UserManager¶
The UserManager class is the core logic of FastAPI Users. We provide the BaseUserManager class which you should extend to set some parameters and define logic, for example when a user just registered or forgot its password.
It's designed to be easily extensible and customizable so that you can integrate less generic logic.
Create your UserManager class¶
You should define your own version of the UserManager class to set various parameters.
from typing import Optional
from fastapi import Depends, Request
from fastapi_users import BaseUserManager
from .db import get_user_db
from .models import UserCreate, UserDB
SECRET = "SECRET"
class UserManager(BaseUserManager[UserCreate, UserDB]):
user_db_model = UserDB
reset_password_token_secret = SECRET
verification_token_secret = SECRET
async def on_after_register(self, user: UserDB, request: Optional[Request] = None):
print(f"User {user.id} has registered.")
async def on_after_forgot_password(
self, user: UserDB, token: str, request: Optional[Request] = None
):
print(f"User {user.id} has forgot their password. Reset token: {token}")
async def on_after_request_verify(
self, user: UserDB, token: str, request: Optional[Request] = None
):
print(f"Verification requested for user {user.id}. Verification token: {token}")
async def get_user_manager(user_db=Depends(get_user_db)):
yield UserManager(user_db)
As you can see, you have to define here various attributes and methods. You can find the complete list of those below.
Create get_user_manager dependency¶
The UserManager class will be injected at runtime using a FastAPI dependency. This way, you can run it in a database session or swap it with a mock during testing.
from typing import Optional
from fastapi import Depends, Request
from fastapi_users import BaseUserManager
from .db import get_user_db
from .models import UserCreate, UserDB
SECRET = "SECRET"
class UserManager(BaseUserManager[UserCreate, UserDB]):
user_db_model = UserDB
reset_password_token_secret = SECRET
verification_token_secret = SECRET
async def on_after_register(self, user: UserDB, request: Optional[Request] = None):
print(f"User {user.id} has registered.")
async def on_after_forgot_password(
self, user: UserDB, token: str, request: Optional[Request] = None
):
print(f"User {user.id} has forgot their password. Reset token: {token}")
async def on_after_request_verify(
self, user: UserDB, token: str, request: Optional[Request] = None
):
print(f"Verification requested for user {user.id}. Verification token: {token}")
async def get_user_manager(user_db=Depends(get_user_db)):
yield UserManager(user_db)
Notice that we use the get_user_db dependency we defined earlier to inject the database instance.
Customize attributes and methods¶
Attributes¶
user_db_model: Pydantic model of a DB representation of a user.reset_password_token_secret: Secret to encode reset password token. Use a strong passphrase and keep it secure.reset_password_token_lifetime_seconds: Lifetime of reset password token. Defaults to 3600.reset_password_token_audience: JWT audience of reset password token. Defaults tofastapi-users:reset.verification_token_secret: Secret to encode verification token. Use a strong passphrase and keep it secure.verification_token_lifetime_seconds: Lifetime of verification token. Defaults to 3600.verification_token_audience: JWT audience of verification token. Defaults tofastapi-users:verify.
Methods¶
validate_password¶
Validate a password.
Arguments
password(str): the password to validate.user(Union[UserCreate, User]): user model which we are currently validating the password. Useful if you want to check that the password doesn't contain the name or the birthdate of the user for example.
Output
This function should return None if the password is valid or raise InvalidPasswordException if not. This exception expects an argument reason telling why the password is invalid. It'll be part of the error response.
Example
from fastapi_users import BaseUserManager, InvalidPasswordException
class UserManager(BaseUserManager[UserCreate, UserDB]):
# ...
async def validate_password(
self,
password: str,
user: Union[UserCreate, UserDB],
) -> None:
if len(password) < 8:
raise InvalidPasswordException(
reason="Password should be at least 8 characters"
)
if user.email in password:
raise InvalidPasswordException(
reason="Password should not contain e-mail"
)
on_after_register¶
Perform logic after successful user registration.
Typically, you'll want to send a welcome e-mail or add it to your marketing analytics pipeline.
Arguments
user(UserDB): the registered user.request(Optional[Request]): optional FastAPI request object that triggered the operation. Defaults to None.
Example
from fastapi_users import BaseUserManager
class UserManager(BaseUserManager[UserCreate, UserDB]):
# ...
async def on_after_register(self, user: UserDB, request: Optional[Request] = None):
print(f"User {user.id} has registered.")
on_after_update¶
Perform logic after successful user update.
It may be useful, for example, if you wish to update your user in a data analytics or customer success platform.
Arguments
user(UserDB): the updated user.update_dict(Dict[str, Any]): dictionary with the updated user fields.request(Optional[Request]): optional FastAPI request object that triggered the operation. Defaults to None.
Example
from fastapi_users import BaseUserManager
class UserManager(BaseUserManager[UserCreate, UserDB]):
# ...
async def on_after_update(
self,
user: UserDB,
update_dict: Dict[str, Any],
request: Optional[Request] = None,
):
print(f"User {user.id} has been updated with {update_dict}.")
on_after_request_verify¶
Perform logic after successful verification request.
Typically, you'll want to send an e-mail with the link (and the token) that allows the user to verify their e-mail.
Arguments
user(UserDB): the user to verify.token(str): the verification token.request(Optional[Request]): optional FastAPI request object that triggered the operation. Defaults to None.
Example
from fastapi_users import BaseUserManager
class UserManager(BaseUserManager[UserCreate, UserDB]):
# ...
async def on_after_request_verify(
self, user: UserDB, token: str, request: Optional[Request] = None
):
print(f"Verification requested for user {user.id}. Verification token: {token}")
on_after_verify¶
Perform logic after successful user verification.
This may be useful if you wish to send another e-mail or store this information in a data analytics or customer success platform.
Arguments
user(UserDB): the verified user.request(Optional[Request]): optional FastAPI request object that triggered the operation. Defaults to None.
Example
from fastapi_users import BaseUserManager
class UserManager(BaseUserManager[UserCreate, UserDB]):
# ...
async def on_after_verify(
self, user: UserDB, request: Optional[Request] = None
):
print(f"User {user.id} has been verified")
on_after_forgot_password¶
Perform logic after successful forgot password request.
Typically, you'll want to send an e-mail with the link (and the token) that allows the user to reset their password.
Arguments
user(UserDB): the user that forgot its password.token(str): the forgot password tokenrequest(Optional[Request]): optional FastAPI request object that triggered the operation. Defaults to None.
Example
from fastapi_users import BaseUserManager
class UserManager(BaseUserManager[UserCreate, UserDB]):
# ...
async def on_after_forgot_password(
self, user: UserDB, token: str, request: Optional[Request] = None
):
print(f"User {user.id} has forgot their password. Reset token: {token}")
on_after_reset_password¶
Perform logic after successful password reset.
For example, you may want to send an e-mail to the concerned user to warn him that their password has been changed and that they should take action if they think they have been hacked.
Arguments
user(UserDB): the user that reset its password.request(Optional[Request]): optional FastAPI request object that triggered the operation. Defaults to None.
Example