Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Red User, Blue User, MyUser, auth.User

Russell Keith-Magee
September 04, 2013
Technology
4
1.1k

Red User, Blue User, MyUser, auth.User

An exploration of one of the banner features of Django 1.5 -- Custom User models. Includes worked examples, a discussion of design decisions that must be made, and a look at the internal architecture that makes it all possible.

Russell Keith-Magee

September 04, 2013
Tweet

More Decks by Russell Keith-Magee

See All by Russell Keith-Magee
Python All The Things!
freakboy3742
2
340
Snakes in a browser
freakboy3742
1
120
Making a splash with your open source project
freakboy3742
0
360
Things your parents didn't teach you about sharing your toys
freakboy3742
0
370
A tale of two cellphones: Python on Android and iOS
freakboy3742
0
230
Beyond Web 2.0 - Django and Python in the modern web ecosystem
freakboy3742
0
260
Python on the move: The state of Mobile Python
freakboy3742
0
290
I am a doctor...
freakboy3742
0
140
Professional Yak Coiffure
freakboy3742
0
87

Other Decks in Technology

See All in Technology
エンジニア人生の拡張性を高める 「探索型キャリア設計」の提案
tenshoku_draft
1
130
CysharpのOSS群から見るModern C#の現在地
neuecc
2
3.5k
DynamoDB でスロットリングが発生したとき/when_throttling_occurs_in_dynamodb_short
emiki
0
260
Why App Signing Matters for Your Android Apps - Android Bangkok Conference 2024
akexorcist
0
130
マルチモーダル / AI Agent / LLMOps 3つの技術トレンドで理解するLLMの今後の展望
hirosatogamo
37
12k
Zennのパフォーマンスモニタリングでやっていること
ryosukeigarashi
0
180
安心してください、日本語使えますよ―Ubuntu日本語Remix提供休止に寄せて― 2024-11-17
nobutomurata
1
1k
DynamoDB でスロットリングが発生したとき_大盛りver/when_throttling_occurs_in_dynamodb_long
emiki
1
440
Lambda10周年!Lambdaは何をもたらしたか
smt7174
2
110
Application Development WG Intro at AppDeveloperCon
salaboy
0
200
20241120_JAWS_東京_ランチタイムLT#17_AWS認定全冠の先へ
tsumita
2
300
AIチャットボット開発への生成AI活用
ryomrt
0
170

Featured

See All Featured
Faster Mobile Websites
deanohume
305
30k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
356
29k
Embracing the Ebb and Flow
colly
84
4.5k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
28
9.1k
Fontdeck: Realign not Redesign
paulrobertlloyd
82
5.2k
Six Lessons from altMBA
skipperchong
27
3.5k
Building Applications with DynamoDB
mza
90
6.1k
Stop Working from a Prison Cell
hatefulcrawdad
267
20k
Optimising Largest Contentful Paint
csswizardry
33
2.9k
Docker and Python
trallard
40
3.1k
StorybookのUI Testing Handbookを読んだ
zakiyama
27
5.3k
A better future with KSS
kneath
238
17k

Transcript

  1. Red User, Blue User, MyUser, auth.User Dr Russell Keith-Magee DjangoCon

    US 2013
  2. None
  3. None

  4. Image Source: Amazon.com

  5. Why should we care?

  6. Login using email address

  7. Associating profile data with the User model

  8. What’s in a name?

  9. class User(Model): first_name = CharField(max_length=30) last_name = CharField(max_length=30)

  10. WTF?

  11. ⽑毛泽东 Mao Zedong Image Source: Wikipedia

  12. Yao Ming Image Source: Wikipedia

  13. Björk Guðmundsdóttir Image Source: IMDB

  14. Mahathir bin Mohamad Image Source: Wikipedia

  15. Mohd. Anwar El Sadat Image Source: Wikipedia

  16. Aránzazu Isabel María Sánchez Vicario Image Source: Wikipedia

  17. Ayrton Senna da Silva Image Source: Wikipedia

  18. Stilgherrian Image Source: stilgherrian.com/about; ©2009 Trinn (’Pong) Suwannaph; Used with

    permission

  19. www.w3.org/International/questions/qa-personal-names

  20. class User(Model): first_name = CharField(max_length=30) last_name = CharField(max_length=30)

  21. class User(Model): first_name = CharField(max_length=100) last_name = CharField(max_length=100) NOPE

  22. class User(Model): christian_name = CharField(max_length=10) middle_initial = CharField(max_length=1) last_name =

    CharField(max_length=10)

  23. Names are hard. Lets go shopping.

  24. Do you really need separate fields? Full name

  25. If you do, don’t use first/last name. Family name Other/Given

    names

  26. “How would you like to be addressed?”

