Django - Login with Email

Question

I want django to authenticate users via email, not via usernames. One way can be providing email value as username value, but I dont want that. Reason being, I've a url /profile/<username>/, hence I cannot have a url /profile/abcd@gmail.com/.

Another reason being that all emails are unique, but it happen sometimes that the username is already being taken. Hence I'm auto-creating the username as fullName_ID.

How can I just change let Django authenticate with email?

This is how I create a user.

username = `abcd28`
user_email = `abcd@gmail.com`
user = User.objects.create_user(username, user_email, user_pass)

This is how I login.

email = request.POST['email']
password = request.POST['password']
username = User.objects.get(email=email.lower()).username
user = authenticate(username=username, password=password)
login(request, user)

Is there any other of of login apart from getting the username first?

score 144 · Accepted Answer · edited Apr 27 '20 at 18:08

144

You should write a custom authentication backend. Something like this will work:

from django.contrib.auth import get_user_model
from django.contrib.auth.backends import ModelBackend

class EmailBackend(ModelBackend):
    def authenticate(self, request, username=None, password=None, **kwargs):
        UserModel = get_user_model()
        try:
            user = UserModel.objects.get(email=username)
        except UserModel.DoesNotExist:
            return None
        else:
            if user.check_password(password):
                return user
        return None

Then, set that backend as your auth backend in your settings:

AUTHENTICATION_BACKENDS = ['path.to.auth.module.EmailBackend']

Updated. Inherit from ModelBackend as it implements methods like get_user() already.

See docs here: https://docs.djangoproject.com/en/3.0/topics/auth/customizing/#writing-an-authentication-backend

edited Apr 27 '20 at 18:08

Community

1
1

answered May 19 '16 at 19:26

mipadi

398,885
90
523
479

6

Using django 1.9.8 I've got an error: 'EmailBackend' object has no attribute 'get_user'. Solved by adding 'get_user' method according to this http://stackoverflow.com/a/13954358/2647009 – baltasvejas Nov 14 '16 at 09:28
2

Please specify for which Django version this code can work. Some are complaining about the get_user method missing. – Dr. Younes Henni Nov 13 '17 at 19:18
4

Rather than just `if user.check_password(password):` you probably want to include what Django does by default via `ModelBackend`: `if user.check_password(password) and self.user_can_authenticate(user):` in order to check that the user has `is_active=True`. – jmq Jan 20 '18 at 17:54
5

Isn't this vulnerable to a timing attack as it doesn't include the Django mitigation on the source code? – Gabriel Garcia Aug 04 '19 at 19:18
2

Now, the body of a request should contain fields such as a username and a password. Is there any way to change it to an email and a password? – Karol Nov 02 '20 at 21:16
AUTHENTICATE_BACKENDS = ['app.models.EmailBackend'] worked for me – Azhar Uddin Sheikh Jan 24 '22 at 09:01
@GabrielGarcia can You please elaborate I like to know how this is vulnerable – Azhar Uddin Sheikh Jan 24 '22 at 09:14
5

