Opened 12 years ago

Closed 11 years ago

Last modified 11 years ago

#20646 closed Cleanup/optimization (fixed)

Clarify the use of AbstractBaseUser.REQUIRED_FIELDS

Reported by: ChocolateCookies Owned by: Craig Bruce
Component: Documentation Version: 1.5
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: yes UI/UX: no

Description

In core/models.py:

class User( AbstractUser ):
	REQUIRED_FIELDS = [ 'first_name', 'last_name', 'email' ]
	USERNAME_FIELD = 'username'

In settings.py

AUTH_USER_MODEL = 'core.User'

When manage.py syncdb is called, the Superuser creation wizard properly asks for first name, last name and email, in addition to username and password.

However, when creating a User in the admin interface, the fields first name, last name and email address can be left blank. Should this be the case, or is it a bug?

Change History (9)

comment:1 by Baptiste Mispelon, 12 years ago

Easy pickings: set
Summary: Overriding User::REQUIRED_FIELDS works for creating su, but not in admin siteClarify the use of AbstractBaseUser.REQUIRED_FIELDS
Triage Stage: UnreviewedAccepted
Type: BugCleanup/optimization

Hi,

I think this is not a bug but rather a documentation issue.

Putting a field in REQUIRED_FIELDS only makes it so that createsuperuser prompts for a value. Empty values may still be accepted, depending on the value of the field's blank attribute.

With your example, this means that you can still create a user with an empty first name when using createsuperuser.

Also note that, as the documentation mentions [1], REQUIRED_FIELDS is only used for the createsuperuser management command and has no effect on other parts of Django (like the admin).

Thanks.

[1] https://docs.djangoproject.com/en/dev/topics/auth/customizing/#django.contrib.auth.models.CustomUser.REQUIRED_FIELDS

comment:2 by wim@…, 12 years ago

Hi Baptiste,

What do you think? When you define REQUIRED_FIELDS and are indeed required to supply them when using createsuperuser, will it not be a common case to require them as well when creating a user in another way?

If not, I find REQUIRED_FIELDS inappropriately named. Maybe we should rename it to SUPERUSER_REQUIRED_FIELDS?

What are your thoughts?

Wim

comment:3 by Russell Keith-Magee, 12 years ago

I completely disagree that renaming the setting is worthwhile. For one thing, the code is out in the wild, so there's a backwards incompatibility issue; secondly, changing the name is a bike shed - whatever the name is, *someone* is going to be confused by it.

If we were going to do anything about REQUIRED_FIELDS, it would be to remove it entirely; see #19901 and #19402. However, these tickets both indicate the difficulty involved.

comment:4 by Tim Graham, 11 years ago

Component: contrib.authDocumentation

comment:5 by Craig Bruce, 11 years ago

Owner: changed from nobody to Craig Bruce
Status: newassigned

comment:6 by Craig Bruce, 11 years ago

Has patch: set

comment:7 by Tim Graham <timograham@…>, 11 years ago

Resolution: fixed
Status: assignedclosed

In db3de528071ac66903f82c2fe5b34db4a5281f5b:

Fixed #20646 -- Clarified the use of AbstractBaseUser.REQUIRED_FIELDS

Thanks craigbruce.

comment:8 by Tim Graham <timograham@…>, 11 years ago

In da44a8bdc2524424bfd3e904e394457028265619:

[1.6.x] Fixed #20646 -- Clarified the use of AbstractBaseUser.REQUIRED_FIELDS

Thanks craigbruce.

Backport of db3de52807 from master

comment:9 by Tim Graham <timograham@…>, 11 years ago

In 5d029f2222e74b3bae2dc6b446214014b708917b:

[1.5.x] Fixed #20646 -- Clarified the use of AbstractBaseUser.REQUIRED_FIELDS

Thanks craigbruce.

Backport of db3de52807 from master

Note: See TracTickets for help on using tickets.
Back to Top