Code

Opened 10 months ago

Closed 7 months ago

Last modified 7 months ago

#20646 closed Cleanup/optimization (fixed)

Clarify the use of AbstractBaseUser.REQUIRED_FIELDS

Reported by: ChocolateCookies Owned by: craigbruce
Component: Documentation Version: 1.5
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: yes UI/UX: no

Description

In core/models.py:

class User( AbstractUser ):
	REQUIRED_FIELDS = [ 'first_name', 'last_name', 'email' ]
	USERNAME_FIELD = 'username'

In settings.py

AUTH_USER_MODEL = 'core.User'

When manage.py syncdb is called, the Superuser creation wizard properly asks for first name, last name and email, in addition to username and password.

However, when creating a User in the admin interface, the fields first name, last name and email address can be left blank. Should this be the case, or is it a bug?

Attachments (0)

Change History (9)

comment:1 Changed 10 months ago by bmispelon

  • Easy pickings set
  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Summary changed from Overriding User::REQUIRED_FIELDS works for creating su, but not in admin site to Clarify the use of AbstractBaseUser.REQUIRED_FIELDS
  • Triage Stage changed from Unreviewed to Accepted
  • Type changed from Bug to Cleanup/optimization

Hi,

I think this is not a bug but rather a documentation issue.

Putting a field in REQUIRED_FIELDS only makes it so that createsuperuser prompts for a value. Empty values may still be accepted, depending on the value of the field's blank attribute.

With your example, this means that you can still create a user with an empty first name when using createsuperuser.

Also note that, as the documentation mentions [1], REQUIRED_FIELDS is only used for the createsuperuser management command and has no effect on other parts of Django (like the admin).

Thanks.

[1] https://docs.djangoproject.com/en/dev/topics/auth/customizing/#django.contrib.auth.models.CustomUser.REQUIRED_FIELDS

comment:2 Changed 10 months ago by wim@…

Hi Baptiste,

What do you think? When you define REQUIRED_FIELDS and are indeed required to supply them when using createsuperuser, will it not be a common case to require them as well when creating a user in another way?

If not, I find REQUIRED_FIELDS inappropriately named. Maybe we should rename it to SUPERUSER_REQUIRED_FIELDS?

What are your thoughts?

Wim

comment:3 Changed 10 months ago by russellm

I completely disagree that renaming the setting is worthwhile. For one thing, the code is out in the wild, so there's a backwards incompatibility issue; secondly, changing the name is a bike shed - whatever the name is, *someone* is going to be confused by it.

If we were going to do anything about REQUIRED_FIELDS, it would be to remove it entirely; see #19901 and #19402. However, these tickets both indicate the difficulty involved.

comment:4 Changed 9 months ago by timo

  • Component changed from contrib.auth to Documentation

comment:5 Changed 7 months ago by craigbruce

  • Owner changed from nobody to craigbruce
  • Status changed from new to assigned

comment:6 Changed 7 months ago by craigbruce

  • Has patch set

comment:7 Changed 7 months ago by Tim Graham <timograham@…>

  • Resolution set to fixed
  • Status changed from assigned to closed

In db3de528071ac66903f82c2fe5b34db4a5281f5b:

Fixed #20646 -- Clarified the use of AbstractBaseUser.REQUIRED_FIELDS

Thanks craigbruce.

comment:8 Changed 7 months ago by Tim Graham <timograham@…>

In da44a8bdc2524424bfd3e904e394457028265619:

[1.6.x] Fixed #20646 -- Clarified the use of AbstractBaseUser.REQUIRED_FIELDS

Thanks craigbruce.

Backport of db3de52807 from master

comment:9 Changed 7 months ago by Tim Graham <timograham@…>

In 5d029f2222e74b3bae2dc6b446214014b708917b:

[1.5.x] Fixed #20646 -- Clarified the use of AbstractBaseUser.REQUIRED_FIELDS

Thanks craigbruce.

Backport of db3de52807 from master

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.