@AzharUddinSheikh It's vulnerable to a timing attack as per my answer; if the user is not found it won't check the password which doesn't run the hashing algorithm which will result in a faster response, so if the attacker gets a response that takes longer than usual means the user exists (as it had to check the password which involves a hash function). My response, which is the way Django implemented on their code (as per my answer), will always hash the password, obfuscating any timing information. – Gabriel Garcia Jan 24 '22 at 09:22
@AzharUddinSheikh I would appreciate the upvote so fewer people Googling that implements vulnerable code. – Gabriel Garcia Jan 24 '22 at 09:24
@GabrielGarcia I am new in software development I don't know how you figure it out but your answer makes a lot of sense – Azhar Uddin Sheikh Jan 24 '22 at 09:27
this is a bad advice. Talking about this line: "user = UserModel.objects.get(email=username)" it's a bad code smell. Regrettably a common one - a dude I took a Udemy course from sheepishly used signals for this similar hack – alexakarpov Jan 26 '22 at 04:28
@alexakarpov: Why? – mipadi Jan 27 '22 at 00:18
sorry if I've offended you - but it appears to be a hack. Emails are emails, and usernames are usernames. We don't confuse them in other places, like frontend here, where emails are processed and cleaned in their own ways... it is possible, and this is where I lack experience, that deep in Django backend login is _only_ implemented with expectation of a 'username', no abstract "principal" concept. In which case I am clearly wrong – alexakarpov Jan 27 '22 at 02:56
I do see that AbstractBaseUser has this line: " USERNAME_FIELD = 'username'", and I know we can add an override in our setting like USERNAME_FIELD = 'email'. Which, if I understand it correctly, is much cleaner (but if I don't, then I owe you my apologies). – alexakarpov Jan 27 '22 at 03:09
@alexakarpov: Many applications use email addresses as usernames nowadays; in fact, it's becoming more and more common to reuse an email address as a username, rather than make users come up with a username (it is become harder and harder to create unique usernames). My Apple ID, Google account, Outlook account, and even Stack Overflow logins are all email addresses rather than a separate username. – mipadi Jan 27 '22 at 23:53
of course mate, this wasn't at all what triggered my initial reaction; not the fact that we're using emails as principals, but the hacky approach proposed – alexakarpov Jan 28 '22 at 05:47
@alexakarpov: Sure, but what is "hacky" about it? – mipadi Jan 28 '22 at 19:04
Is this a safe approach? in terms of security does it create vulnerabilities? (it does work but I worry about the security side) – Jaime38130 Sep 29 '22 at 13:49

score 85 · Answer 2 · edited Feb 04 '20 at 08:30

85

If you’re starting a new project, django highly recommended you to set up a custom user model. (see https://docs.djangoproject.com/en/dev/topics/auth/customizing/#using-a-custom-user-model-when-starting-a-project)

and if you did it, add three lines to your user model:

class MyUser(AbstractUser):
    USERNAME_FIELD = 'email'
    email = models.EmailField(_('email address'), unique=True) # changes email to unique and blank to false
    REQUIRED_FIELDS = [] # removes email from REQUIRED_FIELDS

Then authenticate(email=email, password=password) works, while authenticate(username=username, password=password) stops working.

edited Feb 04 '20 at 08:30

pyjavo

1,598
2
23
41

answered Apr 04 '17 at 13:56

Nicholas

861
6
6

8

When running createsuperuser, this itself throws an error: TypeError: create_superuser() missing 1 required positional argument: 'username'. You need to use custom user manager: `class MyUserManager(BaseUserManager): def create_superuser(self, email, password, **kwargs): user = self.model(email=email, is_staff=True, is_superuser=True, **kwargs) user.set_password(password) user.save() return user` – Michal Holub Jun 20 '17 at 06:55
24

Complete instructions here: https://www.fomfus.com/articles/how-to-use-email-as-username-for-django-authentication-removing-the-username – user2061057 Oct 27 '17 at 12:04
3

Then again, the Django docs [advise against](https://docs.djangoproject.com/en/2.1/topics/auth/customizing/#reusable-apps-and-auth-user-model) using a custom user model if you are creating a *reusable* app. – djvg Jan 09 '19 at 12:58
1

isn't this solution very long – Azhar Uddin Sheikh Jan 24 '22 at 09:22
@AzharUddinSheikh In other solutions, you'll end up with an improper admin section. – Saurabh Mahra May 24 '23 at 13:13

Himanshu Singh · Answer 3 · 2019-12-22T06:25:43.153

Email authentication for Django 3.x

For using email/username and password for authentication instead of the default username and password authentication, we need to override two methods of ModelBackend class: authenticate() and get_user():

The get_user method takes a user_id – which could be a username, database ID or whatever, but has to be unique to your user object – and returns a user object or None. If you have not kept email as a unique key, you will have to take care of multiple result returned for the query_set. In the below code, this has been taken care of by returning the first user from the returned list.

