Fixed #19077, #19079 -- Made USERNAME_FIELD a required field, and modified UserAdmin to match.

django/contrib/admin/templates/admin/base.html

@@ -26,7 +26,7 @@
         {% if user.is_active and user.is_staff %}
         <div id="user-tools">
             {% trans 'Welcome,' %}
-            <strong>{% filter force_escape %}{% firstof user.get_short_name user.username %}{% endfilter %}</strong>.
+            <strong>{% filter force_escape %}{% firstof user.get_short_name user.get_username %}{% endfilter %}</strong>.
             {% block userlinks %}
                 {% url 'django-admindocs-docroot' as docsroot %}
                 {% if docsroot %}

django/contrib/admin/templates/admin/object_history.html

@@ -29,7 +29,7 @@
         {% for action in action_list %}
         <tr>
             <th scope="row">{{ action.action_time|date:"DATETIME_FORMAT" }}</th>
-            <td>{{ action.user.username }}{% if action.user.get_full_name %} ({{ action.user.get_full_name }}){% endif %}</td>
+            <td>{{ action.user.get_username }}{% if action.user.get_full_name %} ({{ action.user.get_full_name }}){% endif %}</td>
             <td>{{ action.change_message }}</td>
         </tr>
         {% endfor %}

django/contrib/admin/templates/registration/password_reset_email.html

@@ -5,7 +5,7 @@
 {% block reset_link %}
 {{ protocol }}://{{ domain }}{% url 'django.contrib.auth.views.password_reset_confirm' uidb36=uid token=token %}
 {% endblock %}
-{% trans "Your username, in case you've forgotten:" %} {{ user.username }}
+{% trans "Your username, in case you've forgotten:" %} {{ user.get_username }}
 
 {% trans "Thanks for using our site!" %}
 

django/contrib/auth/admin.py

@@ -11,14 +11,13 @@ from django.shortcuts import get_object_or_404
 from django.template.response import TemplateResponse
 from django.utils.html import escape
 from django.utils.decorators import method_decorator
-from django.utils.safestring import mark_safe
-from django.utils import six
 from django.utils.translation import ugettext, ugettext_lazy as _
 from django.views.decorators.csrf import csrf_protect
 from django.views.decorators.debug import sensitive_post_parameters
 
 csrf_protect_m = method_decorator(csrf_protect)
 
+
 class GroupAdmin(admin.ModelAdmin):
     search_fields = ('name',)
     ordering = ('name',)
@@ -106,9 +105,10 @@ class UserAdmin(admin.ModelAdmin):
             raise PermissionDenied
         if extra_context is None:
             extra_context = {}
+        username_field = self.model._meta.get_field(self.model.USERNAME_FIELD)
         defaults = {
             'auto_populated_fields': (),
-            'username_help_text': self.model._meta.get_field('username').help_text,
+            'username_help_text': username_field.help_text,
         }
         extra_context.update(defaults)
         return super(UserAdmin, self).add_view(request, form_url,
@@ -171,4 +171,3 @@ class UserAdmin(admin.ModelAdmin):
 
 admin.site.register(Group, GroupAdmin)
 admin.site.register(User, UserAdmin)
-

django/contrib/auth/backends.py

@@ -105,7 +105,7 @@ class RemoteUserBackend(ModelBackend):
         # built-in safeguards for multiple threads.
         if self.create_unknown_user:
             user, created = UserModel.objects.get_or_create(**{
-                getattr(UserModel, 'USERNAME_FIELD', 'username'): username
+                UserModel.USERNAME_FIELD: username
             })
             if created:
                 user = self.configure_user(user)

django/contrib/auth/forms.py

@@ -52,6 +52,9 @@ class ReadOnlyPasswordHashField(forms.Field):
         kwargs.setdefault("required", False)
         super(ReadOnlyPasswordHashField, self).__init__(*args, **kwargs)
 
+    def clean_password(self):
+        return self.initial
+
 
 class UserCreationForm(forms.ModelForm):
     """
@@ -118,9 +121,6 @@ class UserChangeForm(forms.ModelForm):
                     "this user's password, but you can change the password "
                     "using <a href=\"password/\">this form</a>."))
 
