Re: [Django] #36225: USERNAME_FIELD must be unique in order to use createsuperuser command

[Django]

#36225: USERNAME_FIELD must be unique in order to use createsuperuser command
-------------------------------------+-------------------------------------
Reporter: Jonas Dittrich | Owner: Spencer
Type: | Barriball
Cleanup/optimization | Status: assigned
Component: contrib.auth | Version: 5.1
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Spencer Barriball):

* owner: (none) => Spencer Barriball
* status: new => assigned

--
Ticket URL: <https://code.djangoproject.com/ticket/36225#comment:4>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

[Django]

#36225: USERNAME_FIELD must be unique in order to use createsuperuser command
-------------------------------------+-------------------------------------
Reporter: Jonas Dittrich | Owner: Spencer
Type: | Barriball
Cleanup/optimization | Status: assigned
Component: contrib.auth | Version: 5.1
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------

Comment (by Simon Charette):

Spencer, it's great that you're interested on working on this ticket but
it was accepted on the basis that the documentation stating that the
documentation must be adjusted not that the `create_superuser` command
should be adjusted.
--
Ticket URL: <https://code.djangoproject.com/ticket/36225#comment:5>

[Django]

#36225: USERNAME_FIELD must be unique in order to use createsuperuser command
-------------------------------------+-------------------------------------
Reporter: Jonas Dittrich | Owner: Spencer
Type: | Barriball
Cleanup/optimization | Status: assigned
Component: contrib.auth | Version: 5.1
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------

Comment (by Spencer Barriball):

Thanks for the clarification, Simon. I initially interpreted the ticket as
a code adjustment rather than just a documentation update. Since it's a
documentation tweak, would you like me to update the relevant part of the
USERNAME_FIELD docs and submit a PR for that instead?

On a side note, at least I got everything up and running to be able to
contribute code in the future!
--
Ticket URL: <https://code.djangoproject.com/ticket/36225#comment:6>

[Django]

#36225: USERNAME_FIELD must be unique in order to use createsuperuser command
-------------------------------------+-------------------------------------
Reporter: Jonas Dittrich | Owner:

Type: | Abderrahmane MELEK

Cleanup/optimization | Status: assigned
Component: contrib.auth | Version: 5.1
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted

Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------

Changes (by Abderrahmane MELEK):

* has_patch: 0 => 1
* owner: Spencer Barriball => Abderrahmane MELEK

--
Ticket URL: <https://code.djangoproject.com/ticket/36225#comment:7>

[Django]

#36225: USERNAME_FIELD must be unique in order to use createsuperuser command
-------------------------------------+-------------------------------------
Reporter: Jonas Dittrich | Owner:
Type: | Abderrahmane MELEK
Cleanup/optimization | Status: assigned
Component: contrib.auth | Version: 5.1
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------

Comment (by Jacob Walls):

The plan from comment:3 to tweak the docs gives me pause, since this use
case was explicitly
[https://github.com/django/django/blob/4e7a991c12a113229e0927974d3bf94ea04eecf6/tests/auth_tests/models/invalid_models.py#L5
tested] and added in #24910.

From my reading of the forum post, the two sharp edges that came up for
the implementer were:
- reimplementing `AbstractBaseUser` from scratch to avoid having to `del
AbstractBaseUser.natural_key` to support serialization
- createsuperuser's username validation not being aware of `null=True,
distinct=True` username fields

We could tweak the docs instead to explain that `natural_key` must be
overridden on the model. The use case for nullable usernames and the
attendant weirdness around having to override `get_by_natural_key` on the
manager doesn't seem worth documenting to me: it could just be implicit
from the advice to "override".
--
Ticket URL: <https://code.djangoproject.com/ticket/36225#comment:8>

[Django]

#36225: USERNAME_FIELD must be unique in order to use createsuperuser command
-------------------------------------+-------------------------------------
Reporter: Jonas Dittrich | Owner:
Type: | Abderrahmane MELEK
Cleanup/optimization | Status: assigned
Component: contrib.auth | Version: 5.1
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 1

Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------

Changes (by Jacob Walls):

* needs_better_patch: 0 => 1

--
Ticket URL: <https://code.djangoproject.com/ticket/36225#comment:9>

[Django]

#36225: USERNAME_FIELD must be unique in order to use createsuperuser command
-------------------------------------+-------------------------------------
Reporter: Jonas Dittrich | Owner:
Type: | Abderrahmane MELEK
Cleanup/optimization | Status: assigned
Component: contrib.auth | Version: 5.1
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 1
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------

Comment (by Sarah Boyce):

Rereading the forum post and other related ticket #35729, I agree my
initial understanding of the issue was wrong

It appears that there was a custom user which inherited `AbstractBaseUser`
with a non-unique `USERNAME` field (which we have a test for running
`createsuperuser`).
This had an issue loading fixtures created with
`use_natural_foreign_keys=True`, `use_natural_primary_keys=True` (see
#35729).
I can see how this would be problematic. If we add a model
{{{
class UserProfile(models.Model):
user = models.ForeignKey(CustomUserNonUniqueUsername,
on_delete=models.CASCADE)
}}}
An example serialized data for `UserProfile` and `AbstractBaseUser` gives
roughly:
{{{
[
{
"model": "auth_tests.customusernonuniqueusername",
"fields": {"password": "md5$***", "last_login": null, "username":
"joe", "email": "j...@somewhere.org", "is_staff": true, "is_superuser":
true}
},
{
"model": "auth_tests.customusernonuniqueusername",
"fields": {"password": "md5$***", "last_login": null, "username":
"joe", "email": "j...@somewhere.org", "is_staff": true, "is_superuser":
true}
},
{
"model": "auth_tests.userprofile",
"pk": 1,
"fields": {"user": ["joe"]}
}
]
}}}
`"joe"` is not a unique identifier for the `CustomUserNonUniqueUsername`
and updating this to be `pk` is still problematic as `pk` is omitted from
the serialization due to `natural_key()` being defined. So getting errors
loading this data is not surprising

Then, the advise was to not inherit `AbstractBaseUser`. The problem with
this advice is there is no docs to support how to make a valid custom user
without doing this and other hiccups happened. Specifically,
`createsuperuser` assumes a `get_by_natural_key` implementation, which
given the previous ticket, was wanted to be avoided.

Personally I am tempted to close this ticket and reopen #35729 as a bug
--
Ticket URL: <https://code.djangoproject.com/ticket/36225#comment:10>