I chose to use the third-party library
django-allauth to handle user-authentication because that library is mature and well-maintained, as far as I can tell. However, since the main focus of this library seems to be providing integrations for third-party oauth-providers, there is no obvious way to handle my first use case: Provide a way for users to sign-up with only an email – no password, no third-party-login, nothing else required.
In a previous project I had solved a similar problem by overriding the library’s
DefaultAccountAdapter-class, which seems to be main integration-point for this kind of customization. But today I found a way that is much more light-weight and straight-forward.
Removing a django form-field in a form’s subclass
To achieve this, I simply subclassed
allauth.account.forms.SignupForm and removed the password-field from the
fields-property from inside the
__init__()-method like so:
Note that order is important. You need to call
super().__init__(*args, **kwargs) first, because this is where the password-field is actually added by the superclass. Afterwards you remove it by calling
Users can now sign up by only providing an email-address. The user’s password-field in the database remains empty and prevents them from logging in. For my use-case, that is the intended behavior. Users will still be able to use the password-reset functionality to create a working password at any time, if they wish.
My next task for MembershipNerd is to provide a way for users to unsubscribe without needing a password.