By default django’s authentication module (django.contrib.auth) does a case-sensitive username look up. This means that a user with username ‘farhan’ will not be able to login as ‘Farhan’. Obviously, this is not the standard behavior that users expect. There was a ticket filed, but, unfortunately, the team doesn’t have time to fix (understandably, it is not just about making the change, they also have to worry about backwards compatibility). So, let’s see how we can quickly create a new authentication backend that supports case-insensitive backend.
So, we are writing a new authentication backend class, as always, my goal is to only rewrite what I have to rewrite and in this case since most of the functionality is already implemented by django.contrib.auth.backends.ModelBackend (the default backend), we will be inheriting this class and overriding one function. Once we have the new backend, we will specify it in settings.AUTHENTICATION_BACKENDS and we will be done. One caution though, make sure your sign-up process accounts for this and does not allow users to pick two variations of the same username (Farhan vs. farhan).
The model is pretty simple.
from django.contrib.auth.backends import ModelBackend from django.contrib.auth.models import User class CaseInsensitiveModelBackend(ModelBackend): """ By default ModelBackend does case _sensitive_ username authentication, which isn't what is generally expected. This backend supports case insensitive username authentication. """ def authenticate(self, username=None, password=None): try: user = User.objects.get(username__iexact=username) if user.check_password(password): return user else: return None except User.DoesNotExist: return None |
Once you have the model defined, edit your settings.py and specify “AUTHENTICATION_BACKENDS”.
AUTHENTICATION_BACKENDS = ('myproject.myapp.backends.CaseInsensitiveModelBackend',) |
That’s all you need. Restart your server, or in case of ‘django-admin runserver’ it would have restarted automatically, and your application will now have case-insensitive logins.
For more details about writing authentication backends please see this section in the django documentation.
21. October 2009 at 8:25 pm
Thank you for this. This is exactly the solution I was looking for.
22. October 2009 at 10:20 am
Glad this helped save you some time, have fun with django!
19. January 2010 at 1:51 pm
Thanks, very useful.
24. July 2010 at 6:25 pm
This won’t use Django’s index on username and will do a seqscan of the database instead, which is very slow with many users. You should either create an index or lowercase all usernames upon creation and search for those.
31. July 2011 at 2:58 pm
This isn’t good, because you can still register users with the “same” username, like “user” and “User”. Then, one of them won’t be able to log in.
2. August 2011 at 5:33 pm
Ok guys, I’ve got a hack that seems to be working well. But please be seated while reading it, and refrain yourself from screaming
http://bpaste.net/show/17766/
2. August 2011 at 5:34 pm
Oh and I forgot, this piece of code goes in one of your models.py file. (Well, at least it works that way for me).
23. January 2012 at 5:59 am
What a hell!
Nice trick
3. November 2012 at 4:21 am
Great Tips would try out for sure.
20. February 2013 at 7:20 am
Thank you very much. This is what I looking for.