开发者

Email as username in Django

Okay, this one is pretty obvious to everyone who use Django and frequently asked by new开发者_如何学Pythonbies, but I'd like to make it clear and discuss if there are any other ways to do it. The most widespread and convenient approach now is to store email in username field as Django 1.2 allows "@", "_" and "-" characters, but this way has following issues:

  1. The worst one: username field is restricted by max_length=30 property, which is ridiculously small for emails. Even if you override form validation, DB will have varchar(30) instead of EmailField's varchar(75) unless you alter your table manually.
  2. You need to store your email data both in username and email field to make User.email_user() working. I think there are some other places when User.email is used.
  3. Code readability fail. Sure, other djangonauts know about this pitfall, but treating field called 'username' (especially when there is still email field) as email obviously makes your code less understandable.

The other approach could be authentication using email field by passing it to your auth backend like so, but it still has problems:

authenticate(self, email=None, password=None)
  1. User.email doesn't have unique=True property, which means that your DB won't have index, making your lookups by email slow like hell.
  2. You have to deal with username field, which has unique=True, by completely removing it from your table or altering it to allow NULL and removing index.

Resuming, both ways are evil and require DB-specific code to be executed after syncdb, which is unacceptable if you need DB-independent application.


I've packaged up django-email-as-username which should pretty much do everything you need if you're looking to remove usernames, and only use emails.

The brief overview is:

  1. Provides an email auth backend and helper functions for creating users.
  2. Patches the Django admin to handle email based user authentication.
  3. Overides the createsuperuser command to create users with email only.
  4. Treats email authentication as case-insensitive.

Under the hood usernames are hashed versions of the emails, which ends up meaning we're not limited to the Django's username 30 char limit (Just the regular email 75 char limit.)

Edit: As of Django 1.5, you should look into using a custom User model instead of the 'django-email-as-username' package.


David Cramer came up with a solution to this problem that I love. I'm currently using it on a production site where the user has to be able to log in using their email OR their username. You can find it here:

Logging In With Email Addresses in Django

If the login name provided on the form is an email (contains the '@' symbol), it will attempt to authenticate with that, and will fall back on the username if it isn't an email. (Naturally, you just need to make sure your registration form captures an email for this work.)


Well, I haven't had to use emails as usernames in Django but I guess You could create a UserProfile model and aggregate fields to it, like another email field and make it unique. So you could do user.get_profile().email for your authentication.

I guess other way to go would be to inherit User and redefine the fields, but I think this still not recommended by Django developers.

Finally you could define your own custom User model and back on the django.contrib.auth.models.User for some logic.

Code to alter User table within Django:

 from django.db import connection
 cursor = connection.cursor()
 cursor.execute("ALTER TABLE auth_user MODIFY COLUMN username varchar(75) NOT NULL")
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