<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>django.contrib.auth — Django 1.5.9 documentation</title> <link rel="stylesheet" href="../../_static/default.css" type="text/css" /> <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" /> <script type="text/javascript"> var DOCUMENTATION_OPTIONS = { URL_ROOT: '../../', VERSION: '1.5.9', COLLAPSE_INDEX: false, FILE_SUFFIX: '.html', HAS_SOURCE: true }; </script> <script type="text/javascript" src="../../_static/jquery.js"></script> <script type="text/javascript" src="../../_static/underscore.js"></script> <script type="text/javascript" src="../../_static/doctools.js"></script> <link rel="top" title="Django 1.5.9 documentation" href="../../index.html" /> <link rel="up" title="contrib packages" href="index.html" /> <link rel="next" title="Django’s comments framework" href="comments/index.html" /> <link rel="prev" title="The Django admin documentation generator" href="admin/admindocs.html" /> <script type="text/javascript" src="../../templatebuiltins.js"></script> <script type="text/javascript"> (function($) { if (!django_template_builtins) { // templatebuiltins.js missing, do nothing. return; } $(document).ready(function() { // Hyperlink Django template tags and filters var base = "../templates/builtins.html"; if (base == "#") { // Special case for builtins.html itself base = ""; } // Tags are keywords, class '.k' $("div.highlight\\-html\\+django span.k").each(function(i, elem) { var tagname = $(elem).text(); if ($.inArray(tagname, django_template_builtins.ttags) != -1) { var fragment = tagname.replace(/_/, '-'); $(elem).html("<a href='" + base + "#" + fragment + "'>" + tagname + "</a>"); } }); // Filters are functions, class '.nf' $("div.highlight\\-html\\+django span.nf").each(function(i, elem) { var filtername = $(elem).text(); if ($.inArray(filtername, django_template_builtins.tfilters) != -1) { var fragment = filtername.replace(/_/, '-'); $(elem).html("<a href='" + base + "#" + fragment + "'>" + filtername + "</a>"); } }); }); })(jQuery); </script> </head> <body> <div class="document"> <div id="custom-doc" class="yui-t6"> <div id="hd"> <h1><a href="../../index.html">Django 1.5.9 documentation</a></h1> <div id="global-nav"> <a title="Home page" href="../../index.html">Home</a> | <a title="Table of contents" href="../../contents.html">Table of contents</a> | <a title="Global index" href="../../genindex.html">Index</a> | <a title="Module index" href="../../py-modindex.html">Modules</a> </div> <div class="nav"> « <a href="admin/admindocs.html" title="The Django admin documentation generator">previous</a> | <a href="../index.html" title="API Reference" accesskey="U">up</a> | <a href="comments/index.html" title="Django&#8217;s comments framework">next</a> »</div> </div> <div id="bd"> <div id="yui-main"> <div class="yui-b"> <div class="yui-g" id="ref-contrib-auth"> <div class="section" id="s-django-contrib-auth"> <span id="django-contrib-auth"></span><h1><tt class="docutils literal"><span class="pre">django.contrib.auth</span></tt><a class="headerlink" href="#django-contrib-auth" title="Permalink to this headline">¶</a></h1> <p>This document provides API reference material for the components of Django’s authentication system. For more details on the usage of these components or how to customize authentication and authorization see the <a class="reference internal" href="../../topics/auth/index.html"><em>authentication topic guide</em></a>.</p> </div> <div class="section" id="s-user"> <span id="user"></span><h1>User<a class="headerlink" href="#user" title="Permalink to this headline">¶</a></h1> <div class="section" id="s-fields"> <span id="fields"></span><h2>Fields<a class="headerlink" href="#fields" title="Permalink to this headline">¶</a></h2> <dl class="class"> <dt id="django.contrib.auth.models.User"> <em class="property">class </em><tt class="descclassname">models.</tt><tt class="descname">User</tt><a class="headerlink" href="#django.contrib.auth.models.User" title="Permalink to this definition">¶</a></dt> <dd><p><a class="reference internal" href="#django.contrib.auth.models.User" title="django.contrib.auth.models.User"><tt class="xref py py-class docutils literal"><span class="pre">User</span></tt></a> objects have the following fields:</p> <dl class="attribute"> <dt id="django.contrib.auth.models.User.username"> <tt class="descname">username</tt><a class="headerlink" href="#django.contrib.auth.models.User.username" title="Permalink to this definition">¶</a></dt> <dd><p>Required. 30 characters or fewer. Usernames may contain alphanumeric, <tt class="docutils literal"><span class="pre">_</span></tt>, <tt class="docutils literal"><span class="pre">@</span></tt>, <tt class="docutils literal"><span class="pre">+</span></tt>, <tt class="docutils literal"><span class="pre">.</span></tt> and <tt class="docutils literal"><span class="pre">-</span></tt> characters.</p> </dd></dl> <dl class="attribute"> <dt id="django.contrib.auth.models.User.first_name"> <tt class="descname">first_name</tt><a class="headerlink" href="#django.contrib.auth.models.User.first_name" title="Permalink to this definition">¶</a></dt> <dd><p>Optional. 30 characters or fewer.</p> </dd></dl> <dl class="attribute"> <dt id="django.contrib.auth.models.User.last_name"> <tt class="descname">last_name</tt><a class="headerlink" href="#django.contrib.auth.models.User.last_name" title="Permalink to this definition">¶</a></dt> <dd><p>Optional. 30 characters or fewer.</p> </dd></dl> <dl class="attribute"> <dt id="django.contrib.auth.models.User.email"> <tt class="descname">email</tt><a class="headerlink" href="#django.contrib.auth.models.User.email" title="Permalink to this definition">¶</a></dt> <dd><p>Optional. Email address.</p> </dd></dl> <dl class="attribute"> <dt id="django.contrib.auth.models.User.password"> <tt class="descname">password</tt><a class="headerlink" href="#django.contrib.auth.models.User.password" title="Permalink to this definition">¶</a></dt> <dd><p>Required. A hash of, and metadata about, the password. (Django doesn’t store the raw password.) Raw passwords can be arbitrarily long and can contain any character. See the <a class="reference internal" href="../../topics/auth/passwords.html"><em>password documentation</em></a>.