from django.contrib.auth.backends import ModelBackend, UserModel
from django.db.models import Q

class EmailBackend(ModelBackend):
    def authenticate(self, request, username=None, password=None, **kwargs):
        try: #to allow authentication through phone number or any other field, modify the below statement
            user = UserModel.objects.get(Q(username__iexact=username) | Q(email__iexact=username))
        except UserModel.DoesNotExist:
            UserModel().set_password(password)
        except MultipleObjectsReturned:
            return User.objects.filter(email=username).order_by('id').first()
        else:
            if user.check_password(password) and self.user_can_authenticate(user):
                return user

    def get_user(self, user_id):
        try:
            user = UserModel.objects.get(pk=user_id)
        except UserModel.DoesNotExist:
            return None

        return user if self.user_can_authenticate(user) else None

By default, AUTHENTICATION_BACKENDS is set to:

['django.contrib.auth.backends.ModelBackend']

In settings.py file, add following at the bottom to override the default:

AUTHENTICATION_BACKENDS = ('appname.filename.EmailBackend',)

This is great, thanks. I've pretty much completed a project, templates, forms, views, the lot, so starting again isn't that appealing! Now I can authenticate on email address is there any way to remove the username field so it's not included in the authentication and the forms rendered in the templates? — , Dec 18 '20 at 16:39
Why use this instead of `USERNAME_FIELD` variable within the model? — Öykü, Jan 14 '21 at 14:02

bob · Answer 4 · 2021-12-11T02:07:37.543

Django 4.0

There are two main ways you can implement email authentication, taking note of the following:

emails should not be unique on a user model to mitigate misspellings and malicious use.
emails should only be used for authentication if they are verified (as in we have sent a verification email and they have clicked the verify link).
We should only send emails to verified email addresses.

Custom User Model

A custom user model is recommended when starting a new project as changing mid project can be tricky.

We will add an email_verified field to restrict email authentication to users with a verified email address.

# app.models.py
from django.db import models
from django.contrib.auth.models import AbstractUser


class User(AbstractUser):
    email_verified = models.BooleanField(default=False)

We will then create a custom authentication backend that will substitute a given email address for a username.

This backend will work with authentication forms that explicitly set an email field as well as those setting a username field.

# app.backends.py
from django.contrib.auth import get_user_model
from django.contrib.auth.backends import ModelBackend
from django.db.models import Q

UserModel = get_user_model()


class CustomUserModelBackend(ModelBackend):
    def authenticate(self, request, username=None, password=None, **kwargs):
        if username is None:
            username = kwargs.get(UserModel.USERNAME_FIELD, kwargs.get(UserModel.EMAIL_FIELD))
        if username is None or password is None:
            return
        try:
            user = UserModel._default_manager.get(
                Q(username__exact=username) | (Q(email__iexact=username) & Q(email_verified=True))
            )
        except UserModel.DoesNotExist:
            # Run the default password hasher once to reduce the timing
            # difference between an existing and a nonexistent user (#20760).
            UserModel().set_password(password)
        else:
            if user.check_password(password) and self.user_can_authenticate(user):
                return user

We then modify our projects settings.py to use our custom user model and authentication backend.

# project.settings.py

AUTH_USER_MODEL = "app.User"
AUTHENTICATION_BACKENDS = ["app.backends.CustomUserModelBackend"]

Be sure that you run manage.py makemigrations before you migrate and that the first migration contains these settings.

Extended User Model

While less performant than a custom User model (requires a secondary query), it may be better to extend the existing User model in an existing project and may be preferred depending on login flow and verification process.

We create a one-to-one relation from EmailVerification to whichever User model our project is using through the AUTH_USER_MODEL setting.

# app.models.py
from django.conf import settings
from django.db import models


class EmailVerification(models.Model):
    user = models.OneToOneField(
        settings.AUTH_USER_MODEL,
        on_delete=models.CASCADE,
        related_query_name="verification"
    )
    verified = models.BooleanField(default=False)

We can also create a custom admin that includes our extension inline.

