Custom user model password is not hashed

[Benjamin Smith]

I have my own custom User model, and its own Manger too.

Models:

class MyUser(AbstractBaseUser, PermissionsMixin):

    email = models.EmailField(max_length=255, unique=True)

    first_name = models.CharField(max_length=35)

    last_name = models.CharField(max_length=35)

    username = models.CharField(max_length=70, unique=True)

    date_of_birth = models.DateField()

    is_active = models.BooleanField(default=True)

    is_admin = models.BooleanField(default=False)

    @property

    def is_staff(self):

        return self.is_admin

    def get_full_name(self):

        return ('%s %s') % (self.first_name, self.last_name)

    def get_short_name(self):

        return self.username

    objects = MyUserManager()

    USERNAME_FIELD = 'email'

    REQUIRED_FIELDS = ['first_name', 'last_name', 'username', 'date_of_birth']

Manager:

class MyUserManager(BaseUserManager):

    def create_user(self, email, first_name, last_name, username, date_of_birth, password=None, **kwargs):

        if not email:

            raise ValueError('User must have an email address')

        user = self.model(

            email=self.normalize_email(email),

            first_name=first_name,

            last_name=last_name,

            username=username,

            date_of_birth=date_of_birth,

            **kwargs

        )

        user.set_password(self.cleaned_data["password"])

        user.save(using=self._db)

        return user

    def create_superuser(self, email, first_name, last_name, username, date_of_birth, password, **kwargs):

        user = self.create_user(

            email,

            first_name=first_name,

            last_name=last_name,

            username=username,

            date_of_birth=date_of_birth,

            password=password,

            is_superuser=True,

            **kwargs

        )

        user.is_admin = True

        user.save(using=self._db)

        return user

Everything works when creating a new user without any errors. But when I try to login I can't. So I checked the user's email and password to confirm. Then I noticed that the password is displayed as plain text (eg. strongpassword), and when changed the admin form to get the hashed password using ReadOnlyPasswordHashField() I get an error inside the password field, even though I used set_password() for the Manger inside the create_user() function.

Invalid password format or unknown hashing algorithm

However, if I manually do set_password('strongpassword') for that user inside the console, then only the password is hashed. Could you please help me solve this problem. Thank you.

[aRkadeFR]

Hello,

I don't quite get the code in your method: 'MyUserManager.create_user':

        user.set_password(self.cleaned_data["password"])

You're in your Manager method but call self.cleaned_data ?

You can set a breakpoint inside your method with pdb to see
what's going on with your fields?

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAM4YLWJNGdSj-rVAuhta_UA50Cjna8zg-c14FPxK%3DtdU49mngQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

-- 
aRkadeFR

[Thorsten Sanders]

If you wanna set the password yourself you need to generate it:

https://docs.djangoproject.com/en/1.8/topics/auth/passwords/

scroll down to the bottom and have a lookt at make_password

[Andreas Kuhne]

As aRkadeFR says, you seam to have mixed code there....

The row:

user.set_password(self.cleaned_data["password"])

is taken from a form somewhere and won't work. It should instead be :

user.set_password(password)

I suppose the password is going through to the create method via the kwargs argument at the end of you create method. But if you change like I said, everything should work.

Med vänliga hälsningar,

Andréas Kühne

Software Development Manager

Suitopia Scandinavia AB

To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/5644AE3A.5050609%40arkade.info.

[Benjamin Smith]

I have changed user.set_password(self.cleaned_data["password"]) to user.set_password(password). But I am getting the same result.

To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CALXYUb%3D-V1fqJLJSbUaPUWaYX6srAf9s0qnZ0ZrTZOv9757o2w%40mail.gmail.com.

[Andreas Kuhne]

Try to debug and check what your password value is after the set_password() statement.  Also have you checked the database after trying to create a user with the new method? It should be hashed in the database. This is stuff that should "just work" in django (it's regulated by the AbstractBaseUser and is the same that I am using in a project).

You did restart the django shell after changing the code?

To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAM4YLWJ3tgcBSe_VcH6T6t4UbbA4EqTB0R0TueL2BjidZow7xg%40mail.gmail.com.

[Benjamin Smith]

The problem was, when creating a custom user, one has to define a custom model form and model admin that handles the password properly. After that it was solved.

Thank you.

To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CALXYUbksz%3DUN60j-pt0YbfCq_Zb2x1ESnOoZjbQW6K%2BssNxKVQ%40mail.gmail.com.

[Tejas Agrawal]

Hey Benjamin, can you please share your github repo for the same code. I'm also getting the same error in one of my project, can't figure out how to solve it.

[Sage]

Hey Ben, please help with the repo for the same code. I'm getting same error here.

[Roger Mukai]

@Tejas or @Sebs, do you still have a question how to do this? I think I figured it out

[James]

Yup, 100% correct. Glad to hear you fixed it. Custom user models that inherit from the abstractbaseuser class can be a little tricky at first.

[Namanya Daniel]

Did you try make_password before saving data from registration form ? 

To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/8e7272bd-ef57-4817-9ceb-3956e0f7915bn%40googlegroups.com.