  27. Other tips • Don’t assume a single letter is an

    initial • Be wary of name-part algorithms • Spaces, Apostrophes and Hyphens are all legal characters in names • Don’t require a “family name” • “Previous name”, not “Maiden name” • Honorifics even more complex

  28. On the subject of “do you need to ask”...

  29. http://www.tizag.com/phpT/examples/formex.php

  30. Kuzdu and the California Marriage Amendment http://linuxmafia.com/faq/Essays/marriage.html

  31. When it comes to questions of identity: You need to

    think

  32. Do I need to ask at all?

  33. Custom User Models

  34. This is all in the docs.

  35. 1. Define user model • 2 possible abstract base classes:

    • AbstractBaseUser • AbstractUser • Maybe with PermissionsMixin • Define USERNAME_FIELD • Define REQUIRED_FIELDS • Define get_full_name() and get_short_name()

  36. 2. Define your Manager • Need to describe: • How

    to create users • How to create superusers

  37. 3. Define forms • UserCreationForm • UserChangeForm • PasswordResetForm (maybe)

  38. 4. Register with admin • Only need to do this

    if you’re using admin • Subclass contrib.admin.UserAdmin • admin.site.register() • Don’t need to unregister default User

  39. 5. Register model • In settings, define: AUTH_USER_MODEL = ‘myapp.MyUser’

  40. 6. Update Foreign Keys • Before: • ForeignKey(User) • After:

    • ForeignKey(settings.AUTH_USER_MODEL)

  41. Documented Gotchas

  42. USERNAME_FIELD must be unique and not in REQUIRED_FIELDS

  43. Signal registration

  44. What isn’t in the docs?

  45. Reverse lookup naming

  46. Reverse lookup naming class Department(Model): ... class User(AbstractUser): full_name =

    CharField() department = ForeignKey(Department) department = Department.objects.get(...) print department.user_set.all()

  47. Reverse lookup naming class Department(Model): ... class MyUser(AbstractUser): full_name =

    CharField() department = ForeignKey(Department) department = Department.objects.get(...) print department.myuser_set.all()

  48. Reverse lookup naming class Department(Model): ... class MyUser(AbstractUser): full_name =

    CharField() department = ForeignKey(Department, related_name=‘user_set’) department = Department.objects.get(...) print department.user_set.all()

  49. Reverse lookup naming class Department(Model): ... class MyUser(AbstractUser): full_name =

    CharField() department = ForeignKey(Department) department = Department.objects.get(...) attr = “%s_set” % user._meta.object_name print getattr(department,attr).all()

  50. The User Contract

  51. Examples of use

  52. Email based login

  53. Email-based login • Define a user model with • email

    = EmailField(max_length=254) • USERNAME_FIELD = ‘email’ • Define forms, admin, etc • Set AUTH_USER_MODEL

  54. Better yet: Don’t reinvent the wheel!

  55. Ticket #20824

  56. API-based login

  57. Kerberos Single Sign-on

  58. Kerberos Single Sign-on • “username” is your Kereros token: username@domain

    • Define an authentication backend that converts credentials into users

  59. Authentication Backends • On login, you provide a credentials dict

    • Usually, Username and Password • Can be anything • Authentication backend turns credentials into a validated user • Can have multiple authentication backends.

  60. www.roguelynn.com /words/django-custom-user-models/

  61. Profile data

  62. Option 1 class User(AbstractUser): full_name = CharField() birth_date = DateField()

    avatar = FileField()

  63. Option 2: class User(AbstractUser): ... class UserProfile(Model): full_name = CharField()

    user = OneToOneField(User) birth_date = DateField() avatar = FileField()

  64. Option 2: class User(AbstractUser): ... class IdentityProfile(Model): user = OneToOneField(User)

    full_name = CharField() birth_date = DateField() class DisplayProfile(Model): user = OneToOneField(User) avatar = FileField()

  65. Option 3: Hybrid class User(AbstractUser): full_name = CharField() class UserProfile(Model):

    user = OneToOneField(User) birth_date = DateField() avatar = FileField()

  66. So which approach should you use?

  67. It depends.

  68. Broadly: Profiles are better architecture

  69. But: there’s a cost

  70. Where to draw the line for the hybrid models?

  71. One more thing...

  72. How does it all work?

  73. THE FOLLOWING SLIDES WILL SELF DESTRUCT AFTER THIS PRESENTATION

  74. How it works • No internal references to auth.User •

    auth.User has a Meta property: swappable = ‘AUTH_USER_MODEL’ • Defines the name of a setting • Inspected at runtime for the “real” class • generates Meta.swapped • The rest is just validation

  75. ForeignKeys + M2M • No new features in ForeignKey or

    M2M • ForeignKey(‘auth.User’) has always worked • Now, we’re just using a setting • Validation that ForeignKey doesn’t point at a “swapped” model.

  76. The dirty secret: You can make your own models swappable.

  77. None

  78. Questions? http://cecinestpasun.com [email protected] @freakboy3742