David Cramer's Blog - Latest Comments in Logging In With Email Addresses in Django

Re: Logging In With Email Addresses in Django

Serge — Mon, 06 Feb 2012 01:22:14 -0000

I found the following solution to the 30 character limitation on the username field, mentioned below.
http://stackoverflow.com/qu...
It seems to work for me.

Re: Logging In With Email Addresses in Django

br — Fri, 08 Apr 2011 18:52:47 -0000

This is silly. Are the Django maintainers just really lazy or do they need a new rcs to make applying submitted patches easier? At this point nearly every major new web application uses email as the primary means of authentication. Why can this not make it into django core and instead requires a custom backend?

Re: Logging In With Email Addresses in Django

adj7388 — Fri, 08 Oct 2010 09:50:26 -0000

I'm new to Django and still learning, but what's wrong with just overriding django's AuthenticationForm and using that in your login view:

from django.contrib.auth.forms import AuthenticationForm
class MyAuthenticationForm(AuthenticationForm):
    username = forms.EmailField(help_text="User name is email address",
    label="User name:", max_length=30) 

def my_login(request):
    if request.method == 'POST':
        form = MyAuthenticationForm(data=request.POST)
        if form.is_valid():
            user = form.get_user() 
... etc

Seems like you could also do the same thing with django's UserCreation form to enforce valid email addresses as logins. Or am I missing something (certainly possible).

Re: Logging In With Email Addresses in Django

Rainer Borene — Sat, 18 Sep 2010 17:35:08 -0000

Another approach to solve this problem: http://gist.github.com/586056

Re: Logging In With Email Addresses in Django

Nick — Wed, 15 Sep 2010 14:21:02 -0000

Attempting a better format job of the code below

from django.contrib.auth.backends import ModelBackend # default backend


# Overwrite the default backend to check for e-mail address 
class EmailBackend(ModelBackend):

    def authenticate(self, username=None, password=None):
        #If username is an email address, then try to pull it up
        if email_re.search(username):
            try:
                user = User.objects.get(email=username)
            except User.DoesNotExist:
                return None

        else:
            #We have a non-email address username we should try username
            try:
                user = User.objects.get(username=username)
            except User.DoesNotExist:
                return None

        if user.check_password(password):
            return user

Re: Logging In With Email Addresses in Django

Nick — Wed, 15 Sep 2010 14:20:42 -0000

I ran into a problem with the above code - it doesn't support permissions. Rather than creating an entirely new backend, I found the better solution to be to extend the default, and simply override the 'authenticate' method, so that all the built in functionality is preserved.

from django.contrib.auth.backends import ModelBackend # default backend

# Overwrite the default backend to check for e-mail address
class EmailBackend(ModelBackend):

def authenticate(self, username=None, password=None):
#If username is an email address, then try to pull it up
if email_re.search(username):
try:
user = User.objects.get(email=username)
except User.DoesNotExist:
return None

else:
#We have a non-email address username we should try username
try:
user = User.objects.get(username=username)
except User.DoesNotExist:
return None

if user.check_password(password):
return user

This allows the built in decorators like @permission_required to work.

Re: Logging In With Email Addresses in Django

Stefan Manastirliu — Tue, 14 Sep 2010 09:48:42 -0000

Well you don't have to do it directly puting the email on username field. I used, on user registration, creating a username that's a 30 chars long hash of the email. So then you can simply log the user checking his email hash with the value on username field on database. You must overwrite the auth backend to do that.
In this way you can pass the username field limits.

Sorry for my english :(

Re: Logging In With Email Addresses in Django

dgl — Mon, 23 Aug 2010 06:55:45 -0000

There are still some issues with this approach:

1) Username field is restricted by username CharField's max_length property. Even if you override form validation, DB will have varchar(30) field unless you alter your table manually.
2) You need to store your email data both in username and email field to make User.email_user() working. I think there are some other places, when User.email is used.
3) Code readability fail. Sure, other djangonauts know about this pitfall, but treating field called 'username' as email obviously makes your code less understandable.

The better approach could be passing email to authenticate function like so, but it still has problems:
authenticate(self, email=None, password=None)

1) User.email doesn't have 'unique' property, which means that your DB won't have index, making your lookups by emails slow like hell.
2) You have to deal with username field by completely removing it from your table or altering it to NULL, removing index.

Resuming, both ways are evil and require backend-related code to be executed after syncdb, which is unacceptable in most cases. Seems like the best solutions is just to copy and change auth application.

Re: Logging In With Email Addresses in Django

CharlesM — Tue, 03 Aug 2010 11:07:59 -0000

As of django 1.2, the username can now accept the characters that are in email addresses.

As for the django developers reasoning, see - http://groups.google.com/gr...

I looked at django-registration. It looks pretty impressive. But the websites I am creating are not open to the public, so it seems like over-kill for my needs.

All I really want to do that is non-standard is allow users to login using their email address as an identifier.

I work w users that are very unsophisticated when it comes to computers. The login process is causes an unbelievable amount of frustration. I am amazed at how many users cannot remember their username. So letting their username be their email address helps quite a bit.

