Trouble adding users through admin site

[Dylan Moreland]

Hello!

I've created a Django app for my company to track employee infractions (missed punch, late to a shift, etc.), but I'm at a roadblock in terms of adding users. Currently, the only way I can add users is through the command line. I'd much rather be able to add users through the django.contrib.admin site. However, I've found that if I input a password there, it treats is as the value to enter into the database (post hashing/salting/etc.) rather than raw text. This obviously does not work.

I'm using an AbstractUser model called Employee to represent users instead of the default User model. This is just so I have the option of customizing my model down the road if need be without having to deal with broken ForeignKey relationships.

If this were on the frontend, I would write a view that would take the raw password and send it through set_password(), and that would be the end of it. But I'm not sure how to do that with the admin site.

Models.py:

from django.db import models
from django.contrib.auth.models import AbstractUser

# Create your models here.
class Employee(AbstractUser):
 def __str__(self):
 return self.first_name

class InfractionType(models.Model):
 description = models.CharField(max_length=30)

 def __str__(self):
 return self.description


class Infraction(models.Model):
 timestamp = models.DateTimeField()
 employee = models.ForeignKey(Employee, on_delete=models.CASCADE)
 type = models.ForeignKey(InfractionType, on_delete=models.CASCADE)
 has_comment = models.BooleanField(default=False)
 description = models.CharField(max_length=200)

 def __str__(self):
 return str(self.employee) + ": " + self.description

Admin.py:

from django.contrib import admin

# Register your models here.
from .models import Employee, InfractionType, Infraction

class InfractionInline(admin.TabularInline):
 model = Infraction
 extra = 0

class EmployeeAdmin(admin.ModelAdmin):
 fieldsets = [
 ('Authentication and Metadata', {'fields': ['username', 'first_name', 'last_name', 'email', 'groups', 'is_staff', 'is_active'], 'classes': ['collapse']}),

 ]
 inlines = [InfractionInline]

 # Prevent users from getting deleted (should be made inactive instead)
 def has_delete_permission(self, request, obj=None):
 return False

admin.site.register(Employee, EmployeeAdmin)
admin.site.register(InfractionType)

What I see on the admin site:

Thanks for your help!

[Daniel Germano Travieso]

Hello Dylan

You will never see a user password as a raw text on django (only maybe if you intercept the request the user creation form sent to the django view that handles the creation)

User passwords are stored as their appropriate hash, and you can just use the add user admin page to add a new user to your project (setting first it's username and password and then the other settings).

Also, if you are using a custom User model that inherits AbstractUser, you need to set it's UserAdmin (from django.contrib.auth.admin) via the admin.py 

You also need the setting AUTH_USER_MODEL to point to your custom User and do this before creating or running any migrations or migrating

Check out the official docs [0] on the matter to learn more!

Also on an important note:

User passwords are not displayed in the admin (nor stored in the database), but the password storage details are displayed. Included in the display of this information is a link to a password change form that allows admins to change user passwords [1]

[0] https://docs.djangoproject.com/en/2.0/topics/auth/customizing/#using-a-custom-user-model-when-starting-a-project

[1] https://djangobook.com/managing-users-admin/

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/974890d1-9492-45a1-b3d9-6ba09558cbd0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Dylan Moreland]

Ah, perfect! I was inheriting from django.contrib.admin.ModelAdmin instead of django.contrib.auth.admin.UserAdmin. That worked. Thanks so much!

Dylan Moreland
Industrial Engineering Student
California Polytechnic State University, San Luis Obispo

You received this message because you are subscribed to a topic in the Google Groups "Django users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/django-users/DE_qeCOx2sc/unsubscribe.
To unsubscribe from this group and all its topics, send an email to django-users...@googlegroups.com.

To post to this group, send email to django...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.

To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CABF8kZMX4vHxv8%2B9Fq-riomMca%2Boxbw9KK%3DbJquddtMguAKtzg%40mail.gmail.com.