Authenticates against settings.AUTH_USER_MODEL.
Methods
authenticate()
@classmethod
def authenticate(
request: [HttpRequest](../../../http/request/httprequest.md?sid=django_http_request_httprequest),
username: string,
password: string
) - > UserModel
Authenticates a user against the configured user model using a username and password. It mitigates timing attacks and verifies the user is allowed to authenticate.
Parameters
| Name | Type | Description |
|---|
| request | [HttpRequest](../../../http/request/httprequest.md?sid=django_http_request_httprequest) | The current HTTP request object. |
| username | string | The unique identifier for the user, typically a username or email address. |
| password | string | The raw password to verify against the stored hash. |
Returns
| Type | Description |
|---|
UserModel | The authenticated user instance if credentials are valid and the user is active; otherwise, None. |
aauthenticate()
@classmethod
def aauthenticate(
request: [HttpRequest](../../../http/request/httprequest.md?sid=django_http_request_httprequest),
username: string,
password: string
) - > UserModel
Asynchronous version of authenticate() that verifies user credentials against the database.
Parameters
| Name | Type | Description |
|---|
| request | [HttpRequest](../../../http/request/httprequest.md?sid=django_http_request_httprequest) | The current HTTP request object. |
| username | string | The unique identifier for the user. |
| password | string | The raw password to verify. |
Returns
| Type | Description |
|---|
UserModel | The authenticated user instance if credentials are valid; otherwise, None. |
user_can_authenticate()
@classmethod
def user_can_authenticate(
user: UserModel
) - > boolean
Reject users with is_active=False. Custom user models that don't have that attribute are allowed.
Parameters
| Name | Type | Description |
|---|
| user | UserModel | The user instance to check for authentication eligibility. |
Returns
| Type | Description |
|---|
boolean | True if the user is allowed to authenticate, False otherwise. |
get_user_permissions()
@classmethod
def get_user_permissions(
user_obj: UserModel,
obj: object
) - > set
Return a set of permission strings the user user_obj has from their user_permissions.
Parameters
| Name | Type | Description |
|---|
| user_obj | UserModel | The user instance to query. |
| obj | object | Optional object for object-level permission checks. |
Returns
| Type | Description |
|---|
set | A set of permission strings assigned directly to the user. |
aget_user_permissions()
@classmethod
def aget_user_permissions(
user_obj: UserModel,
obj: object
) - > set
See get_user_permissions().
Parameters
| Name | Type | Description |
|---|
| user_obj | UserModel | The user instance to query. |
| obj | object | Optional object for object-level permission checks. |
Returns
| Type | Description |
|---|
set | An asynchronous set of direct user permission strings. |
get_group_permissions()
@classmethod
def get_group_permissions(
user_obj: UserModel,
obj: object
) - > set
Return a set of permission strings the user user_obj has from the groups they belong.
Parameters
| Name | Type | Description |
|---|
| user_obj | UserModel | The user instance to query. |
| obj | object | Optional object for object-level permission checks. |
Returns
| Type | Description |
|---|
set | A set of permission strings inherited from the user's groups. |
aget_group_permissions()
@classmethod
def aget_group_permissions(
user_obj: UserModel,
obj: object
) - > set
See get_group_permissions().
Parameters
| Name | Type | Description |
|---|
| user_obj | UserModel | The user instance to query. |
| obj | object | Optional object for object-level permission checks. |
Returns
| Type | Description |
|---|
set | An asynchronous set of group-inherited permission strings. |
get_all_permissions()
@classmethod
def get_all_permissions(
user_obj: UserModel,
obj: object
) - > set
Aggregates and caches all permissions (user and group) for the given user.
Parameters
| Name | Type | Description |
|---|
| user_obj | UserModel | The user instance to fetch all permissions for. |
| obj | object | Optional object for object-level permission checks. |
Returns
| Type | Description |
|---|
set | A combined set of all permission strings the user possesses. |
has_perm()
@classmethod
def has_perm(
user_obj: UserModel,
perm: string,
obj: object
) - > boolean
Checks if the active user has a specific permission string.
Parameters
| Name | Type | Description |
|---|
| user_obj | UserModel | The user instance to check. |
| perm | string | The permission string in 'app_label.codename' format. |
| obj | object | Optional object for object-level permission checks. |
Returns
| Type | Description |
|---|
boolean | True if the user is active and has the specified permission. |
ahas_perm()
@classmethod
def ahas_perm(
user_obj: UserModel,
perm: string,
obj: object
) - > boolean
Asynchronously checks if the active user has a specific permission string.
Parameters
| Name | Type | Description |
|---|
| user_obj | UserModel | The user instance to check. |
| perm | string | The permission string to check. |
| obj | object | Optional object for object-level permission checks. |
Returns
| Type | Description |
|---|
boolean | True if the user is active and has the specified permission. |
has_module_perms()
@classmethod
def has_module_perms(
user_obj: UserModel,
app_label: string
) - > boolean
Return True if user_obj has any permissions in the given app_label.
Parameters
| Name | Type | Description |
|---|
| user_obj | UserModel | The user instance to check. |
| app_label | string | The name of the application to check permissions for. |
Returns
| Type | Description |
|---|
boolean | True if the user is active and has at least one permission in the specified app. |
ahas_module_perms()
@classmethod
def ahas_module_perms(
user_obj: UserModel,
app_label: string
) - > boolean
See has_module_perms()
Parameters
| Name | Type | Description |
|---|
| user_obj | UserModel | The user instance to check. |
| app_label | string | The name of the application to check permissions for. |
Returns
| Type | Description |
|---|
boolean | True if the user is active and has at least one permission in the specified app. |
with_perm()
@classmethod
def with_perm(
perm: string,
is_active: boolean,
include_superusers: boolean,
obj: object
) - > [QuerySet](../../../db/models/query/queryset.md?sid=django_db_models_query_queryset)
Return users that have permission "perm". By default, filter out inactive users and include superusers.
Parameters
| Name | Type | Description |
|---|
| perm | string | The permission string or Permission instance to filter by. |
| is_active | boolean | Whether to filter for active users; defaults to True. |
| include_superusers | boolean | Whether to include superusers in the results; defaults to True. |
| obj | object | Optional object for object-level filtering; if provided, returns an empty QuerySet. |
Returns
| Type | Description |
|---|
[QuerySet](../../../db/models/query/queryset.md?sid=django_db_models_query_queryset) | A QuerySet of users who possess the specified permission. |
get_user()
@classmethod
def get_user(
user_id: any
) - > UserModel
Retrieves a user instance by its primary key, ensuring the user is allowed to authenticate.
Parameters
| Name | Type | Description |
|---|
| user_id | any | The primary key value of the user to retrieve. |
Returns
| Type | Description |
|---|
UserModel | The user instance if found and active; otherwise, None. |
aget_user()
@classmethod
def aget_user(
user_id: any
) - > UserModel
Asynchronously retrieves a user instance by its primary key, ensuring the user is allowed to authenticate.
Parameters
| Name | Type | Description |
|---|
| user_id | any | The primary key value of the user to retrieve. |
Returns
| Type | Description |
|---|
UserModel | The user instance if found and active; otherwise, None. |