Hi Russ, > > > - The last_login field is in the AbstractBaseUser, but it isn't > > documented as a required field. Is this field required for something? > > Is it needed as part of AbstractBaseUser? > > Yes, last_login is required - it's needed in order to generate > password reset tokens etc. > > It isn't documented because we *really* want people to be subclassing > AbstractBaseUser, not building their own User from scratch. >
I totally understand u want people to subclass the AbstractBaseClass. But what if some Django based system just doesn't need any passwords at all? If All authentification might be handled by LDAP, SSO or whatever.. It might be *ok* then to have a password field for every user just set to *unusable* (but not nice at all..). But then having the user table always being updated on logins is just not necessary. If one (me) maybe even wants to store recent actions - as logins - in a completely different app / table / db - than the user table would definitely benefit from not being accessed without any need on every login. So I really don't think its the best way to force any subclassed model to use the last_login (and password) field. Why not having an AbstractPasswordUser and an * AbstractNaked-I-Dont-Have-Anything-except-a-username-User? I really appreciate you're offering the possibility of having Custom Users this easy now, but please think again about the password and especially the last_login field. Best regards ludwig -- You received this message because you are subscribed to the Google Groups "Django developers" group. To view this discussion on the web visit https://groups.google.com/d/msg/django-developers/-/c_YYptksV1AJ. To post to this group, send email to django-developers@googlegroups.com. To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
