Upgrade to Pro — share decks privately, control downloads, hide ads and more …

DjangoConUS 2024 - Django User Model: Past, Pre...

William S. Vincent
October 01, 2024
Technology
0
2

DjangoConUS 2024 - Django User Model: Past, Present, and Future

Django's default User model is now 20 years old and, in the words of former Django Fellow Carlton Gibson, a "leaky battery." This talk examines the historical basis for User and past efforts to update or replace it. It evaluates current best practices, including custom user models and third-party packages, that support modern user authentication patterns. And it looks forward to future updates to User that support Django's goal of advancing the state of the art in web development.

William S. Vincent

October 01, 2024
Tweet

More Decks by William S. Vincent

See All by William S. Vincent
DjangoCon Europe 2025 Keynote - Django for Data Science
wsvincent
0
250
Django for Data Science (Boston Python Meetup, March 2025)
wsvincent
0
420
DjangoCon US 2022 - Solving the Django Jigsaw Puzzle
wsvincent
0
0
DjangoCon US 2019 - Search from the Ground Up
wsvincent
0
410
8 Reasons Why Learning Django is Hard (Django Boston - January 2019)
wsvincent
0
2
DjangoCon US 2018 - Finally Understand User Authentication in Django REST Framework
wsvincent
0
3
Django APIs + React (Django Boston - May 2018)
wsvincent
0
2

Other Decks in Technology

See All in Technology
グループ ポリシー再確認 (2)
murachiakira
0
190
コスト最適重視でAurora PostgreSQLのログ分析基盤を作ってみた #jawsug_tokyo
non97
1
820
10ヶ月かけてstyled-components v4からv5にアップデートした話
uhyo
5
440
OpsJAWS34_CloudTrailLake_for_Organizations
hiashisan
0
210
CodePipelineのアクション統合から学ぶAWS CDKの抽象化技術 / codepipeline-actions-cdk-abstraction
gotok365
5
330
Road to Go Gem #rubykaigi
sue445
0
1k
白金鉱業Meetup_Vol.18_AIエージェント時代のUI/UX設計
brainpadpr
1
250
AIにおけるソフトウェアテスト_ver1.00
fumisuke
1
300
Mastraに入門してみた ~AWS CDKを添えて~
tsukuboshi
0
360
AWSの新機能検証をやる時こそ、Amazon Qでプロンプトエンジニアリングを駆使しよう
duelist2020jp
1
310
テストって楽しい!開発を加速させるテストの魅力 / Testing is Fun! The Fascinating of Testing to Accelerate Development
aiandrox
0
140
Рекомендации с нуля: как мы в Lamoda превратили главную страницу в ключевую точку входа для персонализированного шоппинга. Данил Комаров, Data Scientist, Lamoda Tech
lamodatech
0
850

Featured

See All Featured
Optimizing for Happiness
mojombo
378
70k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
52
2.4k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
331
21k
Bash Introduction
62gerente
611
210k
GraphQLとの向き合い方2022年版
quramy
46
14k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
367
26k
YesSQL, Process and Tooling at Scale
rocio
172
14k
Code Review Best Practice
trishagee
67
18k
Why Our Code Smells
bkeepers
PRO
336
57k
The Cult of Friendly URLs
andyhume
78
6.3k
Designing Experiences People Love
moore
142
24k
Designing for Performance
lara
608
69k

Transcript

  1. LearnDjango.com DjangoCon US 2024 | Will Vincent Django User Model

    Will Vincent DjangoCon US 2024 Past, Present, & Future

  2. LearnDjango.com DjangoCon US 2024 | Will Vincent Will Vincent •

    DSF Board Member, Treasurer (2020-2022) • LearnDjango.com • Books: Django for Beginners/APIs/Professionals • Django Chat podcast • Django News newsletter • Open source: awesome-django, DjangoX

  3. LearnDjango.com DjangoCon US 2024 | Will Vincent Part 1: The

    Past

  4. LearnDjango.com DjangoCon US 2024 | Will Vincent Djangoʼs Origin Story

  5. LearnDjango.com DjangoCon US 2024 | Will Vincent Websites ~ 2003

  6. LearnDjango.com DjangoCon US 2024 | Will Vincent Websites ~ 2004

  7. LearnDjango.com DjangoCon US 2024 | Will Vincent User Model in

    contrib.auth models.User - username* - first_name - last_name - email - password* - groups - user_permissions - is_staff - is_active - is_superuser - last_login - date_joined

  8. LearnDjango.com DjangoCon US 2024 | Will Vincent Authentication (who are

    you?) models.User - username* - first_name - last_name - email - password* - groups - user_permissions - is_staff - is_active - is_superuser - last_login - date_joined

  9. LearnDjango.com DjangoCon US 2024 | Will Vincent Profile Information (about

    the User) models.User - username* - first_name - last_name - email - password* - groups - user_permissions - is_staff - is_active - is_superuser - last_login - date_joined

  10. LearnDjango.com DjangoCon US 2024 | Will Vincent Authorization (what can

    you do?) models.User - username* - first_name - last_name - email - password* - groups - user_permissions - is_staff - is_active - is_superuser - last_login - date_joined

  11. LearnDjango.com DjangoCon US 2024 | Will Vincent How Authentication Works

    1. Hey, Log me in! Here are my credentials... 2. Sure, you’re in the database. Here is a session ID cookie. 3. Every request and response now includes cookie and auth data until the session ends.

