I chose to use the third-party library django-allauth
to handle user-authentication because that library is mature and well-maintained, as far as I can tell. However, since the main focus of this library seems to be providing integrations for third-party oauth-providers, there is no obvious way to handle my first use case: Provide a way for users to sign-up with only an email – no password, no third-party-login, nothing else required.
In a previous project I had solved a similar problem by overriding the library’s DefaultAccountAdapter
-class, which seems to be main integration-point for this kind of customization. But today I found a way that is much more light-weight and straight-forward.
Removing a django form-field in a form’s subclass
To achieve this, I simply subclassed allauth.account.forms.SignupForm
and removed the password-field from the fields
-property from inside the __init__()
-method like so:
|
|
Note that order is important. You need to call super().__init__(*args, **kwargs)
first, because this is where the password-field is actually added by the superclass. Afterwards you remove it by calling self.fields.pop('password1')
.
Users can now sign up by only providing an email-address. The user’s password-field in the database remains empty and prevents them from logging in. For my use-case, that is the intended behavior. Users will still be able to use the password-reset functionality to create a working password at any time, if they wish.
My next task for MembershipNerd is to provide a way for users to unsubscribe without needing a password.
If you liked this post, please, do share it:
Thanks, for reading (and sharing)! 🥳