Remove AbstractBaseUser

Author: davegaeddert

bolt-auth/bolt/auth/base_user.py

@@ -1,8 +1,18 @@
-from bolt.auth.base_user import AbstractBaseUser, BaseUserManager
-from bolt.auth.hashers import make_password
+import unicodedata
+import warnings
+
+from bolt.auth import password_validation
+from bolt.auth.hashers import (
+    check_password,
+    is_password_usable,
+    make_password,
+)
 from bolt.db import models
 from bolt.packages import packages
+from bolt.runtime import settings
 from bolt.utils import timezone
+from bolt.utils.crypto import get_random_string, salted_hmac
+from bolt.utils.deprecation import RemovedInDjango51Warning
 
 from .validators import UnicodeUsernameValidator
 
@@ -16,7 +26,7 @@ def update_last_login(sender, user, **kwargs):
     user.save(update_fields=["last_login"])
 
 
-class UserManager(BaseUserManager):
+class UserManager(models.Manager):
     use_in_migrations = True
 
     def create_user(self, username, email=None, password=None, **extra_fields):
@@ -36,8 +46,42 @@ def create_user(self, username, email=None, password=None, **extra_fields):
         user.save(using=self._db)
         return user
 
+    @classmethod
+    def normalize_email(cls, email):
+        """
+        Normalize the email address by lowercasing the domain part of it.
+        """
+        email = email or ""
+        try:
+            email_name, domain_part = email.strip().rsplit("@", 1)
+        except ValueError:
+            pass
+        else:
+            email = email_name + "@" + domain_part.lower()
+        return email
+
+    def make_random_password(
+        self,
+        length=10,
+        allowed_chars="abcdefghjkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ23456789",
+    ):
+        """
+        Generate a random password with the given length and given
+        allowed_chars. The default value of allowed_chars does not have "I" or
+        "O" or letters and digits that look similar -- just to avoid confusion.
+        """
+        warnings.warn(
+            "BaseUserManager.make_random_password() is deprecated.",
+            category=RemovedInDjango51Warning,
+            stacklevel=2,
+        )
+        return get_random_string(length, allowed_chars)
+
+    def get_by_natural_key(self, username):
+        return self.get(**{self.model.USERNAME_FIELD: username})
 
-class AbstractUser(AbstractBaseUser):
+
+class AbstractUser(models.Model):
     """
     An abstract base class implementing a fully featured User model with
     admin-compliant permissions.
@@ -70,6 +114,13 @@ class AbstractUser(AbstractBaseUser):
     )
     date_joined = models.DateTimeField("date joined", default=timezone.now)
 
+    password = models.CharField("password", max_length=128)
+    last_login = models.DateTimeField("last login", blank=True, null=True)
+
+    # Stores the raw password if set_password() is called so that it can
+    # be passed to password_changed() after the model is saved.
+    _password = None
+
     objects = UserManager()
 
     USERNAME_FIELD = "username"
@@ -81,9 +132,80 @@ class Meta:
         abstract = True
 
     def clean(self):
-        super().clean()
+        setattr(self, self.USERNAME_FIELD, self.normalize_username(self.get_username()))
         self.email = self.__class__.objects.normalize_email(self.email)
 
+    def __str__(self):
+        return self.get_username()
+
+    def save(self, *args, **kwargs):
+        super().save(*args, **kwargs)
+        if self._password is not None:
+            password_validation.password_changed(self._password, self)
+            self._password = None
+
+    def get_username(self):
+        """Return the username for this User."""
+        return getattr(self, self.USERNAME_FIELD)
+
+    def natural_key(self):
+        return (self.get_username(),)
+
+    def set_password(self, raw_password):
+        self.password = make_password(raw_password)
+        self._password = raw_password
+
+    def check_password(self, raw_password):
+        """
+        Return a boolean of whether the raw_password was correct. Handles
+        hashing formats behind the scenes.
+        """
+
+        def setter(raw_password):
+            self.set_password(raw_password)
+            # Password hash upgrades shouldn't be considered password changes.
+            self._password = None
+            self.save(update_fields=["password"])
+
+        return check_password(raw_password, self.password, setter)
+
+    def set_unusable_password(self):
+        # Set a value that will never be a valid hash
+        self.password = make_password(None)
+
+    def has_usable_password(self):
+        """
+        Return False if set_unusable_password() has been called for this user.
+        """
+        return is_password_usable(self.password)
+
+    def get_session_auth_hash(self):
+        """
+        Return an HMAC of the password field.
+        """
+        return self._get_session_auth_hash()
+
+    def get_session_auth_fallback_hash(self):
+        for fallback_secret in settings.SECRET_KEY_FALLBACKS:
+            yield self._get_session_auth_hash(secret=fallback_secret)
+
+    def _get_session_auth_hash(self, secret=None):
+        key_salt = "bolt.auth.models.AbstractBaseUser.get_session_auth_hash"
+        return salted_hmac(
+            key_salt,
+            self.password,
+            secret=secret,
+            algorithm="sha256",
+        ).hexdigest()
+
+    @classmethod
+    def normalize_username(cls, username):
+        return (
+            unicodedata.normalize("NFKC", username)
+            if isinstance(username, str)
+            else username
+        )
+
 
 class User(AbstractUser):
     """