username Required. 150 characters or fewer. Usernames may contain alphanumeric, _, @, +, . and - characters. The max_length should be sufficient for many use cases. If you need a longer length, please use a custom user model. If you use MySQL with the utf8mb4 encoding (recommended for proper Unicode support), specify at most max_length=191 because MySQL can only create unique indexes with 191 characters in that case by default. Usernames and Unicode Django originally accepted only ASCII let

set_unusable_password() Marks the user as having no password set. This isn’t the same as having a blank string for a password. check_password() for this user will never return True. Doesn’t save the User object. You may need this if authentication for your application takes place against an existing external source such as an LDAP directory.

class models.UserManager The User model has a custom manager that has the following helper methods (in addition to the methods provided by BaseUserManager): create_user(username, email=None, password=None, **extra_fields) Creates, saves and returns a User. The username and password are set as given. The domain portion of email is automatically converted to lowercase, and the returned User object will have is_active set to True. If no password is provided, set_unusable_password() will be c

user_permissions Many-to-many relationship to Permission

create_superuser(username, email, password, **extra_fields) Same as create_user(), but sets is_staff and is_superuser to True.

set_password(raw_password) Sets the user’s password to the given raw string, taking care of the password hashing. Doesn’t save the User object. When the raw_password is None, the password will be set to an unusable password, as if set_unusable_password() were used.

is_superuser Boolean. Designates that this user has all permissions without explicitly assigning them.

password Required. A hash of, and metadata about, the password. (Django doesn’t store the raw password.) Raw passwords can be arbitrarily long and can contain any character. See the password documentation.

is_authenticated Read-only attribute which is always True (as opposed to AnonymousUser.is_authenticated which is always False). This is a way to tell if the user has been authenticated. This does not imply any permissions and doesn’t check if the user is active or has a valid session. Even though normally you will check this attribute on request.user to find out whether it has been populated by the AuthenticationMiddleware (representing the currently logged-in user), you should know this att

last_name Optional. 30 characters or fewer.