Skip to content Skip to sidebar Skip to footer

Usercreateform Bypassing Usermanager, Regular Users Created Through Usercreateform Can Authenticate But Superuser Created In Shell Can Not?

I have a custom user model and a user manager defined as follows: /accounts/models.py from django.contrib.auth.models import ( AbstractBaseUser, BaseUserManager, Permis

Solution 1:

Problem solved.

In

defcreate_superuser(self, email, first_name, last_name, password):
    user = self.create_user(
        email,
        first_name,
        last_name,
        password
    )

I was forgetting to set password=password,. From looking at the password field in the database, it seems this was also resulting in (as close as I can tell) bypassing <algorithm>$<iterations>$<salt> (per the Django docs https://docs.djangoproject.com/en/1.10/topics/auth/passwords/) though the password was still being hashed in some way (not being stored in plain text) the password field for superusers was considerably shorter than the password field for normal users. Whatever it was doing, it was not storing the actual password and was giving me an invalid username/password when attempting to log in with a superuser account.

So the proper way is

defcreate_superuser(self, email, first_name, last_name, password):
    user = self.create_user(
        email,
        first_name,
        last_name,
        password=password,
    )

I still don't understand why created_username is being bypassed in the UserManager when saving a user from the AuthenticationForm but I found a workaround by adding the same while statement to the view. At least all is functional now. I'm still interested to learn if anybody has further insight into this matter.

Post a Comment for "Usercreateform Bypassing Usermanager, Regular Users Created Through Usercreateform Can Authenticate But Superuser Created In Shell Can Not?"