Home/ Questions/Q 7591101
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-30T20:34:17+00:00

I don’t want to write custom auth backend and I think such common task

  • 0

I don’t want to write custom auth backend and I think such common task must been already solved by some 3rd party app.

I did some googling and skimming through SO but found only https://bitbucket.org/hakanw/django-email-usernames/wiki/Home which is quite old (2008). Are any other alternatives already available?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You say, "I don’t want to write custom auth backend" but a custom authentication backend is exactly the way that Django expects you to solve this problem, and moreover, it’s really quite straightforward—much simpler than installing a third-party app.

    Here’s a simple approach, in which a user has one e-mail address, stored in the email field of the built-in User object.

    First, think about case-sensitivity. Even though the local part of an e-mail address (the part before the @ sign) may be case-sensitive (depending on the e-mail provider), Django’s built-in auth application treats e-mail addresses as being case-insensitive (for example, when deciding which users to e-mail in response to a password reset request). So it’s probably best for you to treat them that way too.

    Second, ensure that two users can’t share the same e-mail address. You could do this by hand in the database:

    ALTER TABLE auth_user ADD UNIQUE INDEX (email);

    or if you are using South, then make a schema migration for the auth application where you call db.create_unique('auth_user', 'email').

    To enforce case-insensitive uniqueness, you should ensure that the collation on the email field is case-insensitive. I found that it already was, but you might do something like:

    ALTER TABLE auth_user MODIFY email VARCHAR(75) COLLATE utf8_general_ci;

    (Or ascii_general_ci if you don’t support international e-mail addresses.)

    Third, define your authentication backend, perhaps in mysite/backends.py:

    from django.contrib.auth.backends import ModelBackend
from django.contrib.auth.models import User

class EmailAuthenticationBackend(ModelBackend):
    """
    Authenticate against django.contrib.auth.models.User using
    e-mail address instead of username.
    """
    def authenticate(self, username=None, password=None):
        try:
            user = User.objects.get(email__iexact = username)
            if user.check_password(password):
                return user
        except User.DoesNotExist:
            return None

    Fourth, add your authentication backend to your settings.py:

    AUTHENTICATION_BACKENDS = ('mysite.backends.EmailAuthenticationBackend',)
    • 0