-    def clean_password(self):
-        return self.initial["password"]
-
     class Meta:
         model = User
 
@@ -160,7 +160,7 @@ class AuthenticationForm(forms.Form):
 
         # Set the label for the "username" field.
         UserModel = get_user_model()
-        username_field = UserModel._meta.get_field(getattr(UserModel, 'USERNAME_FIELD', 'username'))
+        username_field = UserModel._meta.get_field(UserModel.USERNAME_FIELD)
         self.fields['username'].label = capfirst(username_field.verbose_name)
 
     def clean(self):

django/contrib/auth/management/commands/changepassword.py

@@ -34,7 +34,7 @@ class Command(BaseCommand):
 
         try:
             u = UserModel.objects.using(options.get('database')).get(**{
-                    getattr(UserModel, 'USERNAME_FIELD', 'username'): username
+                    UserModel.USERNAME_FIELD: username
                 })
         except UserModel.DoesNotExist:
             raise CommandError("user '%s' does not exist" % username)

django/contrib/auth/management/commands/createsuperuser.py

@@ -42,7 +42,7 @@ class Command(BaseCommand):
 
         UserModel = get_user_model()
 
-        username_field = UserModel._meta.get_field(getattr(UserModel, 'USERNAME_FIELD', 'username'))
+        username_field = UserModel._meta.get_field(UserModel.USERNAME_FIELD)
         other_fields = UserModel.REQUIRED_FIELDS
 
         # If not provided, create the user with an unusable password
@@ -74,7 +74,7 @@ class Command(BaseCommand):
 
                 # Get a username
                 while username is None:
-                    username_field = UserModel._meta.get_field(getattr(UserModel, 'USERNAME_FIELD', 'username'))
+                    username_field = UserModel._meta.get_field(UserModel.USERNAME_FIELD)
                     if not username:
                         input_msg = capfirst(username_field.verbose_name)
                         if default_username:
@@ -91,7 +91,7 @@ class Command(BaseCommand):
                         continue
                     try:
                         UserModel.objects.using(database).get(**{
-                                getattr(UserModel, 'USERNAME_FIELD', 'username'): username
+                                UserModel.USERNAME_FIELD: username
                             })
                     except UserModel.DoesNotExist:
                         pass

django/contrib/auth/middleware.py

@@ -55,7 +55,7 @@ class RemoteUserMiddleware(object):
         # getting passed in the headers, then the correct user is already
         # persisted in the session and we don't need to continue.
         if request.user.is_authenticated():
-            if request.user.username == self.clean_username(username, request):
+            if request.user.get_username() == self.clean_username(username, request):
                 return
         # We are seeing this user for the first time in this session, attempt
         # to authenticate the user.
@@ -75,6 +75,6 @@ class RemoteUserMiddleware(object):
         backend = auth.load_backend(backend_str)
         try:
             username = backend.clean_username(username)
-        except AttributeError: # Backend has no clean_username method.
+        except AttributeError:  # Backend has no clean_username method.
             pass
         return username

django/contrib/auth/models.py

@@ -165,7 +165,7 @@ class BaseUserManager(models.Manager):
         return get_random_string(length, allowed_chars)
 
     def get_by_natural_key(self, username):
-        return self.get(**{getattr(self.model, 'USERNAME_FIELD', 'username'): username})
+        return self.get(**{self.model.USERNAME_FIELD: username})
 
 
 class UserManager(BaseUserManager):
@@ -227,6 +227,7 @@ def _user_has_module_perms(user, app_label):
     return False
 
 
+@python_2_unicode_compatible
 class AbstractBaseUser(models.Model):
     password = models.CharField(_('password'), max_length=128)
     last_login = models.DateTimeField(_('last login'), default=timezone.now)
@@ -236,6 +237,16 @@ class AbstractBaseUser(models.Model):
     class Meta:
         abstract = True
 
+    def get_username(self):
+        "Return the identifying username for this User"
+        return getattr(self, self.USERNAME_FIELD)
+
+    def __str__(self):
+        return self.get_username()
+
+    def natural_key(self):
+        return (self.get_username(),)
+
     def is_anonymous(self):
         """
         Always returns False. This is a way of comparing User objects to
@@ -277,7 +288,6 @@ class AbstractBaseUser(models.Model):
         raise NotImplementedError()
 
 
-@python_2_unicode_compatible
 class AbstractUser(AbstractBaseUser):
     """
     An abstract base class implementing a fully featured User model with
@@ -314,6 +324,7 @@ class AbstractUser(AbstractBaseUser):
 
     objects = UserManager()
 