# app.admin.py
from django.contrib import admin
from django.contrib.auth import get_user_model
from django.contrib.auth.admin import UserAdmin as BaseUserAdmin

from .models import EmailVerification

UserModel = get_user_model()


class VerificationInline(admin.StackedInline):
    model = EmailVerification
    can_delete = False
    verbose_name_plural = 'verification'


class UserAdmin(BaseUserAdmin):
    inlines = (VerificationInline,)


admin.site.unregister(UserModel)
admin.site.register(UserModel, UserAdmin)

We then create a backend similar to the one above that simply checks the related models verified field.

# app.backends.py
from django.contrib.auth import get_user_model
from django.contrib.auth.backends import ModelBackend
from django.db.models import Q

UserModel = get_user_model()


class ExtendedUserModelBackend(ModelBackend):
    def authenticate(self, request, username=None, password=None, **kwargs):
        if username is None:
            username = kwargs.get(UserModel.USERNAME_FIELD, kwargs.get(UserModel.EMAIL_FIELD))
        if username is None or password is None:
            return
        try:
            user = UserModel._default_manager.get(
                Q(username__exact=username) | (Q(email__iexact=username) & Q(verification__verified=True))
            )
        except UserModel.DoesNotExist:
            # Run the default password hasher once to reduce the timing
            # difference between an existing and a nonexistent user (#20760).
            UserModel().set_password(password)
        else:
            if user.check_password(password) and self.user_can_authenticate(user):
                return user

We then modify our projects settings.py to use our authentication backend.

# project.settings.py

AUTHENTICATION_BACKENDS = ["app.backends.ExtendedUserModelBackend"]

You can then makemigrations and migrate to add functionality to an existing project.

Notes

if usernames are case insensitive change Q(username__exact=username) to Q(username__iexact=username).
In production prevent a new user registering with an existing verified email address.

Thanks for great answer, but, what does `UserModel().set_password(password)` do ? — tabebqena, Jul 30 '22 at 04:01
I don't understand your comment that emails should NOT be unique -- what do misspellings have to do with anything? It seems that emails should be unique, or else you could end up with two different users entering the same email. — tadasajon, Apr 17 '23 at 14:20

score 14 · Answer 5 · edited Nov 07 '17 at 23:22

I had a similar requirement where either username/email should work for the username field.In case someone is looking for the authentication backend way of doing this,check out the following working code.You can change the queryset if you desire only the email.

from django.contrib.auth import get_user_model  # gets the user_model django  default or your own custom
from django.contrib.auth.backends import ModelBackend
from django.db.models import Q


# Class to permit the athentication using email or username
class CustomBackend(ModelBackend):  # requires to define two functions authenticate and get_user

    def authenticate(self, username=None, password=None, **kwargs):
        UserModel = get_user_model()

        try:
            # below line gives query set,you can change the queryset as per your requirement
            user = UserModel.objects.filter(
                Q(username__iexact=username) |
                Q(email__iexact=username)
            ).distinct()

        except UserModel.DoesNotExist:
            return None

        if user.exists():
            ''' get the user object from the underlying query set,
            there will only be one object since username and email
            should be unique fields in your models.'''
            user_obj = user.first()
            if user_obj.check_password(password):
                return user_obj
            return None
        else:
            return None

    def get_user(self, user_id):
        UserModel = get_user_model()
        try:
            return UserModel.objects.get(pk=user_id)
        except UserModel.DoesNotExist:
            return None

Also add AUTHENTICATION_BACKENDS = ( 'path.to.CustomBackend', ) in settings.py

This worked for me until I upgraded from 1.11 to 2.1.5. Any idea why it won't work with this version? — zerohedge, Feb 02 '19 at 18:55
@zerohedge add request to the authenticate method's parameters. See https://docs.djangoproject.com/en/2.2/topics/auth/customizing/#writing-an-authentication-backend — Van, Apr 09 '19 at 14:05
It also leaves you open to a timing attack, it's worth trying to closely mimicking Django implementation to prevent such vulnerabilities: https://github.com/django/django/blob/master/django/contrib/auth/backends.py — Gabriel Garcia, Jul 22 '19 at 21:06