</p> </dd></dl> <dl class="attribute"> <dt id="django.contrib.auth.models.User.groups"> <tt class="descname">groups</tt><a class="headerlink" href="#django.contrib.auth.models.User.groups" title="Permalink to this definition">¶</a></dt> <dd><p>Many-to-many relationship to <a class="reference internal" href="#django.contrib.auth.models.Group" title="django.contrib.auth.models.Group"><tt class="xref py py-class docutils literal"><span class="pre">Group</span></tt></a></p> </dd></dl> <dl class="attribute"> <dt id="django.contrib.auth.models.User.user_permissions"> <tt class="descname">user_permissions</tt><a class="headerlink" href="#django.contrib.auth.models.User.user_permissions" title="Permalink to this definition">¶</a></dt> <dd><p>Many-to-many relationship to <a class="reference internal" href="#django.contrib.auth.models.Permission" title="django.contrib.auth.models.Permission"><tt class="xref py py-class docutils literal"><span class="pre">Permission</span></tt></a></p> </dd></dl> <dl class="attribute"> <dt id="django.contrib.auth.models.User.is_staff"> <tt class="descname">is_staff</tt><a class="headerlink" href="#django.contrib.auth.models.User.is_staff" title="Permalink to this definition">¶</a></dt> <dd><p>Boolean. Designates whether this user can access the admin site.</p> </dd></dl> <dl class="attribute"> <dt id="django.contrib.auth.models.User.is_active"> <tt class="descname">is_active</tt><a class="headerlink" href="#django.contrib.auth.models.User.is_active" title="Permalink to this definition">¶</a></dt> <dd><p>Boolean. Designates whether this user account should be considered active. We recommend that you set this flag to <tt class="docutils literal"><span class="pre">False</span></tt> instead of deleting accounts; that way, if your applications have any foreign keys to users, the foreign keys won’t break.</p> <p>This doesn’t necessarily control whether or not the user can log in. Authentication backends aren’t required to check for the <tt class="docutils literal"><span class="pre">is_active</span></tt> flag, and the default backends do not. If you want to reject a login based on <tt class="docutils literal"><span class="pre">is_active</span></tt> being <tt class="docutils literal"><span class="pre">False</span></tt>, it’s up to you to check that in your own login view or a custom authentication backend. However, the <a class="reference internal" href="../../topics/auth/default.html#django.contrib.auth.forms.AuthenticationForm" title="django.contrib.auth.forms.AuthenticationForm"><tt class="xref py py-class docutils literal"><span class="pre">AuthenticationForm</span></tt></a> used by the <a class="reference internal" href="../../topics/auth/default.html#django.contrib.auth.views.login" title="django.contrib.auth.views.login"><tt class="xref py py-func docutils literal"><span class="pre">login()</span></tt></a> view (which is the default) <em>does</em> perform this check, as do the permission-checking methods such as <a class="reference internal" href="#django.contrib.auth.models.User.has_perm" title="django.contrib.auth.models.User.has_perm"><tt class="xref py py-meth docutils literal"><span class="pre">has_perm()</span></tt></a> and the authentication in the Django admin. All of those functions/methods will return <tt class="docutils literal"><span class="pre">False</span></tt> for inactive users.</p> </dd></dl> <dl class="attribute"> <dt id="django.contrib.auth.models.User.is_superuser"> <tt class="descname">is_superuser</tt><a class="headerlink" href="#django.contrib.auth.models.User.is_superuser" title="Permalink to this definition">¶</a></dt> <dd><p>Boolean. Designates that this user has all permissions without explicitly assigning them.</p> </dd></dl> <dl class="attribute"> <dt id="django.contrib.auth.models.User.last_login"> <tt class="descname">last_login</tt><a class="headerlink" href="#django.contrib.auth.models.User.last_login" title="Permalink to this definition">¶</a></dt> <dd><p>A datetime of the user’s last login. Is set to the current date/time by default.</p> </dd></dl> <dl class="attribute"> <dt id="django.contrib.auth.models.User.date_joined"> <tt class="descname">date_joined</tt><a class="headerlink" href="#django.contrib.auth.models.User.date_joined" title="Permalink to this definition">¶</a></dt> <dd><p>A datetime designating when the account was created. Is set to the current date/time by default when the account is created.</p> </dd></dl> </dd></dl> </div> <div class="section" id="s-methods"> <span id="methods"></span><h2>Methods<a class="headerlink" href="#methods" title="Permalink to this headline">¶</a></h2> <dl class="class"> <dt> <em class="property">class </em><tt class="descclassname">models.</tt><tt class="descname">User</tt></dt> <dd><dl class="method"> <dt id="django.contrib.auth.models.User.get_username"> <tt class="descname">get_username</tt>()<a class="headerlink" href="#django.contrib.auth.models.User.get_username" title="Permalink to this definition">¶</a></dt> <dd><p>Returns the username for the user. Since the User model can be swapped out, you should use this method instead of referencing the username attribute directly.</p> </dd></dl> <dl class="method"> <dt id="django.contrib.auth.models.User.is_anonymous"> <tt class="descname">is_anonymous</tt>()<a class="headerlink" href="#django.contrib.auth.models.User.is_anonymous" title="Permalink to this definition">¶</a></dt> <dd><p>Always returns <tt class="docutils literal"><span class="pre">False</span></tt>. This is a way of differentiating <a class="reference internal" href="#django.contrib.auth.models.User" title="django.contrib.auth.models.User"><tt class="xref py py-class docutils literal"><span class="pre">User</span></tt></a> and <a class="reference internal" href="#django.contrib.auth.models.AnonymousUser" title="django.contrib.auth.models.AnonymousUser"><tt class="xref py py-class docutils literal"><span class="pre">AnonymousUser</span></tt></a> objects. Generally, you should prefer using <a class="reference internal" href="#django.contrib.auth.models.User.is_authenticated" title="django.contrib.auth.models.User.is_authenticated"><tt class="xref py py-meth docutils literal"><span class="pre">is_authenticated()</span></tt></a> to this method.