Authentication by email+pass

3 views
Skip to first unread message

spacedman

unread,
May 24, 2006, 9:08:21 AM5/24/06
to Django users
I dont want my users to have to bother with a username. I want them to
authenticate with their email as their username. But django wont allow
valid @ signs (and other stuff) in a username. I could patch that but
that could bite me badly. So I found a better way.

First I create a manipulator:

from django.contrib.auth.forms import AuthenticationForm
class LoginManipulator(AuthenticationForm):

and override the __init__ and isValidUser methods. The __init__
method replaces the username field with an EmailField with name
'email'. Its just a cut n paste and replace job from django's code.
Then the 'isValidUser' validator looks like this:

def isValidUser(self, field_data, all_data):
"""
This is a modification of the AuthenticationForm validator that
uses
the email rather than the username
"""
try:
self.user_cache = User.objects.get(email=field_data)
except User.DoesNotExist:
raise validators.ValidationError, _("Please enter a correct
email and password. Note that both fields are case-sensitive.")

The only difference being the User.objects.get() line which gets the
User record by email rather than username.

Then your login template form has this in it:

<tr><td><label for="id_email">Email:</label></td><td>{{
form.email}}</td></tr>

along with the password field. All seems to work nicely.

Possible problems occur if email isnt unique in the User table. We'll
be enforcing that at registration time, and I guess we can put that in
the database conditions too.

Anyone think of any other things that could go horribly wrong?

Barry

Rudolph

unread,
May 25, 2006, 2:51:12 AM5/25/06
to Django users
Hi,

One of my customers also wants this. One thing I thought of is making
the e-mailadress case insensitive; only storing lowercase e-mailaddress
and lowercase the user input address when loggin in. Another thing when
not really using the username field is to fill it with an as long as
possible random value (substring of SHA of e-mailadress for example).

Rudolph

spacedman

unread,
May 25, 2006, 3:21:43 AM5/25/06
to Django users
This is to avoid duplicate usernames? My idea is to call them all
userXXX where XXX is the id value (the primary key in the User table).

Another thought that came to me yesterday was whether there are any
issues if a user wants to change his or her email address. I don't
think it causes any problems - foreign keys into the User table are
using the primary key id so thats not a problem.

B

Jan Claeys

unread,
May 25, 2006, 11:12:01 PM5/25/06
to django...@googlegroups.com
Op wo, 24-05-2006 te 23:51 -0700, schreef Rudolph:

> One of my customers also wants this. One thing I thought of is making
> the e-mailadress case insensitive; only storing lowercase e-mailaddress
> and lowercase the user input address when loggin in.

Remember that the part to the left of the "@" in an e-mail address is
not defined in the RFCs to be case-insensitive (even if every mail
server I know treats it as case-insensitive, there might be exceptions).


--
Jan Claeys

Reply all
Reply to author
Forward
0 new messages