  12. LearnDjango.com DjangoCon US 2024 | Will Vincent Batteries included in

    contrib.auth 1. User Model 2. Attributes 3. Methods 4. Manager Methods 5. Permission Model 6. Group Model 7. Login and Logout signals 8. Authentication Backends

  13. LearnDjango.com DjangoCon US 2024 | Will Vincent How to do

    auth

  14. LearnDjango.com DjangoCon US 2024 | Will Vincent INSTALLED_APPS

  15. LearnDjango.com DjangoCon US 2024 | Will Vincent URLS.PY

  16. LearnDjango.com DjangoCon US 2024 | Will Vincent Login Template

  17. LearnDjango.com DjangoCon US 2024 | Will Vincent Django Default Log

    In Page

  18. LearnDjango.com DjangoCon US 2024 | Will Vincent Log Out

  19. LearnDjango.com DjangoCon US 2024 | Will Vincent Django Default Sign

    Up Page

  20. LearnDjango.com DjangoCon US 2024 | Will Vincent

  21. LearnDjango.com DjangoCon US 2024 | Will Vincent 2012 Known Problems

    1. Need to login with email (not username) 2. Associate Profile data with User model 3. First/Last Name is an anti-pattern

  22. LearnDjango.com DjangoCon US 2024 | Will Vincent Improving contrib.auth (2012)

    Solution 1: Superminimal update Solution 2a-2e: AUTH_USER_MODEL setting Solution 3: Leverage App Refactor Solution 4: contrib.newauth Solution 5: Profile-based single user model https://code.djangoproject.com/wiki/ContribAuthImprovements

  23. LearnDjango.com DjangoCon US 2024 | Will Vincent Universal Concerns 1:

    User Contract 2: Separation of authentication from authorization 3: Forms

  24. LearnDjango.com DjangoCon US 2024 | Will Vincent Solution 2a: USER_MODEL

    setting # settings.py INSTALLED_APPS = [ "django.contrib.admin", "django.contrib.auth", "django.contrib.contenttypes", "django.contrib.sessions", "django.contrib.messages", "django.contrib.staticfiles", "accounts", # new ] ... AUTH_USER_MODEL = "accounts.CustomUser" # new

  25. LearnDjango.com DjangoCon US 2024 | Will Vincent Part 2: Present

  26. LearnDjango.com DjangoCon US 2024 | Will Vincent 5 Steps for

    a Custom User Model 1. Update settings.py 2. Create a new CustomUser model 3. Create new UserCreation and UserChangeForm forms 4. Update the admin 5. Migrate the database for the first time

  27. LearnDjango.com DjangoCon US 2024 | Will Vincent 1. Update settings.py

  28. LearnDjango.com DjangoCon US 2024 | Will Vincent 2. CustomUser Model

  29. LearnDjango.com DjangoCon US 2024 | Will Vincent 3. Update Forms

  30. LearnDjango.com DjangoCon US 2024 | Will Vincent 4. Admin

  31. LearnDjango.com DjangoCon US 2024 | Will Vincent 5. Migrate/Migrations

  32. LearnDjango.com DjangoCon US 2024 | Will Vincent User Profile Model

    models.User - username* - first_name - last_name - email - password* - groups - user_permissions - is_staff - is_active - is_superuser - last_login - date_joined # models.py class UserProfile(models.Model): user = models.OneToOneField(User, on_delete=models.CASCADE) bio = models.TextField(max_length=500, blank=True) birth_data = models.DateField(null=True, blank=True) ...

  33. LearnDjango.com DjangoCon US 2024 | Will Vincent Choose Your Own

    Adventure

  34. LearnDjango.com DjangoCon US 2024 | Will Vincent A Leaky Battery?

    “We should push the user model back to being Django’s responsibility and address that leak.” - Carlton Gibson, former Django Fellow

  35. LearnDjango.com DjangoCon US 2024 | Will Vincent Complexity Tax

  36. LearnDjango.com DjangoCon US 2024 | Will Vincent Performance Tax

  37. LearnDjango.com DjangoCon US 2024 | Will Vincent Doesnʼt Solve Initial

    Issues with User

  38. LearnDjango.com DjangoCon US 2024 | Will Vincent Not Sure What

    To Do

  39. LearnDjango.com DjangoCon US 2024 | Will Vincent django-allauth - First

    released in 2010. Very actively maintained. - Configure social authentication via the admin - Email-only options (no username!) - Custom forms that you can change - Nicely formatted templates - My personal favorite. Very widely used.

  40. LearnDjango.com DjangoCon US 2024 | Will Vincent My Current Approach

    1) Custom user model 2) User profile model on `User` 3) Use `django-allauth` 3rd party package Custom user model (empty) + django-allauth = my preference

  41. LearnDjango.com DjangoCon US 2024 | Will Vincent Part 3: Future

  42. LearnDjango.com DjangoCon US 2024 | Will Vincent Solution 5: the

    profile approach https://gist.github.com/jacobian/2245327 # new user model class User(models.Model): identifier = models.CharField(unique=True, db_index=True) password = models.CharField(default="!")

  43. LearnDjango.com DjangoCon US 2024 | Will Vincent Progress

  44. LearnDjango.com DjangoCon US 2024 | Will Vincent Next Steps

  45. LearnDjango.com DjangoCon US 2024 | Will Vincent Questions? Email: [email protected]

    Django Forum Thread: What does the community think to take on Carlton’s take on auth.User?