When Django 1.5 was released, arguably the most exciting feature was the ability to have your own custom User model. All of the programmers here at Fusionbox were psyched for the cool things we were going to do with our custom User models.
Until we realized how much work it takes.
The 95% use case for having a custom User model is to use email as username. Implementing the required fields and methods for authentication and making it all work with the admin site almost doesn’t seem worth it for just that.
Also, we had disagreements over how to use the custom User model—whether to treat it as simply for authentication and authorization like Gavin argued in his blog post or if ditching the profile model for a much simpler and easier customized User model was the way to go.
Finally, when using a different User model in each of your projects, it could get cumbersome to get security updates out to each of them. If a new vulnerability is found and you have 100 trillion different implementations of auth, well, that’s a frightening scenario to say the least.
With all of these things combined, it makes something of a disincentive for using the exciting custom User model feature in our projects.
Introducing django-authtools
django-authtools is an app we wrote to make using the custom User model feature awesome. For the simple case, django-authtools provides the email as username User model that we’ve always wanted, but it’s much more than that.
Four short steps separate you from getting the email-as-username goodness.
$ pip install django-authtools
- Add
'authtools'
to yourINSTALLED_APPS
. - Set
AUTH_USER_MODEL = 'authtools.User'
in your settings.py. - Add
url(r'^accounts/', include('authtools.urls'))
to your URL conf.
That’s all you need to get an admin class, auth views, and an auth model in your project.
That being said, django-authtools is not just a custom User model. It provides abstract User models that implement the required auth and admin APIs so that you can make your own custom User without having to think about those.
One of the best features that django-authtools provides is the views. We wrote all of the auth views as classed-based views so that they gain all the modernity and extensibility of class-based views and they are User model agnostic, so they work with any User model. To ensure that they work correctly, we tested all of our views using Django’s own test cases.
Normally when you make your own User model, you would have to make your own Form classes that work with them. django-authtools has forms that work out of the box with any User model.
Where can I get it?
django-authtools is available for download on PyPI. The development for django-authtools happens on GitHub, pull requests are welcome. Get started with the documentation here.
Learn more about Fusionbox, a python development company