diff --git a/backend/apps/accounts/models.py b/backend/apps/accounts/models.py index c451775..1a45202 100644 --- a/backend/apps/accounts/models.py +++ b/backend/apps/accounts/models.py @@ -29,7 +29,7 @@ class UserManager(BaseUserManager): user.save(using=self._db) return user - def create_superuser(self, email, password=None, **extra_fields): + def create_superuser(self, phone_number, password=None, **extra_fields): extra_fields.setdefault("is_staff", True) extra_fields.setdefault("is_superuser", True) extra_fields.setdefault("role", UserRole.ADMIN) @@ -37,7 +37,7 @@ class UserManager(BaseUserManager): raise ValueError("Superuser must have is_staff=True") if extra_fields.get("is_superuser") is not True: raise ValueError("Superuser must have is_superuser=True") - return self.create_user(email, password, **extra_fields) + return self.create_user(phone_number=phone_number, password=password, **extra_fields) class User(AbstractBaseUser, PermissionsMixin): @@ -59,7 +59,8 @@ class User(AbstractBaseUser, PermissionsMixin): objects = UserManager() - USERNAME_FIELD = "email" + USERNAME_FIELD = "phone_number" + REQUIRED_FIELDS = [] # email is optional; phone_number is the identifier def __str__(self): return self.email or self.phone_number or str(self.id) diff --git a/docs/risks.md b/docs/risks.md index 69fe7eb..c56cd40 100644 --- a/docs/risks.md +++ b/docs/risks.md @@ -7,7 +7,7 @@ This file tracks known gaps and risks to address in future iterations. - OTP protections are basic; add device fingerprinting and IP throttling if needed. - Authentica OTP provider is implemented (SMS + WhatsApp via Authentica OTP); Unifonic remains a scaffold. - Social login is a placeholder. -- `USERNAME_FIELD = "email"` while `email` is nullable — concrete impact: Django admin user list shows blank for most customers (phone-only users); `create_superuser` requires email by default; DRF Simple JWT uses email as the lookup field. Fix: change `USERNAME_FIELD` to `"phone_number"` and update `UserManager.create_superuser` accordingly. +- `USERNAME_FIELD` is now `"phone_number"`; `REQUIRED_FIELDS = []`; `create_superuser` accepts `phone_number`. Admin and `createsuperuser` work correctly for phone-only users. ## Booking Integrity - Availability checks and overlap prevention are now enforced for staff bookings.