</p> </dd></dl> <dl class="method"> <dt id="django.contrib.auth.models.User.is_authenticated"> <tt class="descname">is_authenticated</tt>()<a class="headerlink" href="#django.contrib.auth.models.User.is_authenticated" title="Permalink to this definition">¶</a></dt> <dd><p>Always returns <tt class="docutils literal"><span class="pre">True</span></tt> (as opposed to <tt class="docutils literal"><span class="pre">AnonymousUser.is_authenticated()</span></tt> which always returns <tt class="docutils literal"><span class="pre">False</span></tt>). This is a way to tell if the user has been authenticated. This does not imply any permissions, and doesn’t check if the user is active or has a valid session. Even though normally you will call this method on <tt class="docutils literal"><span class="pre">request.user</span></tt> to find out whether it has been populated by the <a class="reference internal" href="../middleware.html#django.contrib.auth.middleware.AuthenticationMiddleware" title="django.contrib.auth.middleware.AuthenticationMiddleware"><tt class="xref py py-class docutils literal"><span class="pre">AuthenticationMiddleware</span></tt></a> (representing the currently logged-in user), you should know this method returns <tt class="docutils literal"><span class="pre">True</span></tt> for any <a class="reference internal" href="#django.contrib.auth.models.User" title="django.contrib.auth.models.User"><tt class="xref py py-class docutils literal"><span class="pre">User</span></tt></a> instance.</p> </dd></dl> <dl class="method"> <dt id="django.contrib.auth.models.User.get_full_name"> <tt class="descname">get_full_name</tt>()<a class="headerlink" href="#django.contrib.auth.models.User.get_full_name" title="Permalink to this definition">¶</a></dt> <dd><p>Returns the <a class="reference internal" href="#django.contrib.auth.models.User.first_name" title="django.contrib.auth.models.User.first_name"><tt class="xref py py-attr docutils literal"><span class="pre">first_name</span></tt></a> plus the <a class="reference internal" href="#django.contrib.auth.models.User.last_name" title="django.contrib.auth.models.User.last_name"><tt class="xref py py-attr docutils literal"><span class="pre">last_name</span></tt></a>, with a space in between.</p> </dd></dl> <dl class="method"> <dt id="django.contrib.auth.models.User.get_short_name"> <tt class="descname">get_short_name</tt>()<a class="headerlink" href="#django.contrib.auth.models.User.get_short_name" title="Permalink to this definition">¶</a></dt> <dd><div class="versionadded"> <span class="title">New in Django 1.5.</span> </div> <p>Returns the <a class="reference internal" href="#django.contrib.auth.models.User.first_name" title="django.contrib.auth.models.User.first_name"><tt class="xref py py-attr docutils literal"><span class="pre">first_name</span></tt></a>.</p> </dd></dl> <dl class="method"> <dt id="django.contrib.auth.models.User.set_password"> <tt class="descname">set_password</tt>(<em>raw_password</em>)<a class="headerlink" href="#django.contrib.auth.models.User.set_password" title="Permalink to this definition">¶</a></dt> <dd><p>Sets the user’s password to the given raw string, taking care of the password hashing. Doesn’t save the <a class="reference internal" href="#django.contrib.auth.models.User" title="django.contrib.auth.models.User"><tt class="xref py py-class docutils literal"><span class="pre">User</span></tt></a> object.</p> </dd></dl> <dl class="method"> <dt id="django.contrib.auth.models.User.check_password"> <tt class="descname">check_password</tt>(<em>raw_password</em>)<a class="headerlink" href="#django.contrib.auth.models.User.check_password" title="Permalink to this definition">¶</a></dt> <dd><p>Returns <tt class="docutils literal"><span class="pre">True</span></tt> if the given raw string is the correct password for the user. (This takes care of the password hashing in making the comparison.)</p> </dd></dl> <dl class="method"> <dt id="django.contrib.auth.models.User.set_unusable_password"> <tt class="descname">set_unusable_password</tt>()<a class="headerlink" href="#django.contrib.auth.models.User.set_unusable_password" title="Permalink to this definition">¶</a></dt> <dd><p>Marks the user as having no password set. This isn’t the same as having a blank string for a password. <a class="reference internal" href="#django.contrib.auth.models.User.check_password" title="django.contrib.auth.models.User.check_password"><tt class="xref py py-meth docutils literal"><span class="pre">check_password()</span></tt></a> for this user will never return <tt class="docutils literal"><span class="pre">True</span></tt>. Doesn’t save the <a class="reference internal" href="#django.contrib.auth.models.User" title="django.contrib.auth.models.User"><tt class="xref py py-class docutils literal"><span class="pre">User</span></tt></a> object.</p> <p>You may need this if authentication for your application takes place against an existing external source such as an LDAP directory.</p> </dd></dl> <dl class="method"> <dt id="django.contrib.auth.models.User.has_usable_password"> <tt class="descname">has_usable_password</tt>()<a class="headerlink" href="#django.contrib.auth.models.User.has_usable_password" title="Permalink to this definition">¶</a></dt> <dd><p>Returns <tt class="docutils literal"><span class="pre">False</span></tt> if <a class="reference internal" href="#django.contrib.auth.models.User.set_unusable_password" title="django.contrib.auth.models.User.set_unusable_password"><tt class="xref py py-meth docutils literal"><span class="pre">set_unusable_password()</span></tt></a> has been called for this user.</p> </dd></dl> <dl class="method"> <dt id="django.contrib.auth.models.User.get_group_permissions"> <tt class="descname">get_group_permissions</tt>(<em>obj=None</em>)<a class="headerlink" href="#django.contrib.auth.models.User.get_group_permissions" title="Permalink to this definition">¶</a></dt> <dd><p>Returns a set of permission strings that the user has, through his/her groups.</p> <p>If <tt class="docutils literal"><span class="pre">obj</span></tt> is passed in, only returns the group permissions for this specific object.