Gabriel Garcia · Answer 6 · 2019-07-22T21:42:43.400

Email and Username Authentication for Django 2.X

Having in mind that this is a common question, here's a custom implementation mimicking the Django source code but that authenticates the user with either username or email, case-insensitively, keeping the timing attack protection and not authenticating inactive users.

from django.contrib.auth.backends import ModelBackend, UserModel
from django.db.models import Q

class CustomBackend(ModelBackend):
    def authenticate(self, request, username=None, password=None, **kwargs):
        try:
            user = UserModel.objects.get(Q(username__iexact=username) | Q(email__iexact=username))
        except UserModel.DoesNotExist:
            UserModel().set_password(password)
        else:
            if user.check_password(password) and self.user_can_authenticate(user):
                return user

    def get_user(self, user_id):
        try:
            user = UserModel.objects.get(pk=user_id)
        except UserModel.DoesNotExist:
            return None

        return user if self.user_can_authenticate(user) else None

Always remember to add it your settings.py the correct Authentication Backend.

Is my understanding right that the `UserModel().set_password(password)` is there to prevent attackers from determining if a user does or doesn't exist by performing roughly the same amount of cryptographic work regardless (I assume this is the timing attack you meant)? — Victor, Oct 06 '20 at 23:54

score 5 · Answer 7 · answered Aug 11 '20 at 11:00

It seems that the method of doing this has been updated with Django 3.0.

A working method for me has been:

authentication.py # <-- I placed this in an app (did not work in the project folder alongside settings.py

from django.contrib.auth import get_user_model
from django.contrib.auth.backends import BaseBackend
from django.contrib.auth.hashers import check_password
from django.contrib.auth.models import User

class EmailBackend(BaseBackend):
    def authenticate(self, request, username=None, password=None, **kwargs):
        UserModel = get_user_model()
        try:
            user = UserModel.objects.get(email=username)
        except UserModel.DoesNotExist:
            return None
        else:
            if user.check_password(password):
                return user
        return None

    def get_user(self, user_id):
        UserModel = get_user_model()
        try:
            return UserModel.objects.get(pk=user_id)
        except UserModel.DoesNotExist:
            return None

Then added this to the settings.py file

AUTHENTICATION_BACKENDS = (
    'appname.authentication.EmailBackend',
)

Wariored · Answer 8 · 2020-03-25T15:04:58.893

I have created a helper for that: function authenticate_user(email, password).

from django.contrib.auth.models import User


def authenticate_user(email, password):
    try:
        user = User.objects.get(email=email)
    except User.DoesNotExist:
        return None
    else:
        if user.check_password(password):
            return user

    return None

class LoginView(View):
    template_name = 'myapp/login.html'

    def get(self, request):
        return render(request, self.template_name)

    def post(self, request):
        email = request.POST['email']
        password = request.POST['password']
        user = authenticate_user(email, password)
        context = {}

        if user is not None:
            if user.is_active:
                login(request, user)

                return redirect(self.request.GET.get('next', '/'))
            else:
                context['error_message'] = "user is not active"
        else:
            context['error_message'] = "email or password not correct"

        return render(request, self.template_name, context)

Simple and straightfoward solution! It will work, unless you have multiple users under the same email. It's a pretty nice implementation — Richard Lucas, May 31 '21 at 14:06

Chetan · Answer 9 · 2019-07-24T06:30:12.933

Authentication with Email and Username For Django 2.x

from django.contrib.auth import get_user_model
from django.contrib.auth.backends import ModelBackend
from django.db.models import Q

class EmailorUsernameModelBackend(ModelBackend):
    def authenticate(self, request, username=None, password=None, **kwargs):
        UserModel = get_user_model()
        try:
            user = UserModel.objects.get(Q(username__iexact=username) | Q(email__iexact=username))
        except UserModel.DoesNotExist:
            return None
        else:
            if user.check_password(password):
                return user
        return None

