Opened 10 years ago
Closed 10 years ago
#24874 closed Cleanup/optimization (invalid)
Why does "AbstractBaseUser" contain "password" and "last_login" fields?
Reported by: | Christopher D'Cunha | Owned by: | nobody |
---|---|---|---|
Component: | contrib.auth | Version: | 1.8 |
Severity: | Normal | Keywords: | |
Cc: | Triage Stage: | Unreviewed | |
Has patch: | no | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | yes | UI/UX: | no |
Description
Why does "AbstractBaseUser" contain "password" and "last_login" fields?
The module docstring and the documentation suggest that AbstractBaseUser should be inherited when creating custom user models. Why are these attributes expected to be common to all custom user models?
My immediate use case is that I want a custom user model for a delegated auth setup (Opend ID Connect in my case), so I don't have any passwords and last_login per se. At the same time, I'd like to use a "Django supported" base user model to know that I support the exact API that the User model needs. The only way I can see to do this is to re-implement AbstractBaseUser without these fields.
As documented, "AbstractBaseUser provides the core implementation of a User model, including hashed passwords and tokenized password resets." (
last_login
is used for password reset).I don't think the ticket tracker is the best place for queries like this (unless you can frame it as a documentation issue that needs clarification or as some other actionable item). Please see TicketClosingReasons/UseSupportChannels for other places to get help. Thanks!