piccolo_api icon indicating copy to clipboard operation
piccolo_api copied to clipboard

Published 20 hours ago verified publisher icon piccolo-orm

How one can use custom `user` model with `Session Auth` app?

Open Akkarine opened this issue 2 years ago • 5 comments

I want to create blockchain backend app, based on piccolo. So I need custom User model (generally, without password field). As suggested in docs, I must implement custom user app. But I also want to use session mechanism. How can I achieve that case?

BTW, Great project! I've struggled with fastapi-sqlalchemy stack and it's back and forth model transitions. I've looked other ORMs, compatible with pydantic and FastAPI (Tortoise, SQLModel, Databases, GINO), but those projects looks too young or unmaintained. And only piccolo had my heart from first look). Thank you and keep doing your great work!

Akkarine avatar Jul 24 '22 17:07 Akkarine

Thanks for the kind words.

I think you need to override the login method.

For example:

from piccolo.apps.user.tables import BaseUser

class User(BaseUser, tablename='piccolo_user'):
    @classmethod
    async def login(cls, username: str, password: str) -> t.Optional[int]:
        # authenticate the user via the blockchain
        if check_my_blockchain_service(username, password):
            user = await cls.objects().get(cls.username == username)
            if not user:
                user = cls.create_user(
                    username=username,
                    password=password,
                    active=True,
                    admin=True, # only if you want to give them access to Piccolo admin
                    superuser=True # only if you want to have super user privileges in Piccolo admin
                )
            return user.id
        else:
            return None

# Pass this BaseUser subclass into any session auth middleware or endpoints, for example:
from piccolo_api.session_auth.endpoints import session_login
from fastapi import FastAPI

app = FastAPI()

app.mount('/login/', session_login(auth_table=User))

dantownsend avatar Jul 24 '22 21:07 dantownsend

Thank you for answer.

But what if I don't need a password field at all? Like I will have only OpenID authorization? How can I remove some fields? I mean, what if BaseUser would be just empty class (or just with id Field, needed for sessions), that I can inherit and completely rewrite it in main app (including id field, want it to be uuid), so sessions could accept also custom User model?

Akkarine avatar Jul 25 '22 04:07 Akkarine

@Akkarine The main problem is that BaseUser requires fields username and password (create_user() method) and session auth depends on BaseUser. You can try this.This basically saves the Google user as a Piccolo BaseUser, and later you can use it as a normal BaseUser with session auth. Here is another example (Vue frontend, but it doesn't matter) where I used fake password for register Google user as BaseUser to satisfy Pydantic validation on backend and creation of Piccolo BaseUser which requires password field. After that you can use session auth. I hope you find something usefull in this examples.

sinisaos avatar Jul 25 '22 05:07 sinisaos

Thank you, @sinisaos , I had similar ideas, but thought, maybe this (customizable User class) could be point of improvement for piccolo.

Akkarine avatar Jul 25 '22 06:07 Akkarine

@Akkarine if u are interested in combining session auth + custom user model, u can try smth like this: Session Model and logic User model and login method Using this in Piccolo Admin GUI

northpowered avatar Aug 09 '22 07:08 northpowered