</p> </dd></dl> <dl class="method"> <dt id="django.contrib.auth.models.User.get_all_permissions"> <tt class="descname">get_all_permissions</tt>(<em>obj=None</em>)<a class="headerlink" href="#django.contrib.auth.models.User.get_all_permissions" title="Permalink to this definition">¶</a></dt> <dd><p>Returns a set of permission strings that the user has, both through group and user permissions.</p> <p>If <tt class="docutils literal"><span class="pre">obj</span></tt> is passed in, only returns the permissions for this specific object.</p> </dd></dl> <dl class="method"> <dt id="django.contrib.auth.models.User.has_perm"> <tt class="descname">has_perm</tt>(<em>perm</em>, <em>obj=None</em>)<a class="headerlink" href="#django.contrib.auth.models.User.has_perm" title="Permalink to this definition">¶</a></dt> <dd><p>Returns <tt class="docutils literal"><span class="pre">True</span></tt> if the user has the specified permission, where perm is in the format <tt class="docutils literal"><span class="pre">"<app</span> <span class="pre">label>.<permission</span> <span class="pre">codename>"</span></tt>. (see documentation on <a class="reference internal" href="../../topics/auth/default.html#topic-authorization"><em>permissions</em></a>). If the user is inactive, this method will always return <tt class="docutils literal"><span class="pre">False</span></tt>.</p> <p>If <tt class="docutils literal"><span class="pre">obj</span></tt> is passed in, this method won’t check for a permission for the model, but for this specific object.</p> </dd></dl> <dl class="method"> <dt id="django.contrib.auth.models.User.has_perms"> <tt class="descname">has_perms</tt>(<em>perm_list</em>, <em>obj=None</em>)<a class="headerlink" href="#django.contrib.auth.models.User.has_perms" title="Permalink to this definition">¶</a></dt> <dd><p>Returns <tt class="docutils literal"><span class="pre">True</span></tt> if the user has each of the specified permissions, where each perm is in the format <tt class="docutils literal"><span class="pre">"<app</span> <span class="pre">label>.<permission</span> <span class="pre">codename>"</span></tt>. If the user is inactive, this method will always return <tt class="docutils literal"><span class="pre">False</span></tt>.</p> <p>If <tt class="docutils literal"><span class="pre">obj</span></tt> is passed in, this method won’t check for permissions for the model, but for the specific object.</p> </dd></dl> <dl class="method"> <dt id="django.contrib.auth.models.User.has_module_perms"> <tt class="descname">has_module_perms</tt>(<em>package_name</em>)<a class="headerlink" href="#django.contrib.auth.models.User.has_module_perms" title="Permalink to this definition">¶</a></dt> <dd><p>Returns <tt class="docutils literal"><span class="pre">True</span></tt> if the user has any permissions in the given package (the Django app label). If the user is inactive, this method will always return <tt class="docutils literal"><span class="pre">False</span></tt>.</p> </dd></dl> <dl class="method"> <dt id="django.contrib.auth.models.User.email_user"> <tt class="descname">email_user</tt>(<em>subject</em>, <em>message</em>, <em>from_email=None</em>)<a class="headerlink" href="#django.contrib.auth.models.User.email_user" title="Permalink to this definition">¶</a></dt> <dd><p>Sends an email to the user. If <tt class="docutils literal"><span class="pre">from_email</span></tt> is <tt class="docutils literal"><span class="pre">None</span></tt>, Django uses the <a class="reference internal" href="../settings.html#std:setting-DEFAULT_FROM_EMAIL"><tt class="xref std std-setting docutils literal"><span class="pre">DEFAULT_FROM_EMAIL</span></tt></a>.</p> </dd></dl> <dl class="method"> <dt id="django.contrib.auth.models.User.get_profile"> <tt class="descname">get_profile</tt>()<a class="headerlink" href="#django.contrib.auth.models.User.get_profile" title="Permalink to this definition">¶</a></dt> <dd><div class="deprecated"> <span class="title">Deprecated in Django 1.5:</span> With the introduction of <a class="reference internal" href="../../topics/auth/customizing.html#auth-custom-user"><em>custom User models</em></a>, the use of <a class="reference internal" href="../settings.html#std:setting-AUTH_PROFILE_MODULE"><tt class="xref std std-setting docutils literal"><span class="pre">AUTH_PROFILE_MODULE</span></tt></a> to define a single profile model is no longer supported. See the <a class="reference internal" href="../../releases/1.5.html"><em>Django 1.5 release notes</em></a> for more information.</div> <p>Returns a site-specific profile for this user. Raises <tt class="docutils literal"><span class="pre">django.contrib.auth.models.SiteProfileNotAvailable</span></tt> if the current site doesn’t allow profiles, or <a class="reference internal" href="../exceptions.html#django.core.exceptions.ObjectDoesNotExist" title="django.core.exceptions.ObjectDoesNotExist"><tt class="xref py py-exc docutils literal"><span class="pre">django.core.exceptions.ObjectDoesNotExist</span></tt></a> if the user does not have a profile.</p> </dd></dl> </dd></dl> </div> <div class="section" id="s-manager-methods"> <span id="manager-methods"></span><h2>Manager methods<a class="headerlink" href="#manager-methods" title="Permalink to this headline">¶</a></h2> <dl class="class"> <dt id="django.contrib.auth.models.UserManager"> <em class="property">class </em><tt class="descclassname">models.