharField(_('first name'), max_length=30) 
    last_name = models.CharField(_('last name'), max_length=30, blank=True) 
    is_staff = models.BooleanField(_('staff status'), default=False, 
     help_text=_('Designates whether the user can log into this admin ' 
        'site.')) 
    is_active = models.BooleanField(_('active'), default=False, 
     help_text=_('Designates whether this user should be treated as ' 
        'active. Unselect this instead of deleting accounts.')) 
    date_joined = models.DateTimeField(_('date joined'), default=timezone.now) 
    last_updated = models.DateTimeField(_('last updated'), default=timezone.now) 

    objects = CUserManager() 

    USERNAME_FIELD = 'email' 
    REQUIRED_FIELDS = ['first_name', 'last_name'] 

Il crée un nouvel utilisateur correctement. Mais lorsque j'essaie d'authentifier l'utilisateur à partir du shell ou des vues, la fonction authenticate() ne fonctionne pas pour les utilisateurs ayant is_active=False.

>>> from django.contrib.auth import get_user_model, auhtenticate 
>>> u = get_user_model() 
>>> authenticate(username='abc@gmail.com', password='abc) 

La ligne ci-dessus ne renvoie rien si l'utilisateur est inactif mais renvoie l'objet utilisateur dans le cas contraire. Je ne comprends pas pourquoi il ne retourne rien pour les utilisateurs inactifs.

Answer 1

Cela se produit en raison du fonctionnement de l'authentification de django. By default utilise ModelBackend qui vérifie is_activehttps://docs.djangoproject.com/en/1.10/ref/contrib/auth/#django.contrib.auth.backends.ModelBackend.get_user_permissions

Vous pouvez créer backend d'authentification personnalisée qui ignorera cette option https://docs.djangoproject.com/en/1.10/topics/auth/customizing/#writing-an-authentication-backend

Answer 2

Salut Vous pouvez écrire backend personnalisé pour ce problème.

from django.contrib.auth.models import check_password 
from django.contrib.auth.models import User 

from apps.staffs.models import Staff(Custom User) 


class StaffBackend: 

    # Create an authentication method 
    # This is called by the standard Django login procedure 
    def authenticate(self, username=None, password=None): 

     try: 
      # Try to find a user matching your username 
      user = Staff.objects.get(username=username) 

      # Check the password is the reverse of the username 
      if check_password(password, user.password): 
       # Yes? return the Django user object 
       return user 
      else: 
       # No? return None - triggers default login failed 
       return None 
     except Staff.DoesNotExist: 
      # No user was found, return None - triggers default login failed 
      return None 

    # Required for your backend to work properly - unchanged in most scenarios 
    def get_user(self, user_id): 
     try: 
      return Staff.objects.get(pk=user_id) 
     except Staff.DoesNotExist: 
      return None