Opened 8 years ago

Closed 8 years ago

#24874 closed Cleanup/optimization (invalid)

Why does "AbstractBaseUser" contain "password" and "last_login" fields?

Reported by: Christopher D'Cunha Owned by: nobody
Component: contrib.auth Version: 1.8
Severity: Normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: yes UI/UX: no


Why does "AbstractBaseUser" contain "password" and "last_login" fields?

The module docstring and the documentation suggest that AbstractBaseUser should be inherited when creating custom user models. Why are these attributes expected to be common to all custom user models?

My immediate use case is that I want a custom user model for a delegated auth setup (Opend ID Connect in my case), so I don't have any passwords and last_login per se. At the same time, I'd like to use a "Django supported" base user model to know that I support the exact API that the User model needs. The only way I can see to do this is to re-implement AbstractBaseUser without these fields.

Change History (1)

comment:1 Changed 8 years ago by Tim Graham

Resolution: invalid
Status: newclosed

As documented, "AbstractBaseUser provides the core implementation of a User model, including hashed passwords and tokenized password resets." (last_login is used for password reset).

I don't think the ticket tracker is the best place for queries like this (unless you can frame it as a documentation issue that needs clarification or as some other actionable item). Please see TicketClosingReasons/UseSupportChannels for other places to get help. Thanks!

Note: See TracTickets for help on using tickets.
Back to Top