</tt><tt class="descname">UserManager</tt><a class="headerlink" href="#django.contrib.auth.models.UserManager" title="Permalink to this definition">¶</a></dt> <dd><p>The <a class="reference internal" href="#django.contrib.auth.models.User" title="django.contrib.auth.models.User"><tt class="xref py py-class docutils literal"><span class="pre">User</span></tt></a> model has a custom manager that has the following helper methods (in addition to the methods provided by <a class="reference internal" href="../../topics/auth/customizing.html#django.contrib.auth.models.BaseUserManager" title="django.contrib.auth.models.BaseUserManager"><tt class="xref py py-class docutils literal"><span class="pre">BaseUserManager</span></tt></a>):</p> <dl class="method"> <dt id="django.contrib.auth.models.UserManager.create_user"> <tt class="descname">create_user</tt>(<em>username</em>, <em>email=None</em>, <em>password=None</em>, <em>**extra_fields</em>)<a class="headerlink" href="#django.contrib.auth.models.UserManager.create_user" title="Permalink to this definition">¶</a></dt> <dd><div class="versionchanged"> <span class="title">Changed in Django 1.4:</span> The <tt class="docutils literal"><span class="pre">email</span></tt> parameter was made optional. The username parameter is now checked for emptiness and raises a <a class="reference external" href="http://docs.python.org/2.7/library/exceptions.html#exceptions.ValueError" title="(in Python v2.7)"><tt class="xref py py-exc docutils literal"><span class="pre">ValueError</span></tt></a> in case of a negative result.</div> <p>Creates, saves and returns a <a class="reference internal" href="#django.contrib.auth.models.User" title="django.contrib.auth.models.User"><tt class="xref py py-class docutils literal"><span class="pre">User</span></tt></a>.</p> <p>The <a class="reference internal" href="#django.contrib.auth.models.User.username" title="django.contrib.auth.models.User.username"><tt class="xref py py-attr docutils literal"><span class="pre">username</span></tt></a> and <a class="reference internal" href="#django.contrib.auth.models.User.password" title="django.contrib.auth.models.User.password"><tt class="xref py py-attr docutils literal"><span class="pre">password</span></tt></a> are set as given. The domain portion of <a class="reference internal" href="#django.contrib.auth.models.User.email" title="django.contrib.auth.models.User.email"><tt class="xref py py-attr docutils literal"><span class="pre">email</span></tt></a> is automatically converted to lowercase, and the returned <a class="reference internal" href="#django.contrib.auth.models.User" title="django.contrib.auth.models.User"><tt class="xref py py-class docutils literal"><span class="pre">User</span></tt></a> object will have <a class="reference internal" href="#django.contrib.auth.models.User.is_active" title="django.contrib.auth.models.User.is_active"><tt class="xref py py-attr docutils literal"><span class="pre">is_active</span></tt></a> set to <tt class="docutils literal"><span class="pre">True</span></tt>.</p> <p>If no password is provided, <a class="reference internal" href="#django.contrib.auth.models.User.set_unusable_password" title="django.contrib.auth.models.User.set_unusable_password"><tt class="xref py py-meth docutils literal"><span class="pre">set_unusable_password()</span></tt></a> will be called.</p> <p>The <tt class="docutils literal"><span class="pre">extra_fields</span></tt> keyword arguments are passed through to the <a class="reference internal" href="#django.contrib.auth.models.User" title="django.contrib.auth.models.User"><tt class="xref py py-class docutils literal"><span class="pre">User</span></tt></a>‘s <tt class="docutils literal"><span class="pre">__init__</span></tt> method to allow setting arbitrary fields on a <a class="reference internal" href="../../topics/auth/customizing.html#auth-custom-user"><em>custom User model</em></a>.</p> <p>See <a class="reference internal" href="../../topics/auth/default.html#topics-auth-creating-users"><em>Creating users</em></a> for example usage.</p> </dd></dl> <dl class="method"> <dt id="django.contrib.auth.models.UserManager.create_superuser"> <tt class="descname">create_superuser</tt>(<em>username</em>, <em>email</em>, <em>password</em>, <em>**extra_fields</em>)<a class="headerlink" href="#django.contrib.auth.models.UserManager.create_superuser" title="Permalink to this definition">¶</a></dt> <dd><p>Same as <a class="reference internal" href="#django.contrib.auth.models.UserManager.create_user" title="django.contrib.auth.models.UserManager.create_user"><tt class="xref py py-meth docutils literal"><span class="pre">create_user()</span></tt></a>, but sets <a class="reference internal" href="#django.contrib.auth.models.User.is_staff" title="django.contrib.auth.models.User.is_staff"><tt class="xref py py-attr docutils literal"><span class="pre">is_staff</span></tt></a> and <a class="reference internal" href="#django.contrib.auth.models.User.is_superuser" title="django.contrib.auth.models.User.is_superuser"><tt class="xref py py-attr docutils literal"><span class="pre">is_superuser</span></tt></a> to <tt class="docutils literal"><span class="pre">True</span></tt>.</p> </dd></dl> </dd></dl> </div> </div> <div class="section" id="s-anonymous-users"> <span id="anonymous-users"></span><h1>Anonymous users<a class="headerlink" href="#anonymous-users" title="Permalink to this headline">¶</a></h1> <dl class="class"> <dt id="django.contrib.auth.models.AnonymousUser"> <em class="property">class </em><tt class="descclassname">models.</tt><tt class="descname">AnonymousUser</tt><a class="headerlink" href="#django.contrib.auth.models.AnonymousUser" title="Permalink to this definition">¶</a></dt> <dd><p><a class="reference internal" href="#django.contrib.auth.models.AnonymousUser" title="django.contrib.auth.models.AnonymousUser"><tt class="xref py py-class docutils literal"><span class="pre">django.contrib.auth.models.AnonymousUser</span></tt></a> is a class that implements the <a class="reference internal" href="#django.contrib.auth.models.User" title="django.contrib.auth.models.User"><tt class="xref py py-class docutils literal"><span class="pre">django.contrib.auth.models.User</span></tt></a> interface, with these differences:</p> <ul class="simple"> <li><a class="reference internal" href="../../topics/db/models.html#automatic-primary-key-fields"><em>id</em></a> is always <tt class="docutils literal"><span class="pre">None</span></tt>.</li> <li><a class="reference internal" href="#django.contrib.auth.models.User.is_staff" title="django.contrib.auth.models.User.is_staff"><tt class="xref py py-attr docutils literal"><span class="pre">is_staff</span></tt></a> and <a class="reference internal" href="#django.contrib.auth.models.User.is_superuser" title="django.contrib.auth.models.User.is_superuser"><tt class="xref py py-attr docutils literal"><span class="pre">is_superuser</span></tt></a> are always <tt class="docutils literal"><span class="pre">False</span></tt>.