+    USERNAME_FIELD = 'username'
     REQUIRED_FIELDS = ['email']
 
     class Meta:
@@ -321,12 +332,6 @@ class AbstractUser(AbstractBaseUser):
         verbose_name_plural = _('users')
         abstract = True
 
-    def __str__(self):
-        return self.username
-
-    def natural_key(self):
-        return (self.username,)
-
     def get_absolute_url(self):
         return "/users/%s/" % urlquote(self.username)
 

django/contrib/comments/admin.py

@@ -1,11 +1,22 @@
 from __future__ import unicode_literals
 
 from django.contrib import admin
+from django.contrib.auth import get_user_model
 from django.contrib.comments.models import Comment
 from django.utils.translation import ugettext_lazy as _, ungettext
 from django.contrib.comments import get_model
 from django.contrib.comments.views.moderation import perform_flag, perform_approve, perform_delete
 
+
+class UsernameSearch(object):
+    """The User object may not be auth.User, so we need to provide
+    a mechanism for issuing the equivalent of a .filter(user__username=...)
+    search in CommentAdmin.
+    """
+    def __str__(self):
+        return 'user__%s' % get_user_model().USERNAME_FIELD
+
+
 class CommentsAdmin(admin.ModelAdmin):
     fieldsets = (
         (None,
@@ -24,7 +35,7 @@ class CommentsAdmin(admin.ModelAdmin):
     date_hierarchy = 'submit_date'
     ordering = ('-submit_date',)
     raw_id_fields = ('user',)
-    search_fields = ('comment', 'user__username', 'user_name', 'user_email', 'user_url', 'ip_address')
+    search_fields = ('comment', UsernameSearch(), 'user_name', 'user_email', 'user_url', 'ip_address')
     actions = ["flag_comments", "approve_comments", "remove_comments"]
 
     def get_actions(self, request):

django/contrib/comments/models.py

@@ -19,14 +19,14 @@ class BaseCommentAbstractModel(models.Model):
     """
 
     # Content-object field
-    content_type   = models.ForeignKey(ContentType,
+    content_type = models.ForeignKey(ContentType,
             verbose_name=_('content type'),
             related_name="content_type_set_for_%(class)s")
-    object_pk      = models.TextField(_('object ID'))
+    object_pk = models.TextField(_('object ID'))
     content_object = generic.GenericForeignKey(ct_field="content_type", fk_field="object_pk")
 
     # Metadata about the comment
-    site        = models.ForeignKey(Site)
+    site = models.ForeignKey(Site)
 
     class Meta:
         abstract = True
@@ -50,21 +50,21 @@ class Comment(BaseCommentAbstractModel):
     # Who posted this comment? If ``user`` is set then it was an authenticated
     # user; otherwise at least user_name should have been set and the comment
     # was posted by a non-authenticated user.
-    user        = models.ForeignKey(settings.AUTH_USER_MODEL, verbose_name=_('user'),
+    user = models.ForeignKey(settings.AUTH_USER_MODEL, verbose_name=_('user'),
                     blank=True, null=True, related_name="%(class)s_comments")
-    user_name   = models.CharField(_("user's name"), max_length=50, blank=True)
-    user_email  = models.EmailField(_("user's email address"), blank=True)
-    user_url    = models.URLField(_("user's URL"), blank=True)
+    user_name = models.CharField(_("user's name"), max_length=50, blank=True)
+    user_email = models.EmailField(_("user's email address"), blank=True)
+    user_url = models.URLField(_("user's URL"), blank=True)
 
     comment = models.TextField(_('comment'), max_length=COMMENT_MAX_LENGTH)
 
