With most tutorials, I see people use either email or username. I want to have both fields but using only the email to authenticate users with Django-rest-auth, as the email will be verified and is very important. but the username also has its importance in my app.
models.py
class UserManager(BaseUserManager):
def _create_user(self, email, fullname, password, is_staff, is_superuser, **extra_fields):
if not email:
raise ValueError('Users must have an email address')
now = timezone.now()
email = self.normalize_email(email)
fullname = fullname
user = self.model(
email=email,
fullname=fullname,
is_staff=is_staff,
is_active=True,
is_superuser=is_superuser,
last_login=now,
date_joined=now,
**extra_fields
)
user.set_password(password)
user.save(using=self._db)
return user
def create_user(self, email, fullname, password, **extra_fields):
return self._create_user(email, fullname, password, False, False, **extra_fields)
def create_superuser(self, email, fullname, password, **extra_fields):
user=self._create_user(email, fullname, password, True, True, **extra_fields)
user.save(using=self._db)
return user
class User(AbstractBaseUser, PermissionsMixin):
username = None
email = models.EmailField(max_length=254, unique=True)
fullname = models.CharField(max_length=250)
is_staff = models.BooleanField(default=False)
is_superuser = models.BooleanField(default=False)
is_active = models.BooleanField(default=True)
last_login = models.DateTimeField(null=True, blank=True)
date_joined = models.DateTimeField(auto_now_add=True)
USERNAME_FIELD = 'email'
REQUIRED_FIELDS = ['fullname']
objects = UserManager()
def __str__(self):
return self.email
serializers.py
class CustomRegisterSerializer(RegisterSerializer):
'''
a custom serializer that overides the default rest-auth, and for
the user to register himself
'''
username = None
email = serializers.EmailField(required=True)
password1 = serializers.CharField(write_only=True)
fullname = serializers.CharField(required=True)
def get_cleaned_data(self):
super(CustomRegisterSerializer, self).get_cleaned_data()
return {
'password1': self.validated_data.get('password1', ''),
'email': self.validated_data.get('email', ''),
'fullname': self.validated_data.get('fullname', ''),
}
Note: I am using Django rest auth to authenticate users
You can use your own Authentication backend class from ModelBackend and override authenticate function.
from django.contrib.auth.backends import ModelBackend
from django.db.models import Q
from django.contrib.auth import get_user_model
class EmailAndUsernameBackend(ModelBackend):
def authenticate(self, request, username=None, password=None, **kwargs):
UserModel = get_user_model()
if username is None:
username = kwargs.get(UserModel.USERNAME_FIELD)
try:
user = UserModel.objects.get(Q(email=username) | Q(username=username))
except UserModel.DoesNotExist:
UserModel().set_password(password)
else:
if user.check_password(password) and self.user_can_authenticate(user):
return user
And you should add (or replace with django.contrib.auth.backends.ModelBackend) to AUTHENTICATION_BACKENDS in settings.py
For example:
AUTHENTICATION_BACKENDS = [
...
'users.backends.EmailBackend',
]
Note: If you have another authentication backends, like OAuth or Social login, you should add your backend to end of list.