In settings.py, add following line,

AUTHENTICATION_BACKENDS = ['appname.filename.EmailorUsernameModelBackend']

score 2 · Answer 10 · answered Mar 17 '17 at 03:55

You should customize ModelBackend class. My simple code:

from django.contrib.auth.backends import ModelBackend
from django.contrib.auth import get_user_model

class YourBackend(ModelBackend):

  def authenticate(self, username=None, password=None, **kwargs):
    UserModel = get_user_model()
    if username is None:
        username = kwargs.get(UserModel.USERNAME_FIELD)
    try:
        if '@' in username:
            UserModel.USERNAME_FIELD = 'email'
        else:
            UserModel.USERNAME_FIELD = 'username'

        user = UserModel._default_manager.get_by_natural_key(username)
    except UserModel.DoesNotExist:
        UserModel().set_password(password)
    else:
        if user.check_password(password) and self.user_can_authenticate(user):
            return user

And in settings.py file, add:

AUTHENTICATION_BACKENDS = ['path.to.class.YourBackend']

Update your code to include `request` parameter in `authenticate` method for django 2.1.1 — Ganesh, Sep 16 '18 at 04:30

score 1 · Answer 11 · edited Feb 01 '19 at 20:17

from django.contrib.auth.models import User

from django.db import Q

class EmailAuthenticate(object):

    def authenticate(self, username=None, password=None, **kwargs):
        try:
            user = User.objects.get(Q(email=username) | Q(username=username))
        except User.DoesNotExist:
            return None
        except MultipleObjectsReturned:
            return User.objects.filter(email=username).order_by('id').first()

        if user.check_password(password):
            return user
        return None

    def get_user(self,user_id):
        try:
            return User.objects.get(pk=user_id)
        except User.DoesNotExist:
            return None

And then in settings.py:

AUTHENTICATION_BACKENDS = (
  'articles.backends.EmailAuthenticate',
)

where articles is my django-app, backends.py is the python file inside my app and EmailAuthenticate is the authentication backend class inside my backends.py file

Super Kai - Kazuya Ito · Answer 12 · 2023-07-20T16:08:49.590

July, 2023 Update:

You can set up authentication with email and password instead of username and password and in this instruction, username is removed and I tried not to change the default Django settings as much as possible. *You can also see my answer explaining how to extend User model with OneToOneField() to add extra fields and you can see my answer and my answer explaining the difference between AbstractUser and AbstractBaseUser.

First, run the command below to create account app:

python manage.py startapp account

Then, set account app to INSTALLED_APPS and set AUTH_USER_MODEL = 'account.User' in settings.py as shown below:

# "settings.py"

INSTALLED_APPS = [
    ...
    "account", # Here
]

AUTH_USER_MODEL = 'account.User' # Here

Then, create managers.py just under account folder and create UserManager class extending (UM)UserManager in managers.py as shown below. *Just copy & paste the code below to managers.py and managers.py is necessary to make the command python manage.py createsuperuser work properly without any error:

# "account/managers.py"

from django.contrib.auth.models import UserManager as UM
from django.contrib.auth.hashers import make_password

class UserManager(UM):
    def _create_user(self, email, password, **extra_fields):
        if not email:
            raise ValueError("The given email must be set")
        email = self.normalize_email(email)
        user = self.model(email=email, **extra_fields)
        user.password = make_password(password)
        user.save(using=self._db)
        return user

    def create_user(self, email=None, password=None, **extra_fields):
        extra_fields.setdefault("is_staff", False)
        extra_fields.setdefault("is_superuser", False)
        return self._create_user(email, password, **extra_fields)

    def create_superuser(self, email=None, password=None, **extra_fields):
        extra_fields.setdefault("is_staff", True)
        extra_fields.setdefault("is_superuser", True)

        if extra_fields.get("is_staff") is not True:
            raise ValueError("Superuser must have is_staff=True.")
        if extra_fields.get("is_superuser") is not True:
            raise ValueError("Superuser must have is_superuser=True.")