     # Metadata about the comment
     submit_date = models.DateTimeField(_('date/time submitted'), default=None)
-    ip_address  = models.IPAddressField(_('IP address'), blank=True, null=True)
-    is_public   = models.BooleanField(_('is public'), default=True,
+    ip_address = models.IPAddressField(_('IP address'), blank=True, null=True)
+    is_public = models.BooleanField(_('is public'), default=True,
                     help_text=_('Uncheck this box to make the comment effectively ' \
                                 'disappear from the site.'))
-    is_removed  = models.BooleanField(_('is removed'), default=False,
+    is_removed = models.BooleanField(_('is removed'), default=False,
                     help_text=_('Check this box if the comment is inappropriate. ' \
                                 'A "This comment has been removed" message will ' \
                                 'be displayed instead.'))
@@ -96,9 +96,9 @@ class Comment(BaseCommentAbstractModel):
         """
         if not hasattr(self, "_userinfo"):
             userinfo = {
-                "name"  : self.user_name,
-                "email" : self.user_email,
-                "url"   : self.user_url
+                "name": self.user_name,
+                "email": self.user_email,
+                "url": self.user_url
             }
             if self.user_id:
                 u = self.user
@@ -111,7 +111,7 @@ class Comment(BaseCommentAbstractModel):
                 if u.get_full_name():
                     userinfo["name"] = self.user.get_full_name()
                 elif not self.user_name:
-                    userinfo["name"] = u.username
+                    userinfo["name"] = u.get_username()
             self._userinfo = userinfo
         return self._userinfo
     userinfo = property(_get_userinfo, doc=_get_userinfo.__doc__)
@@ -174,9 +174,9 @@ class CommentFlag(models.Model):
     design users are only allowed to flag a comment with a given flag once;
     if you want rating look elsewhere.
     """
-    user      = models.ForeignKey(settings.AUTH_USER_MODEL, verbose_name=_('user'), related_name="comment_flags")
-    comment   = models.ForeignKey(Comment, verbose_name=_('comment'), related_name="flags")
-    flag      = models.CharField(_('flag'), max_length=30, db_index=True)
+    user = models.ForeignKey(settings.AUTH_USER_MODEL, verbose_name=_('user'), related_name="comment_flags")
+    comment = models.ForeignKey(Comment, verbose_name=_('comment'), related_name="flags")
+    flag = models.CharField(_('flag'), max_length=30, db_index=True)
     flag_date = models.DateTimeField(_('date'), default=None)
 
     # Constants for flag types
@@ -192,7 +192,7 @@ class CommentFlag(models.Model):
 
     def __str__(self):
         return "%s flag of comment ID %s by %s" % \
-            (self.flag, self.comment_id, self.user.username)
+            (self.flag, self.comment_id, self.user.get_username())
 
     def save(self, *args, **kwargs):
         if self.flag_date is None:

django/contrib/comments/views/comments.py

@@ -15,7 +15,6 @@ from django.views.decorators.csrf import csrf_protect
 from django.views.decorators.http import require_POST
 
 
-
 class CommentPostBadRequest(http.HttpResponseBadRequest):
     """
     Response returned when a comment post is invalid. If ``DEBUG`` is on a
@@ -27,6 +26,7 @@ class CommentPostBadRequest(http.HttpResponseBadRequest):
         if settings.DEBUG:
             self.content = render_to_string("comments/400-debug.html", {"why": why})
 
+
 @csrf_protect
 @require_POST
 def post_comment(request, next=None, using=None):
@@ -40,7 +40,7 @@ def post_comment(request, next=None, using=None):
     data = request.POST.copy()
     if request.user.is_authenticated():
         if not data.get('name', ''):
-            data["name"] = request.user.get_full_name() or request.user.username
+            data["name"] = request.user.get_full_name() or request.user.get_username()
         if not data.get('email', ''):
             data["email"] = request.user.email
 
@@ -98,8 +98,8 @@ def post_comment(request, next=None, using=None):
         ]
         return render_to_response(
             template_list, {
-                "comment" : form.data.get("comment", ""),
-                "form" : form,
+                "comment": form.data.get("comment", ""),
+                "form": form,
                 "next": next,
             },
             RequestContext(request, {})
@@ -113,9 +113,9 @@ def post_comment(request, next=None, using=None):
 
     # Signal that the comment is about to be saved
     responses = signals.comment_will_be_posted.send(
-        sender  = comment.__class__,
-        comment = comment,
-        request = request
+        sender=comment.__class__,
+        comment=comment,
+        request=request
     )
 
     for (receiver, response) in responses:
@@ -126,15 +126,14 @@ def post_comment(request, next=None, using=None):
     # Save the comment and signal that it was saved
     comment.save()
     signals.comment_was_posted.send(
-        sender  = comment.__class__,
-        comment = comment,
-        request = request
+        sender=comment.__class__,
+        comment=comment,
+        request=request
     )
 
     return next_redirect(data, next, comment_done, c=comment._get_pk_val())
 
 comment_done = confirmation_view(
-    template = "comments/posted.html",
-    doc = """Display a "comment was posted" success page."""
+    template="comments/posted.html",
+    doc="""Display a "comment was posted" success page."""
 )
-