Django:为由 social-auth-app-django 和 google_oauth2 创建的用户设置 is_active 标志
Django : Set is_active flag for User created by social-auth-app-django and google_oauth2
我正在使用 social-auth-app-django 为使用 google oauth2 身份验证的新用户注册登录。
注册后在我的数据库中创建了一个新用户,但 is_active 设置为 false,我只想将此 social_auth 创建的用户的 is_active 设置为 true google 认证
(对于使用电子邮件密码注册的其他用户,我通过发送帐户激活电子邮件来激活他们)
我已经尝试为所有没有密码的用户设置 is_active = True,但我觉得这种方式不安全而且很黑。
我如何修改 social_auth_login 流程以同时激活用户?
我正在使用自定义用户模型:
class UserManager(BaseUserManager):
def create_user(self, email, password=None, **extra_fields):
if not email:
raise ValueError('The Email must be set')
email = self.normalize_email(email)
user = self.model(email=email, **extra_fields)
if password:
user.set_password(password)
# else:
# user.is_active = True <-------- tried this , worked too
user.save()
return user
def create_superuser(self, email, password, **extra_fields):
extra_fields.setdefault('is_superuser', True)
extra_fields.setdefault('is_staff', True)
extra_fields.setdefault('is_active', True)
extra_fields.setdefault('user_type', user_constants.SUPERUSER)
if extra_fields.get('is_superuser') is not True:
raise ValueError('Superuser must have is_superuser=True.')
return self.create_user(email, password, **extra_fields)
..
class User(AbstractUser):
username = None # remove username field, we will use email as unique identifier
email = models.EmailField(unique=True, null=True, db_index=True)
client_id = models.UUIDField(primary_key = True,
default = uuid.uuid4,
editable = False)
name = models.CharField(max_length=255, default="")
is_active = models.BooleanField(default=False)
is_staff = models.BooleanField(default=False)
date_joined = models.DateTimeField(default=timezone.now)
user_type = models.PositiveSmallIntegerField(choices=user_constants.USER_TYPE_CHOICES, default=user_constants.CLIENT_ADMIN)
REQUIRED_FIELDS = []
USERNAME_FIELD = 'email'
objects = UserManager()
..
SOCIAL_AUTH_PIPELINE = (
'social_core.pipeline.social_auth.social_details',
'social_core.pipeline.social_auth.social_uid',
'social_core.pipeline.social_auth.auth_allowed',
'social_core.pipeline.social_auth.social_user',
'social_core.pipeline.user.get_username',
'social_core.pipeline.social_auth.associate_by_email',
'social_core.pipeline.user.create_user',
'social_core.pipeline.social_auth.associate_user',
'social_core.pipeline.social_auth.load_extra_data',
'social_core.pipeline.user.user_details',
)
SOCIAL_AUTH_USERNAME_IS_FULL_EMAIL = True
SOCIAL_AUTH_USER_MODEL = 'register.User'
SOCIAL_AUTH_GOOGLE_OAUTH2_USER_FIELDS = ['email']
..
根据 Django 的说法,布尔值 is_active
designates whether this user account should be considered active. We
recommend that you set this flag to False instead of deleting
accounts; that way, if your applications have any foreign keys to
users, the foreign keys won’t break.
在你的情况下,我会默认将 is_active 设置为 True(如果你想删除一个帐户,你只需将其设置为 False)。
根据您的意见
(for other users who sign up using email-password I activate them by
sending an account activation email)
您可以添加一个布尔值 is_email_verified :如果用户是由社交身份验证创建的,则表示 is_email_verified 为 True;如果用户是根据电子邮件密码创建的,is_email_verified 为 False,必须通过发送帐户激活电子邮件将其设置为 True。
多亏了 2 个布尔值 is_active 和 is_email_verified 可以有 4 个状态:想要连接的用户必须将它们都设置为 True。这对我来说似乎很安全。
我正在使用 social-auth-app-django 为使用 google oauth2 身份验证的新用户注册登录。
注册后在我的数据库中创建了一个新用户,但 is_active 设置为 false,我只想将此 social_auth 创建的用户的 is_active 设置为 true google 认证
(对于使用电子邮件密码注册的其他用户,我通过发送帐户激活电子邮件来激活他们) 我已经尝试为所有没有密码的用户设置 is_active = True,但我觉得这种方式不安全而且很黑。 我如何修改 social_auth_login 流程以同时激活用户? 我正在使用自定义用户模型:
class UserManager(BaseUserManager):
def create_user(self, email, password=None, **extra_fields):
if not email:
raise ValueError('The Email must be set')
email = self.normalize_email(email)
user = self.model(email=email, **extra_fields)
if password:
user.set_password(password)
# else:
# user.is_active = True <-------- tried this , worked too
user.save()
return user
def create_superuser(self, email, password, **extra_fields):
extra_fields.setdefault('is_superuser', True)
extra_fields.setdefault('is_staff', True)
extra_fields.setdefault('is_active', True)
extra_fields.setdefault('user_type', user_constants.SUPERUSER)
if extra_fields.get('is_superuser') is not True:
raise ValueError('Superuser must have is_superuser=True.')
return self.create_user(email, password, **extra_fields)
..
class User(AbstractUser):
username = None # remove username field, we will use email as unique identifier
email = models.EmailField(unique=True, null=True, db_index=True)
client_id = models.UUIDField(primary_key = True,
default = uuid.uuid4,
editable = False)
name = models.CharField(max_length=255, default="")
is_active = models.BooleanField(default=False)
is_staff = models.BooleanField(default=False)
date_joined = models.DateTimeField(default=timezone.now)
user_type = models.PositiveSmallIntegerField(choices=user_constants.USER_TYPE_CHOICES, default=user_constants.CLIENT_ADMIN)
REQUIRED_FIELDS = []
USERNAME_FIELD = 'email'
objects = UserManager()
..
SOCIAL_AUTH_PIPELINE = (
'social_core.pipeline.social_auth.social_details',
'social_core.pipeline.social_auth.social_uid',
'social_core.pipeline.social_auth.auth_allowed',
'social_core.pipeline.social_auth.social_user',
'social_core.pipeline.user.get_username',
'social_core.pipeline.social_auth.associate_by_email',
'social_core.pipeline.user.create_user',
'social_core.pipeline.social_auth.associate_user',
'social_core.pipeline.social_auth.load_extra_data',
'social_core.pipeline.user.user_details',
)
SOCIAL_AUTH_USERNAME_IS_FULL_EMAIL = True
SOCIAL_AUTH_USER_MODEL = 'register.User'
SOCIAL_AUTH_GOOGLE_OAUTH2_USER_FIELDS = ['email']
..
根据 Django 的说法,布尔值 is_active
designates whether this user account should be considered active. We recommend that you set this flag to False instead of deleting accounts; that way, if your applications have any foreign keys to users, the foreign keys won’t break.
在你的情况下,我会默认将 is_active 设置为 True(如果你想删除一个帐户,你只需将其设置为 False)。
根据您的意见
(for other users who sign up using email-password I activate them by sending an account activation email)
您可以添加一个布尔值 is_email_verified :如果用户是由社交身份验证创建的,则表示 is_email_verified 为 True;如果用户是根据电子邮件密码创建的,is_email_verified 为 False,必须通过发送帐户激活电子邮件将其设置为 True。
多亏了 2 个布尔值 is_active 和 is_email_verified 可以有 4 个状态:想要连接的用户必须将它们都设置为 True。这对我来说似乎很安全。