        return self._create_user(email, password, **extra_fields)

Then, create User model extending AbstractUser and remove username by setting it None and set email with unique=True and set email to USERNAME_FIELD and set UserManager to objects in account/models.py as shown below. *Just copy & paste the code below to account/models.py:

# "account/models.py"

from django.db import models
from django.utils.translation import gettext_lazy as _
from django.contrib.auth.models import AbstractUser
from .managers import UserManager

class User(AbstractUser):
    username = None # Here
    email = models.EmailField(_("email address"), unique=True) # Here
    
    USERNAME_FIELD = 'email' # Here
    REQUIRED_FIELDS = []

    objects = UserManager() # Here

Or, you can also create User model extending AbstractBaseUser and PermissionsMixin as shown below. *This code below with AbstractBaseUser and PermissionsMixin is equivalent to the code above with AbstractUser:

from django.db import models
from django.utils.translation import gettext_lazy as _
from django.contrib.auth.models import AbstractBaseUser, PermissionsMixin
from django.utils import timezone
from .managers import UserManager

class User(AbstractBaseUser, PermissionsMixin):
    first_name = models.CharField(_("first name"), max_length=150, blank=True)
    last_name = models.CharField(_("last name"), max_length=150, blank=True)
    email = models.EmailField(_("email address"), unique=True)
    is_staff = models.BooleanField(
        _("staff status"),
        default=False,
        help_text=_("Designates whether the user can log into this admin site."),
    )
    is_active = models.BooleanField(
        _("active"),
        default=True,
        help_text=_(
            "Designates whether this user should be treated as active. "
            "Unselect this instead of deleting accounts."
        ),
    )
    date_joined = models.DateTimeField(_("date joined"), default=timezone.now)

    USERNAME_FIELD = 'email'

    objects = UserManager() # Here

    class Meta:
        verbose_name = _("user")
        verbose_name_plural = _("users")

*Don't extend DefaultUser(User) model as shown below otherwise there is error:

# "account/models.py"

from django.contrib.auth.models import User as DefaultUser

class User(DefaultUser):
    ...

Then, create UserAdmin class extending UA(UserAdmin) in account/admin.py as shown below. *Just copy & paste the code below to account/admin.py:

from django.contrib import admin
from django.utils.translation import gettext_lazy as _
from django.contrib.auth.admin import UserAdmin as UA
from .models import User

@admin.register(User)
class UserAdmin(UA):
    fieldsets = (
        (None, {"fields": ("password",)}),
        (_("Personal info"), {"fields": ("first_name", "last_name", "email")}),
        (
            _("Permissions"),
            {
                "fields": (
                    "is_active",
                    "is_staff",
                    "is_superuser",
                    "groups",
                    "user_permissions",
                ),
            },
        ),
        (_("Important dates"), {"fields": ("last_login", "date_joined")}),
    )
    add_fieldsets = (
        (
            None,
            {
                "classes": ("wide",),
                "fields": ("email", "password1", "password2"),
            },
        ),
    )
    list_display = ("email", "first_name", "last_name", "is_staff")
    ordering = ("-is_staff",)
    readonly_fields=('last_login', 'date_joined')

Then, run the command below. *This must be the 1st migration to database when customizing User model in this way otherwise there is error according to my experiments and the doc so before you develop your Django project, you must first create custom User model:

python manage.py makemigrations && python manage.py migrate

Then, run the command below:

python manage.py createsuperuser

Then, run the command below:

python manage.py runserver 0.0.0.0:8000

Then, open the url below:

http://localhost:8000/admin/login/

Finally, you can log in with email and password as shown below:

