MembershipNerd Day 6: Signing up without a password


I chose to use the third-party library django-allauth to handle user-authentication because that library is mature and well-maintained, as far as I can tell. However, since the main focus of this library seems to be providing integrations for third-party oauth-providers, there is no obvious way to handle my first use case: Provide a way for users to sign-up with only an email – no password, no third-party-login, nothing else required.

In a previous project I had solved a similar problem by overriding the library’s DefaultAccountAdapter-class, which seems to be main integration-point for this kind of customization. But today I found a way that is much more light-weight and straight-forward.

Removing a django form-field in a form’s subclass

To achieve this, I simply subclassed allauth.account.forms.SignupForm and removed the password-field from the fields-property from inside the __init__()-method like so:

1
2
3
4
5
6
from allauth.account.forms import SignupForm

class CustomSignupForm(SignupForm):
    def __init__(self, *args, **kwargs):
        super().__init__(*args, **kwargs)
        self.fields.pop('password1')

Note that order is important. You need to call super().__init__(*args, **kwargs) first, because this is where the password-field is actually added by the superclass. Afterwards you remove it by calling self.fields.pop('password1').

Users can now sign up by only providing an email-address. The user’s password-field in the database remains empty and prevents them from logging in. For my use-case, that is the intended behavior. Users will still be able to use the password-reset functionality to create a working password at any time, if they wish.

My next task for MembershipNerd is to provide a way for users to unsubscribe without needing a password.


See also