Can't log in with Django REST Framework custom User extending AbstractBaseUser

Question

Using Django REST Framework, I've created a custom user that authenticates using a phone number instead of username. I can successfully create a superuser using create_superuser and the superuser does appear in the database. However, when I enter the login page, I can't login with the phone number and password I've chosen (yes, I've double and triple checked the password/phone number and tried multiple different passwords/phone numbers). Here is (a stub of) my custom user class' models.py file:

class User(AbstractBaseUser, PermissionsMixin):
    phone_regex = RegexValidator(
    regex=r'^\+?1?\d{9,15}$',
    message="Phone number must be entered in the format: '+999999999'. Up to 15 digits allowed.")

    phone_number = models.CharField(_('phone number'), unique=True, validators=[phone_regex], max_length=17, blank=True)
    .
    .
    .
    objects = UserManager()
    USERNAME_FIELD = 'phone_number'
    REQUIRED_FIELDS = ['first_name', 'last_name']

serializers.py:

class UserSerializer(serializers.HyperlinkedModelSerializer):
    class Meta:
        model = User
        fields = ('url', 'phone_number', 'groups')

managers.py:

class UserManager(BaseUserManager):
    use_in_migrations = True

    def _create_user(self, phone_number, password, **extra_fields):
        """
        Creates and saves a User with the given phone number and password.
        """
        if not phone_number:
            raise ValueError('The phone number must be set')
        user = self.model(phone_number=phone_number, **extra_fields)
        user.set_password(password)
        user.save(using=self._db)
        return user

    def create_user(self, phone_number, password=None, **extra_fields):
        extra_fields.setdefault('is_superuser', False)
        return self._create_user(phone_number, password, **extra_fields)

    def create_superuser(self, phone_number, password, **extra_fields):
        extra_fields.setdefault('is_superuser', True)

        if extra_fields.get('is_superuser') is not True:
            raise ValueError('Superuser must have is_superuser=True.')

        return self._create_user(phone_number, password, **extra_fields)

urls.py:

from django.conf.urls import url, include
from rest_framework import routers
from customauth import views

router = routers.DefaultRouter()
router.register(r'users', views.UserViewSet)

# Wire up our API using automatic URL routing.
# Additionally, we include login URLs for the browsable API.
urlpatterns = [
    url(r'^', include(router.urls)),
    url(r'^api-auth/', include('rest_framework.urls', namespace='rest_framework'))
]

settings.py:

AUTH_USER_MODEL = 'customauth.User'

What am I missing or doing wrong?

NB: Not a duplicate of this question, which deals with using a UserProfile class, not subclassing AbstractBaseUser.

Have you set up the scheme: https://www.django-rest-framework.org/api-guide/authentication/#setting-the-authentication-scheme ? — ruddra, Oct 27 '18 at 21:55
@ruddra how should I set it up exactly? Should I use the `DEFAULT_AUTHENTICATION_CLASSES` indicated at the link? — ubadub, Oct 27 '18 at 22:05

ruddra · Answer 1 · 2018-10-27T22:53:56.043

1

One way of doing is to override authentication backend like this:

class CustomAuthBackend(object):
    def authenticate(self, request):
        phone = request.POST.get('username') 
        password = request.POST.get('password')

        if not phone:
            return None
        try:
            user = CustomUser.objects.get(phone=phone)
            if user.check_password(password):
                return user
        except CustomUser.DoesNotExist:
            # exception handling
            return None
        return None

And update your settings.py with:

AUTHENTICATION_BACKENDS = ['path.to.your.CustomAuthBackend']

edited Oct 27 '18 at 22:53

answered Oct 27 '18 at 22:25

ruddra

50,746
7
78
101

This gives me a `authenticate() missing 1 required positional argument: 'password'` error because somewhere in the django-rest-framework code, it calls `authenticate` without a password field – ubadub Oct 27 '18 at 22:32
still nothing :( @ruddra – ubadub Oct 27 '18 at 22:48
If it helps, for whatever reason when I create an account on the site (e.g. not via the console), it doesn't ask for a password – ubadub Oct 27 '18 at 22:50
sorry, my bad. I had made a mistake in the answer – ruddra Oct 27 '18 at 22:50
that gives, `get_user() takes 1 positional argument but 2 were given` – ubadub Oct 27 '18 at 22:52
Now, removed get user method !! if it doesn't work, then i am out of clue – ruddra Oct 27 '18 at 22:54
didn't work, but it's fine, thank you for your help. I rewrote the project from scratch and went about things somewhat differently, and that's working well for me so far. – ubadub Oct 28 '18 at 04:38

Can't log in with Django REST Framework custom User extending AbstractBaseUser

1 Answers1