[Fixed]-User manager methods create() and create_user()

19👍

That’s exactly why the user model has a custom manager with a UserManager.create_user() method for creating users. There are two problems with using the QuerySet.create() method on User instances:

  1. If you run the management command python manage.py sql, pay attention to the auth_user schema:

    CREATE TABLE "auth_user" (
        ...
        "password" varchar(128) NOT NULL,
        ...
    )
    

    In SQL, an empty string, '', does not equate to NULL, i.e. ISNULL('') != TRUE.

  2. QuerySet.create() and QuerySet.update() do not trigger model validation. Model validation only happens when ModelForm instances call the Model.full_clean() instance method.

    Raising a validation error in the context of working with the QuerySet API directly simply makes no sense in Django. That’s why you can do something like User.objects.create(username='foo', password='') even though CharField().validate(value='', None) would raise a ValidationError for a blank string.

For the reasons above, you should defer from using User.objects.create() and rely on the supplied User.objects.create_user() method from the model’s custom manager.

1👍

Look at django’s source User model, there’s a custom manager, snippet:

class UserManager(models.Manager):
    # ...   
    def create_user(self, username, email=None, password=None):
        """
        Creates and saves a User with the given username, email and password.
        """
        now = timezone.now()
        if not username:
            raise ValueError('The given username must be set')
        email = UserManager.normalize_email(email)
        user = self.model(username=username, email=email,
                          is_staff=False, is_active=True, is_superuser=False,
                          last_login=now, date_joined=now)

        user.set_password(password)
        user.save(using=self._db)
        return user

Leave a comment