And, this is Add custom user page as shown below:

score 0 · Answer 13 · answered Feb 16 '19 at 02:57

0

For Django 2

username = get_object_or_404(User, email=data["email"]).username
        user = authenticate(
            request, 
            username = username, 
            password = data["password"]
        )
        login(request, user)

answered Feb 16 '19 at 02:57

Juan Sebastian Parada Celis

1

Shakil Ahmmed · Answer 14 · 2019-08-20T10:29:21.197

Authentication with Email For Django 2.x

def admin_login(request):
if request.method == "POST":
    email = request.POST.get('email', None)
    password = request.POST.get('password', None)
    try:
        get_user_name = CustomUser.objects.get(email=email)
        user_logged_in =authenticate(username=get_user_name,password=password)
        if user_logged_in is not None:
            login(request, user_logged_in)
            messages.success(request, f"WelcomeBack{user_logged_in.username}")
            return HttpResponseRedirect(reverse('backend'))
        else:
            messages.error(request, 'Invalid Credentials')
            return HttpResponseRedirect(reverse('admin_login'))
    except:
        messages.warning(request, 'Wrong Email')
        return HttpResponseRedirect(reverse('admin_login'))

else:
    if request.user.is_authenticated:
        return HttpResponseRedirect(reverse('backend'))
    return render(request, 'login_panel/login.html')

score 0 · Answer 15 · edited Dec 30 '19 at 10:08

If You created Custom database, from there if you want to validate your email id and password.

Fetch the Email id and Password with models.objects.value_list('db_columnname').filter(db_emailname=textbox email)

2.assign in list fetched object_query_list

3.Convert List to String

Ex :

Take the Html Email_id and Password Values in Views.py

u_email = request.POST.get('uemail')

u_pass = request.POST.get('upass')
Fetch the Email id and password from the database

Email = B_Reg.objects.values_list('B_Email',flat=True).filter(B_Email=u_email)

Password = B_Reg.objects.values_list('Password',flat=True).filter(B_Email=u_email)
Take the Email id and password values in the list from the Query value set

Email_Value = Email[0]

Password_Value=Password[0]
Convert list to String

string_email = ''.join(map(str, Email_Value))

string_password = ''.join(map(str, Password_Value))

Finally your Login Condition

if (string_email==u_email and string_password ==u_pass)

score 0 · Answer 16 · answered Apr 07 '23 at 01:29

All of these are horrendously complicated for what should be a simple problem.

Check that a user exists with that email, then get that user's username for the argument in Django's authenticate() method.

try:
    user = User.objects.get(email = request_dict['email'])
    user = authenticate(username = user.username, password = request_dict['password'])
except:
    return HttpResponse('User not found.', status = 400)

score -1 · Answer 17 · edited Jul 21 '20 at 20:37

-1

Pretty simple. There is no need for any additional classes.

When you create and update a user with an email, just set the username field with the email.

That way when you authenticate the username field will be the same value of the email.

The code:

# Create
User.objects.create_user(username=post_data['email'] etc...)

# Update
user.username = post_data['email']
user.save()

# When you authenticate
user = authenticate(username=post_data['email'], password=password)

edited Jul 21 '20 at 20:37

Marcello B.

4,177
11
45
65

answered Jul 16 '20 at 20:51

Casman Ridder

27
3

2

Please add some sample code to help demonstrate how your answer can help solve the problem. – Marcello B. Jul 17 '20 at 00:22
2

@CasmanRidder Your answer will be deleted if you don't add additional info. – 10 Rep Jul 17 '20 at 14:34

score -1 · Answer 18 · answered Jan 06 '21 at 23:28

The default user model inherits/ Extends an Abstract class. The framework should be lenient to a certain amount of changes or alterations.

A simpler hack is to do the following: This is in a virtual environment

Go to your django installation location and find the Lib folder
navigate to django/contrib/auth/
find and open the models.py file. Find the AbstractUser class line 315

LINE 336 on the email attribute add unique and set it to true

email = models.EmailField(_('email address'), blank=True,unique=True)

USERNAME_FIELD = 'email'
REQUIRED_FIELDS = ['username']

Done, makemigrations & migrate

Do this at you own risk,

Django - Login with Email

18 Answers18

Django 4.0

Custom User Model

Extended User Model

Notes

July, 2023 Update:

Linked

Related