</li> <li><a class="reference internal" href="#django.contrib.auth.models.User.is_active" title="django.contrib.auth.models.User.is_active"><tt class="xref py py-attr docutils literal"><span class="pre">is_active</span></tt></a> is always <tt class="docutils literal"><span class="pre">False</span></tt>.</li> <li><a class="reference internal" href="#django.contrib.auth.models.User.groups" title="django.contrib.auth.models.User.groups"><tt class="xref py py-attr docutils literal"><span class="pre">groups</span></tt></a> and <a class="reference internal" href="#django.contrib.auth.models.User.user_permissions" title="django.contrib.auth.models.User.user_permissions"><tt class="xref py py-attr docutils literal"><span class="pre">user_permissions</span></tt></a> are always empty.</li> <li><a class="reference internal" href="#django.contrib.auth.models.User.is_anonymous" title="django.contrib.auth.models.User.is_anonymous"><tt class="xref py py-meth docutils literal"><span class="pre">is_anonymous()</span></tt></a> returns <tt class="docutils literal"><span class="pre">True</span></tt> instead of <tt class="docutils literal"><span class="pre">False</span></tt>.</li> <li><a class="reference internal" href="#django.contrib.auth.models.User.is_authenticated" title="django.contrib.auth.models.User.is_authenticated"><tt class="xref py py-meth docutils literal"><span class="pre">is_authenticated()</span></tt></a> returns <tt class="docutils literal"><span class="pre">False</span></tt> instead of <tt class="docutils literal"><span class="pre">True</span></tt>.</li> <li><a class="reference internal" href="#django.contrib.auth.models.User.set_password" title="django.contrib.auth.models.User.set_password"><tt class="xref py py-meth docutils literal"><span class="pre">set_password()</span></tt></a>, <a class="reference internal" href="#django.contrib.auth.models.User.check_password" title="django.contrib.auth.models.User.check_password"><tt class="xref py py-meth docutils literal"><span class="pre">check_password()</span></tt></a>, <a class="reference internal" href="../models/instances.html#django.db.models.Model.save" title="django.db.models.Model.save"><tt class="xref py py-meth docutils literal"><span class="pre">save()</span></tt></a> and <a class="reference internal" href="../models/instances.html#django.db.models.Model.delete" title="django.db.models.Model.delete"><tt class="xref py py-meth docutils literal"><span class="pre">delete()</span></tt></a> raise <a class="reference external" href="http://docs.python.org/2.7/library/exceptions.html#exceptions.NotImplementedError" title="(in Python v2.7)"><tt class="xref py py-exc docutils literal"><span class="pre">NotImplementedError</span></tt></a>.</li> </ul> </dd></dl> <p>In practice, you probably won’t need to use <a class="reference internal" href="#django.contrib.auth.models.AnonymousUser" title="django.contrib.auth.models.AnonymousUser"><tt class="xref py py-class docutils literal"><span class="pre">AnonymousUser</span></tt></a> objects on your own, but they’re used by Web requests, as explained in the next section.</p> </div> <div class="section" id="s-permission"> <span id="permission"></span><h1>Permission<a class="headerlink" href="#permission" title="Permalink to this headline">¶</a></h1> <dl class="class"> <dt id="django.contrib.auth.models.Permission"> <em class="property">class </em><tt class="descclassname">models.</tt><tt class="descname">Permission</tt><a class="headerlink" href="#django.contrib.auth.models.Permission" title="Permalink to this definition">¶</a></dt> <dd></dd></dl> <div class="section" id="s-id1"> <span id="id1"></span><h2>Fields<a class="headerlink" href="#id1" title="Permalink to this headline">¶</a></h2> <p><a class="reference internal" href="#django.contrib.auth.models.Permission" title="django.contrib.auth.models.Permission"><tt class="xref py py-class docutils literal"><span class="pre">Permission</span></tt></a> objects have the following fields:</p> <dl class="attribute"> <dt id="django.contrib.auth.name"> <tt class="descname">name</tt><a class="headerlink" href="#django.contrib.auth.name" title="Permalink to this definition">¶</a></dt> <dd><p>Required. 50 characters or fewer. Example: <tt class="docutils literal"><span class="pre">'Can</span> <span class="pre">vote'</span></tt>.</p> </dd></dl> <dl class="attribute"> <dt id="django.contrib.auth.content_type"> <tt class="descname">content_type</tt><a class="headerlink" href="#django.contrib.auth.content_type" title="Permalink to this definition">¶</a></dt> <dd><p>Required. A reference to the <tt class="docutils literal"><span class="pre">django_content_type</span></tt> database table, which contains a record for each installed Django model.</p> </dd></dl> <dl class="attribute"> <dt id="django.contrib.auth.codename"> <tt class="descname">codename</tt><a class="headerlink" href="#django.contrib.auth.codename" title="Permalink to this definition">¶</a></dt> <dd><p>Required. 100 characters or fewer. Example: <tt class="docutils literal"><span class="pre">'can_vote'</span></tt>.</p> </dd></dl> </div> <div class="section" id="s-id2"> <span id="id2"></span><h2>Methods<a class="headerlink" href="#id2" title="Permalink to this headline">¶</a></h2> <p><a class="reference internal" href="#django.contrib.auth.models.Permission" title="django.contrib.auth.models.Permission"><tt class="xref py py-class docutils literal"><span class="pre">Permission</span></tt></a> objects have the standard data-access methods like any other <a class="reference internal" href="../models/instances.html"><em>Django model</em></a>.</p> </div> </div> <div class="section" id="s-group"> <span id="group"></span><h1>Group<a class="headerlink" href="#group" title="Permalink to this headline">¶</a></h1> <dl class="class"> <dt id="django.contrib.auth.models.Group"> <em class="property">class </em><tt class="descclassname">models.