Investigate continued use of authtools

[weslord]

As @staydecent pointed out in comments on #31:

I wonder if we should even use authtools? Looking at the issue log for the library, there are some concerning issues around permissions, skipping django built-ins, and several delays in keeping up with django releases.

I believe we are only using authtools for email-as-username. Will investigate and confirm:

• If we are using any other features of authtools,
• If there's a better way to accomplish this goal in the current versions of Django

[staydecent]

In my own side projects this is what I do:

from django.contrib.auth.models import (
    AbstractBaseUser,
    BaseUserManager,
    PermissionsMixin
)

class UserManager(BaseUserManager):
    use_in_migrations = True

    def _create_user(self, email, password, **extra_fields):
        """
        Create and save a user with the given email, and password.
        """
        if not email:
            raise ValueError('The given email must be set')
        email = self.normalize_email(email)
        user = self.model(email=email, **extra_fields)
        user.set_password(password)
        user.save(using=self._db)
        return user

    def create_user(self, email, password=None, **extra_fields):
        extra_fields.setdefault('is_staff', False)
        extra_fields.setdefault('is_superuser', False)
        return self._create_user(email, password, **extra_fields)

    def create_superuser(self, email, password, **extra_fields):
        extra_fields.setdefault('is_staff', True)
        extra_fields.setdefault('is_superuser', True)

        if extra_fields.get('is_staff') is not True:
            raise ValueError('Superuser must have is_staff=True.')
        if extra_fields.get('is_superuser') is not True:
            raise ValueError('Superuser must have is_superuser=True.')

        return self._create_user(email, password, **extra_fields)

class User(AbstractBaseUser, PermissionsMixin):
    """
    Override default User to use email with no username field.
    """
    email = models.EmailField(_('email address'), unique=True)
    name = models.CharField(_('name'), max_length=30, blank=True)
    date_joined = models.DateTimeField(_('date joined'), default=timezone.now)
    is_staff = models.BooleanField(
        _('staff status'),
        default=False,
        help_text=_('Designates whether the user can log into this admin site.'),
    )
    is_admin = models.BooleanField(default=False)
    is_active = models.BooleanField(
        _('active'),
        default=True,
        help_text=_(
            'Designates whether this user should be treated as active. '
            'Unselect this instead of deleting accounts.'
        ),
    )

    objects = UserManager()

    EMAIL_FIELD = 'email'
    USERNAME_FIELD = 'email'

[adriaanwm]

This is copied straight from authtools https://github.com/inputlogic/moonroof-api/blob/master/apps/user/libs/abstract_email_user.py

[adriaanwm]

I think that's all we really need, other than maybe admin stuff @weslord

[adriaanwm]

That's an example of putting it in a lib 😉

[staydecent]

Here's the Django docs reference as well; which is what my example code above was based on: https://docs.djangoproject.com/en/3.0/topics/auth/customizing/#a-full-example