login as a superuser using a custom user model doesn't work

JackFormeDev · November 5, 2023, 5:31pm

Hey Guys.
I am creating a website, my problem is in the superuser.
I have created a custom user model.
here the code:

class CustomUserManager(BaseUserManager):
    """
    Custom user model manager where email is the unique identifiers
    for authentication instead of usernames.
    """
    def create_user(self, email, password, **extra_fields):
        """
        Create and save a user with the given email and password.
        """
        if not email:
            raise ValueError(_("The Email must be set"))
        email = self.normalize_email(email)
        user = self.model(email=email, **extra_fields)
        user.set_password(password)
        user.save()
        return user

    def create_superuser(self, email, password, **extra_fields):
        """
        Create and save a SuperUser with the given email and password.
        """
        extra_fields.setdefault("is_staff", True)
        extra_fields.setdefault("is_superuser", True)
        extra_fields.setdefault("is_active", True)

        if extra_fields.get("is_staff") is not True:
            raise ValueError(_("Superuser must have is_staff=True."))
        if extra_fields.get("is_superuser") is not True:
            raise ValueError(_("Superuser must have is_superuser=True."))
        return self.create_user(email, password, **extra_fields)

class CustomUser(AbstractBaseUser, PermissionsMixin):
    email = models.EmailField(_("email address"), unique=True)
    username_account = models.CharField(max_length=20)
    description = models.TextField(blank=True)
    photo = models.ImageField(upload_to='images/', blank=True)
    is_staff = models.BooleanField(default=False)
    is_active = models.BooleanField(default=True)
    updated = models.DateTimeField(auto_now=True)
    created = models.DateTimeField(auto_now_add=True)
    date_joined = models.DateTimeField(default=timezone.now)

    USERNAME_FIELD = "email"
    REQUIRED_FIELDS = []

    objects = CustomUserManager()

    def __str__(self):
        return self.email
    
    def save(self, *args, **kwargs):
        self.password = make_password(self.password)
        super(CustomUser, self).save(*args, **kwargs)

until recently everything was working perfectly.
now, the creation of a superuser happens successfully. however if i try to login in the admin page it always gives me this error:
‘Please enter the correct email address and password for a staff account. Note that both fields may be case-sensitive.’
I made sure the credentials were correct, also, the superuser has:
is_staff = True
is_active = True
is_superuser = True
(I checked the internet and that was the problem for the most part).
I honestly don’t know what to do, I tried creating a custom authentication but the problem persists.

KenWhitesell · November 5, 2023, 8:20pm

You don’t want to do this. If the password has already been hashed and you try to save the object again, it’s going to consider the self.password field to be the plaintext password and hash it again.

If you read the source code for AbstractBaseUser, you’ll see that is defines a set_password method. Also, if you read the code for the _create_user method in UserManager you’ll see that it calls make_password to set the password on the new user object.

JackFormeDev · November 6, 2023, 1:46pm

It worked ! I thank you infinitely