</tt><tt class="descname">Group</tt><a class="headerlink" href="#django.contrib.auth.models.Group" title="Permalink to this definition">¶</a></dt> <dd></dd></dl> <div class="section" id="s-id3"> <span id="id3"></span><h2>Fields<a class="headerlink" href="#id3" title="Permalink to this headline">¶</a></h2> <p><a class="reference internal" href="#django.contrib.auth.models.Group" title="django.contrib.auth.models.Group"><tt class="xref py py-class docutils literal"><span class="pre">Group</span></tt></a> objects have the following fields:</p> <dl class="attribute"> <dt> <tt class="descname">name</tt></dt> <dd><p>Required. 80 characters or fewer. Any characters are permitted. Example: <tt class="docutils literal"><span class="pre">'Awesome</span> <span class="pre">Users'</span></tt>.</p> </dd></dl> <dl class="attribute"> <dt id="django.contrib.auth.permissions"> <tt class="descname">permissions</tt><a class="headerlink" href="#django.contrib.auth.permissions" title="Permalink to this definition">¶</a></dt> <dd><p>Many-to-many field to <a class="reference internal" href="#django.contrib.auth.models.Permission" title="django.contrib.auth.models.Permission"><tt class="xref py py-class docutils literal"><span class="pre">Permission</span></tt></a>:</p> <div class="highlight-python"><div class="highlight"><pre><span class="n">group</span><span class="o">.</span><span class="n">permissions</span> <span class="o">=</span> <span class="p">[</span><span class="n">permission_list</span><span class="p">]</span> <span class="n">group</span><span class="o">.</span><span class="n">permissions</span><span class="o">.</span><span class="n">add</span><span class="p">(</span><span class="n">permission</span><span class="p">,</span> <span class="n">permission</span><span class="p">,</span> <span class="o">...</span><span class="p">)</span> <span class="n">group</span><span class="o">.</span><span class="n">permissions</span><span class="o">.</span><span class="n">remove</span><span class="p">(</span><span class="n">permission</span><span class="p">,</span> <span class="n">permission</span><span class="p">,</span> <span class="o">...</span><span class="p">)</span> <span class="n">group</span><span class="o">.</span><span class="n">permissions</span><span class="o">.</span><span class="n">clear</span><span class="p">()</span> </pre></div> </div> </dd></dl> </div> </div> <div class="section" id="s-module-django.contrib.auth.signals"> <span id="s-login-and-logout-signals"></span><span id="s-topics-auth-signals"></span><span id="module-django.contrib.auth.signals"></span><span id="login-and-logout-signals"></span><span id="topics-auth-signals"></span><h1>Login and logout signals<a class="headerlink" href="#module-django.contrib.auth.signals" title="Permalink to this headline">¶</a></h1> <p>The auth framework uses the following <a class="reference internal" href="../../topics/signals.html"><em>signals</em></a> that can be used for notification when a user logs in or out.</p> <dl class="function"> <dt id="django.contrib.auth.signals.user_logged_in"> <tt class="descname">user_logged_in</tt>()<a class="headerlink" href="#django.contrib.auth.signals.user_logged_in" title="Permalink to this definition">¶</a></dt> <dd><p>Sent when a user logs in successfully.</p> <p>Arguments sent with this signal:</p> <dl class="docutils"> <dt><tt class="docutils literal"><span class="pre">sender</span></tt></dt> <dd>The class of the user that just logged in.</dd> <dt><tt class="docutils literal"><span class="pre">request</span></tt></dt> <dd>The current <a class="reference internal" href="../request-response.html#django.http.HttpRequest" title="django.http.HttpRequest"><tt class="xref py py-class docutils literal"><span class="pre">HttpRequest</span></tt></a> instance.</dd> <dt><tt class="docutils literal"><span class="pre">user</span></tt></dt> <dd>The user instance that just logged in.</dd> </dl> </dd></dl> <dl class="function"> <dt id="django.contrib.auth.signals.user_logged_out"> <tt class="descname">user_logged_out</tt>()<a class="headerlink" href="#django.contrib.auth.signals.user_logged_out" title="Permalink to this definition">¶</a></dt> <dd><p>Sent when the logout method is called.</p> <dl class="docutils"> <dt><tt class="docutils literal"><span class="pre">sender</span></tt></dt> <dd>As above: the class of the user that just logged out or <tt class="docutils literal"><span class="pre">None</span></tt> if the user was not authenticated.</dd> <dt><tt class="docutils literal"><span class="pre">request</span></tt></dt> <dd>The current <a class="reference internal" href="../request-response.html#django.http.HttpRequest" title="django.http.HttpRequest"><tt class="xref py py-class docutils literal"><span class="pre">HttpRequest</span></tt></a> instance.</dd> <dt><tt class="docutils literal"><span class="pre">user</span></tt></dt> <dd>The user instance that just logged out or <tt class="docutils literal"><span class="pre">None</span></tt> if the user was not authenticated.</dd> </dl> </dd></dl> <dl class="function"> <dt id="django.contrib.auth.signals.user_login_failed"> <tt class="descname">user_login_failed</tt>()<a class="headerlink" href="#django.contrib.auth.signals.user_login_failed" title="Permalink to this definition">¶</a></dt> <dd><div class="versionadded"> <span class="title">New in Django 1.5.</span> </div> <p>Sent when the user failed to login successfully</p> <dl class="docutils"> <dt><tt class="docutils literal"><span class="pre">sender</span></tt></dt> <dd>The name of the module used for authentication.</dd> <dt><tt class="docutils literal"><span class="pre">credentials</span></tt></dt> <dd>A dictionary of keyword arguments containing the user credentials that were passed to <a class="reference internal" href="../../topics/auth/default.html#django.contrib.auth.authenticate" title="django.contrib.auth.authenticate"><tt class="xref py py-func docutils literal"><span class="pre">authenticate()</span></tt></a> or your own custom authentication backend. Credentials matching a set of ‘sensitive’ patterns, (including password) will not be sent in the clear as part of the signal.