Omitting password field for custom django user model

2
votes

I want to have my own custom Django user model with only the

email id,first_name, last_name and date_joined

fields.I don't want to have a password column since the authentication happens via Microsoft SAML and hence I don't need to store any passwords.My user model is as follows:

from __future__ import unicode_literals
from django.db import models
from django.contrib.auth.models import PermissionsMixin, 
                                       BaseUserManager, AbstractBaseUser
from django.utils.translation import ugettext_lazy as _


class UserManager(BaseUserManager):
    def _create_user(self, email, **extra_fields):
        if not email:
            raise ValueError('The Email must be set')
        email = self.normalize_email(email)
        user = self.model(email=email, extra_fields)
        user.save()

        return user

    def create_superuser(self, email, **extra_fields):
        extra_fields.setdefault('is_staff', True)
        extra_fields.setdefault('is_superuser', True)
        extra_fields.setdefault('is_active', True)

        if extra_fields.get('is_staff') is not True:
            raise ValueError('Superuser must have is_staff=True.')
        if extra_fields.get('is_superuser') is not True:
            raise ValueError('Superuser must have is_superuser=True.')
        return self._create_user(email, **extra_fields)


class User(AbstractBaseUser, PermissionsMixin):
    email = models.EmailField(_('email address'), unique=True)
    first_name = models.CharField(_('first name'), max_length=30, blank=True)
    last_name = models.CharField(_('last name'), max_length=30, blank=True)
    date_joined = models.DateTimeField(_('date joined'), auto_now_add=True)

    objects = UserManager()

    USERNAME_FIELD = 'email'
    REQUIRED_FIELDS = ['first_name', 'last_name']

    class Meta:
        verbose_name = _('user')
        verbose_name_plural = _('users')

    def get_full_name(self):
        full_name = f'{self.first_name} {self.last_name}'
        return full_name.strip()

However, when i run the migrations, I can see the password field also in the user table.What am i doing wrong ?

2
pythondjango
AbstractBaseUser has a password field. If you don't override it, it will be included as a field in your model. Just setting password = None might do the trick. But @kamalSingh's answer is probably the intended way to do this since it explicitly mentions external authentication systems.dirkgroten

2 Answers

6
votes

I can't comment so replying as an answer but you can use 'set_unusable_password' to get over the password field.

https://docs.djangoproject.com/en/2.0/ref/contrib/auth/#django.contrib.auth.models.User.set_unusable_password

Like this:

class UserManager(BaseUserManager):
    def _create_user(self, email, **extra_fields):
        if not email:
            raise ValueError('The Email must be set')
        email = self.normalize_email(email)
        user = self.model(email=email, extra_fields)
        user.set_unusable_password()
        user.save()

        return user
1
votes

This is a hack. You can delete this field ('password', models.CharField(max_length=128, verbose_name='password')), from the migrations file. However, this is not scalable.