This abstract base class provides the core implementation for a user model, including password management and authentication state tracking. It features built-in methods for password hashing, validation, and session security using HMAC-based hashes. The class establishes a foundation for custom user models by defining essential fields like password and last login while remaining flexible for specific application requirements.
Attributes
| Attribute | Type | Description |
|---|
| password | string | Hashed password string used for user authentication and session verification. |
| last_login | datetime | The date and time when the user last successfully authenticated into the system. |
| is_active | boolean = true | Boolean flag indicating whether the user account is considered active for authentication purposes. |
| REQUIRED_FIELDS | list = [] | A list of field names that will be prompted for when creating a user via the createsuperuser management command. |
Constructor
Signature
def AbstractBaseUser(
*args: any,
**kwargs: any
) - > null
Parameters
| Name | Type | Description |
|---|
| *args | any | Positional arguments passed to the model constructor. |
| **kwargs | any | Keyword arguments representing field values and other model attributes. |
Methods
save()
@classmethod
def save(
**kwargs: dict
) - > null
Saves the current user instance to the database and triggers password validation logic if the password was recently updated.
Parameters
| Name | Type | Description |
|---|
| **kwargs | dict | Arbitrary keyword arguments passed to the parent model's save method. |
Returns
| Type | Description |
|---|
null | Nothing is returned. |
get_username()
@classmethod
def get_username() - > string
Return the username for this User.
Returns
| Type | Description |
|---|
string | The value of the field defined as the USERNAME_FIELD. |
clean()
@classmethod
def clean() - > null
Normalizes the username field value before the model is validated or saved.
Returns
| Type | Description |
|---|
null | Nothing is returned. |
natural_key()
@classmethod
def natural_key() - > tuple
Returns a tuple containing the username, used for identifying the user during serialization.
Returns
| Type | Description |
|---|
tuple | A single-element tuple containing the user's username. |
is_anonymous()
@classmethod
def is_anonymous() - > boolean
Always return False. This is a way of comparing User objects to anonymous users.
Returns
| Type | Description |
|---|
boolean | Always False for a persisted user instance. |
is_authenticated()
@classmethod
def is_authenticated() - > boolean
Always return True. This is a way to tell if the user has been authenticated in templates.
Returns
| Type | Description |
|---|
boolean | Always True for a persisted user instance. |
set_password()
@classmethod
def set_password(
raw_password: string
) - > null
Sets the user's password to a hashed version of the provided raw string and tracks the raw value for post-save validation.
Parameters
| Name | Type | Description |
|---|
| raw_password | string | The plain-text password to be hashed and stored. |
Returns
| Type | Description |
|---|
null | Nothing is returned. |
check_password()
@classmethod
def check_password(
raw_password: string
) - > boolean
Return a boolean of whether the raw_password was correct. Handles hashing formats behind the scenes.
Parameters
| Name | Type | Description |
|---|
| raw_password | string | The plain-text password to verify against the stored hash. |
Returns
| Type | Description |
|---|
boolean | True if the password matches, False otherwise. |
acheck_password()
@classmethod
def acheck_password(
raw_password: string
) - > boolean
See check_password().
Parameters
| Name | Type | Description |
|---|
| raw_password | string | The plain-text password to verify asynchronously. |
Returns
| Type | Description |
|---|
boolean | An awaitable boolean indicating if the password matches. |
set_unusable_password()
@classmethod
def set_unusable_password() - > null
Sets the password to an invalid hash that cannot be matched by any input, effectively disabling password login.
Returns
| Type | Description |
|---|
null | Nothing is returned. |
has_usable_password()
@classmethod
def has_usable_password() - > boolean
Return False if set_unusable_password() has been called for this user.
Returns
| Type | Description |
|---|
boolean | True if the user has a valid password hash, False otherwise. |
get_session_auth_hash()
@classmethod
def get_session_auth_hash() - > string
Return an HMAC of the password field.
Returns
| Type | Description |
|---|
string | A hex-encoded HMAC hash used to invalidate sessions when the password changes. |
get_session_auth_fallback_hash()
@classmethod
def get_session_auth_fallback_hash() - > generator
Generates session authentication hashes using fallback secret keys to maintain session validity during secret rotation.
Returns
| Type | Description |
|---|
generator | A generator yielding hex-encoded HMAC hashes for each fallback secret. |
get_email_field_name()
@classmethod
def get_email_field_name() - > string
Returns the name of the field designated as the email field for the user model.
Returns
| Type | Description |
|---|
string | The name of the email field, defaulting to 'email' if not explicitly defined. |
normalize_username()
@classmethod
def normalize_username(
username: string
) - > string
Normalizes the username using NFKC Unicode normalization to ensure consistent storage and comparison.
Parameters
| Name | Type | Description |
|---|
| username | string | The raw username string to be normalized. |
Returns
| Type | Description |
|---|
string | The normalized username string. |