</dd> </dl> </dd></dl> </div> <div class="section" id="s-module-django.contrib.auth.backends"> <span id="s-authentication-backends"></span><span id="s-authentication-backends-reference"></span><span id="module-django.contrib.auth.backends"></span><span id="authentication-backends"></span><span id="authentication-backends-reference"></span><h1>Authentication backends<a class="headerlink" href="#module-django.contrib.auth.backends" title="Permalink to this headline">¶</a></h1> <p>This section details the authentication backends that come with Django. For information on how to use them and how to write your own authentication backends, see the <a class="reference internal" href="../../topics/auth/customizing.html#authentication-backends"><em>Other authentication sources section</em></a> of the <a class="reference internal" href="../../topics/auth/index.html"><em>User authentication guide</em></a>.</p> <div class="section" id="s-available-authentication-backends"> <span id="available-authentication-backends"></span><h2>Available authentication backends<a class="headerlink" href="#available-authentication-backends" title="Permalink to this headline">¶</a></h2> <p>The following backends are available in <a class="reference internal" href="#module-django.contrib.auth.backends" title="django.contrib.auth.backends: Django's built-in authentication backend classes."><tt class="xref py py-mod docutils literal"><span class="pre">django.contrib.auth.backends</span></tt></a>:</p> <dl class="class"> <dt id="django.contrib.auth.backends.ModelBackend"> <em class="property">class </em><tt class="descname">ModelBackend</tt><a class="headerlink" href="#django.contrib.auth.backends.ModelBackend" title="Permalink to this definition">¶</a></dt> <dd><p>This is the default authentication backend used by Django. It authenticates using credentials consisting of a user identifier and password. For Django’s default user model, the user identifier is the username, for custom user models it is the field specified by USERNAME_FIELD (see <a class="reference internal" href="../../topics/auth/customizing.html"><em>Customizing Users and authentication</em></a>).</p> <p>It also handles the default permissions model as defined for <a class="reference internal" href="#django.contrib.auth.models.User" title="django.contrib.auth.models.User"><tt class="xref py py-class docutils literal"><span class="pre">User</span></tt></a> and <a class="reference internal" href="../../topics/auth/customizing.html#django.contrib.auth.models.PermissionsMixin" title="django.contrib.auth.models.PermissionsMixin"><tt class="xref py py-class docutils literal"><span class="pre">PermissionsMixin</span></tt></a>.</p> </dd></dl> <dl class="class"> <dt id="django.contrib.auth.backends.RemoteUserBackend"> <em class="property">class </em><tt class="descname">RemoteUserBackend</tt><a class="headerlink" href="#django.contrib.auth.backends.RemoteUserBackend" title="Permalink to this definition">¶</a></dt> <dd><p>Use this backend to take advantage of external-to-Django-handled authentication. It authenticates using usernames passed in <a class="reference internal" href="../request-response.html#django.http.HttpRequest.META" title="django.http.HttpRequest.META"><tt class="xref py py-attr docutils literal"><span class="pre">request.META['REMOTE_USER']</span></tt></a>. See the <a class="reference internal" href="../../howto/auth-remote-user.html"><em>Authenticating against REMOTE_USER</em></a> documentation.</p> </dd></dl> </div> </div> </div> </div> </div> <div class="yui-b" id="sidebar"> <div class="sphinxsidebar"> <div class="sphinxsidebarwrapper"> <h3><a href="../../contents.html">Table Of Contents</a></h3> <ul> <li><a class="reference internal" href="#"><tt class="docutils literal"><span class="pre">django.contrib.auth</span></tt></a></li> <li><a class="reference internal" href="#user">User</a><ul> <li><a class="reference internal" href="#fields">Fields</a></li> <li><a class="reference internal" href="#methods">Methods</a></li> <li><a class="reference internal" href="#manager-methods">Manager methods</a></li> </ul> </li> <li><a class="reference internal" href="#anonymous-users">Anonymous users</a></li> <li><a class="reference internal" href="#permission">Permission</a><ul> <li><a class="reference internal" href="#id1">Fields</a></li> <li><a class="reference internal" href="#id2">Methods</a></li> </ul> </li> <li><a class="reference internal" href="#group">Group</a><ul> <li><a class="reference internal" href="#id3">Fields</a></li> </ul> </li> <li><a class="reference internal" href="#module-django.contrib.auth.signals">Login and logout signals</a></li> <li><a class="reference internal" href="#module-django.contrib.auth.backends">Authentication backends</a><ul> <li><a class="reference internal" href="#available-authentication-backends">Available authentication backends</a></li> </ul> </li> </ul> <h3>Browse</h3> <ul> <li>Prev: <a href="admin/admindocs.html">The Django admin documentation generator</a></li> <li>Next: <a href="comments/index.html">Django’s comments framework</a></li> </ul> <h3>You are here:</h3> <ul> <li> <a href="../../index.html">Django 1.5.9 documentation</a> <ul><li><a href="../index.html">API Reference</a> <ul><li><a href="index.html"><tt class="docutils literal"><span class="pre">contrib</span></tt> packages</a> <ul><li><tt class="docutils literal"><span class="pre">django.contrib.auth</span></tt></li></ul> </li></ul></li></ul> </li> </ul> <h3>This Page</h3> <ul class="this-page-menu"> <li><a href="../../_sources/ref/contrib/auth.txt" rel="nofollow">Show Source</a></li> </ul> <div id="searchbox" style="display: none"> <h3>Quick search</h3> <form class="search" action="../../search.html" method="get"> <input type="text" name="q" /> <input type="submit" value="Go" /> <input type="hidden" name="check_keywords" value="yes" /> <input type="hidden" name="area" value="default" /> </form> <p class="searchtip" style="font-size: 90%"> Enter search terms or a module, class or function name. </p> </div> <script type="text/javascript">$('#searchbox').show(0);</script> </div> </div> <h3>Last update:</h3> <p class="topless">Mar 19, 2015</p> </div> </div> <div id="ft"> <div class="nav"> « <a href="admin/admindocs.html" title="The Django admin documentation generator">previous</a> | <a href="../index.html" title="API Reference" accesskey="U">up</a> | <a href="comments/index.html" title="Django&#8217;s comments framework">next</a> »</div> </div> </div> <div class="clearer"></div> </div> </body> </html>