Re: Logging In With Email Addresses in Django

asinox — Tue, 20 Jul 2010 14:37:15 -0000

Django-registration make this easy :)

Re: Logging In With Email Addresses in Django

tyagi — Sun, 20 Dec 2009 00:32:57 -0000

Have the Django developers given a reason for not wishing to enable Email logins for the built-in User authentication model? Alternatively, have they given a reason for not permitting non-alphanumeric characters in the username field?

Searching for solutions to this issue seems to give a large number of hits for fragmented and 90% working patches or backend extensions. Given that users of Django are obviously experiencing some problems with this developer policy, and the need for Email Usernames is quite apparent, is there a particular reason why they're not willing to implement it?

Re: Logging In With Email Addresses in Django

cornbread — Thu, 12 Nov 2009 12:22:31 -0000

I have the same question as steg.

also this seems backward to me. Why didn't django think "hmm maybe someone might want email as username"

it seems like an ugly hack to attempt to make email unique and can't use built in login form. Is this so hard to fix?

p.s. Please explain the permissions comment...

Re: Logging In With Email Addresses in Django

steg — Sat, 10 Oct 2009 18:33:53 -0000

A possibly naive question:

The EmailOrUsernameModelBackend allows a user to use their email or username during authentication.
This backend is then added to the list of AUTHENTICATION_BACKENDS **before** the standard ModelBackend, which performs authentication using the username User field.

My question is why does the EmailOrUsernameModelBackend need to support both email and username, rather than just email? To illustrate my point, if I was to log in with username "steg", the EmailOrUsernameModelBackend.authenticate() method would try to retrieve a User object from the db using keyword arguments {"username":"steg"}. If this fails, django then moves on and tries the ModelBackend.authenticate() method, which will do exactly the same thing.

Are there other reasons for this apparent duplication? I'm pretty new to django, so apologies in advance if I'm missing something obvious.

Re: Logging In With Email Addresses in Django

peterp — Tue, 14 Jul 2009 05:46:49 -0000

A user can register the same email address more than once. So I've modified the code a bit to filter by email addresses.

It then loops through each user found and checks the password individually.

Re: Logging In With Email Addresses in Django

zalun — Tue, 30 Jun 2009 19:02:00 -0000

@keredson
I use similar approach.
I just set the username as a slug of email replacing every weird character with _ and @ with __
Seems to work fine

@David
The only problem I have for the moment is the Admin interface to create users instead of allowing them to register...

Re: Logging In With Email Addresses in Django

keredson — Wed, 10 Jun 2009 00:31:59 -0000

how do you force emails to be unique in django's default admin? i dropped this code into my test app, and the first thing it gave me was "warning, returned 3 objects not 1!" during "User.objects.get(**kwargs)".

Re: Logging In With Email Addresses in Django

markhellewell — Tue, 28 Apr 2009 19:09:23 -0000

Nice, thanks. It pleases me to find out Django allows such elegance

Re: Logging In With Email Addresses in Django

carljm — Thu, 18 Sep 2008 09:26:05 -0000

> The reason it doesn’t inherit from ModelBackend is that this allows you to specify a second backend to use for permissions.

Could you expand on this? I've been using an EmailBackend similar to yours, except that it inherits from ModelBackend, overrides only the authenticate() method, and I use it all by itself in AUTHENTICATION_BACKENDS. This seems to work just fine. What am I missing that your approach provides?

Re: Logging In With Email Addresses in Django

julien — Mon, 25 Aug 2008 19:03:41 -0000

Hey, just a quick note. If using the standard login views, you won't be able to login with an email that's longer than 30 characters. There's a ticket with a simple patch which hopefully will get checked in to fix that:
http://code.djangoproject.c...

Cheers,

Julien Phalip

Re: Logging In With Email Addresses in Django

David Cramer — Mon, 25 Aug 2008 14:03:59 -0000

Ya I did notice that get_user is still required. I updated the above code.

The reason it doesn't inherit from ModelBackend is that this allows you to specify a second backend to use for permissions.

Re: Logging In With Email Addresses in Django

gnrfan — Sun, 24 Aug 2008 00:48:54 -0000

I just tried the code and realized the backend is missing the other methods that ModelBackend implements so I made EmailOrUsernameModelBackend inherint from ModelBackend instead of object and now everything works like a charm.

The code is here at PasteThat:

http://www.pastethat.com/dj...

Regards,

Antonio

Re: Logging In With Email Addresses in Django

gnrfan — Sun, 24 Aug 2008 00:25:58 -0000

Yes, Django is flexible enought to permit this just by adding this small piece of code.

One quirk arises when logging in with an email address in the admin site: if the authentication does not success for any reason you'll get a "Usernames cannot contain the '@' character." error message which is misleading because Django is having no problem to log you in using an email address at this point.

So to correct that you should override the login() method of the admin object as pointed out by James Bennet in this bug:

http://code.djangoproject.c...

Antonio,
Lima - Peru

Re: Logging In With Email Addresses in Django

sean — Sat, 23 Aug 2008 21:46:14 -0000

wow, it's the piece of code i'm trying to get.
thanks for posting it, again!