Re: Django Multi user field issue

Tue, 21 Dec 2021 04:23:38 -0800 

On 21/12/2021 10.24, GCiTek Dev wrote:


class User(AbstractBaseUser, PermissionsMixin):
id = models.UUIDField(primary_key=True, default=uuid.uuid4, editable=False)
email = models.EmailField(_('email address'), blank=True, null=True)
mobile = models.CharField(_('mobile'), unique=True, max_length=20)
first_name = models.CharField(_('first name'), max_length=30, blank=True)
last_name = models.CharField(_('last name'), max_length=30, blank=True)
date_joined = models.DateTimeField(_('date joined'), auto_now_add=True)
is_active = models.BooleanField(_('active'), default=True)
is_staff = models.BooleanField(_('staff'), default=True)
is_member = models.BooleanField(_('member'), default=False)
is_guest = models.BooleanField(_('guest'), default=True)
avatar = models.ImageField(upload_to='avatars/', null=True, blank=True)
role = models.CharField(_('role'), max_length=100, blank=True, null=True)
birth_date = models.DateField(null=True, blank=True)
gender = models.CharField(max_length=100, blank=True)
qrimage_url = models.CharField(max_length=255, blank=True)

memb_id = models.CharField(max_length=255, blank=True, 
null=True,unique=True)

objects = UserManager()
USERNAME_FIELD = 'memb_id'

Note: *Hoe can it possible to login with mobile and memb_id*
*
*



Hard to know what you're asking here.


Do you have a bug/security issue where it's possible for an attacker to 
login by only knowing the mobile and member_id fields? Then just sharing 
the model is definitely not enough to help you solve that.



Do you actually want it to be possible to login by only providing these 
two field values? Should be very simple to do, but then you can hardly 
consider the user to be authenticated in any way.


What exactly are you trying to solve/achieve?

Kind regards,

Kasper Laudrup

--
You received this message because you are subscribed to the Google Groups "Django 
users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/ae4a4c67-e06d-3b7e-25ec-0b4c72b021a5%40stacktrace.dk.



Attachment:
OpenPGP_0xE5D9CAC64AAA55EB.asc

Description: OpenPGP public key



Attachment:
OpenPGP_signature

Description: OpenPGP digital signature






















					Reply via email to