pub trait UserModel:
Model
+ Send
+ Sync
+ 'static {
// Required methods
fn id(&self) -> <Self as Model>::PrimaryKey;
fn username(&self) -> &str;
fn password_hash(&self) -> &str;
fn set_password_hash(&mut self, hash: String);
// Provided methods
fn id_string(&self) -> String { ... }
fn is_active(&self) -> bool { ... }
fn is_staff(&self) -> bool { ... }
fn is_superuser(&self) -> bool { ... }
}Expand description
The minimum surface a user model must expose so AuthPlugin<U> can
operate on it generically.
All four required methods map directly to columns that auth ACTUALLY
reads or writes. Optional flag methods (is_active, is_staff,
is_superuser) have default impls that return the safe defaults so a
minimal custom user struct doesn’t have to repeat them.
AuthUser implements this trait unchanged, so existing code that
calls the auth helpers directly keeps working.
§Required methods
| Method | Column | Used by |
|---|---|---|
id() | id | set_password WHERE clause; session storage |
username() | username | authenticate SELECT, createsuperuser output |
password_hash() | password_hash | authenticate verify step |
set_password_hash() | password_hash | set_password in-place update |
§Default methods
| Method | Default | Used by |
|---|---|---|
id_string() | self.id().to_string() | Identity::user_id, session row |
is_active() | true | authenticate active-user gate |
is_staff() | false | admin require_staff check |
is_superuser() | false | permission gates |
§Polymorphic primary key
id() returns the model’s typed primary key via the existing
Model::PrimaryKey associated type — the framework no longer
hardcodes i64. A custom user model keyed by uuid::Uuid
works as-is:
#[derive(Debug, Clone, sqlx::FromRow, Serialize, Deserialize,
umbral::orm::Model)]
pub struct UuidUser {
pub id: uuid::Uuid,
pub username: String,
pub password_hash: String,
pub is_active: bool,
pub is_staff: bool,
}
impl umbral_auth::UserModel for UuidUser {
fn id(&self) -> uuid::Uuid { self.id }
fn username(&self) -> &str { &self.username }
fn password_hash(&self) -> &str { &self.password_hash }
fn set_password_hash(&mut self, h: String) { self.password_hash = h; }
fn is_active(&self) -> bool { self.is_active }
fn is_staff(&self) -> bool { self.is_staff }
}The session-row text column, [Identity::user_id], and the
permissions plugin all speak strings (via id_string()); the
ORM-side WHERE clauses use the typed PK directly (via the
PrimaryKey: Into<sea_query::Value> bound). Nothing in the
framework parses id() back to i64.
Required Methods§
Sourcefn id(&self) -> <Self as Model>::PrimaryKey
fn id(&self) -> <Self as Model>::PrimaryKey
The row’s typed primary key. set_password uses this in the
UPDATE WHERE clause; bearer-token / session backends use it
to filter on auth_user::ID.eq(user.id()) style predicates.
The return type is <Self as Model>::PrimaryKey, which the
#[derive(Model)] macro derives from the id field’s type
(i64, uuid::Uuid, String, etc.). All PrimaryKey
types implement Display, so id_string
can stringify without an explicit per-impl override.
Sourcefn username(&self) -> &str
fn username(&self) -> &str
The unique login handle. Matched against the username column in
authenticate’s SELECT query.
Sourcefn password_hash(&self) -> &str
fn password_hash(&self) -> &str
The argon2 PHC-encoded password hash stored in the DB column.
authenticate reads this, verifies it, and moves on.
Sourcefn set_password_hash(&mut self, hash: String)
fn set_password_hash(&mut self, hash: String)
Replace the in-memory password hash. Called by set_password
after writing the new hash to the database, so the caller’s
&mut U reflects the update without a re-fetch.
Provided Methods§
Sourcefn id_string(&self) -> String
fn id_string(&self) -> String
The PK as a string. Used by umbral_sessions (which stores
user_id as text) and by the REST identity contract’s
Identity::user_id (which is
uniform across user models).
Default uses the typed PK’s Display impl — override only
when the stringification needs to differ from Display
(e.g. a base64-encoded ULID).
Sourcefn is_active(&self) -> bool
fn is_active(&self) -> bool
Whether this account is active. authenticate rejects inactive
users with InvalidCredentials (same error as wrong password -
no account enumeration). Default: true.
Sourcefn is_staff(&self) -> bool
fn is_staff(&self) -> bool
Whether this account has staff-level access to the admin
interface. Default: false.
Sourcefn is_superuser(&self) -> bool
fn is_superuser(&self) -> bool
Whether this account has superuser rights. Default: false.
Dyn Compatibility§
This trait is not dyn compatible.
In older versions of Rust, dyn compatibility was called "object safety".