I was creating Login functionality for my Python Django backend, “create user” functionality was working fine before. But then after Login was entirely coded, the create-user stopped working.
My urls.py file:
from django.urls import path from .views import TestView, UserView, UserLoginView from rest_framework_jwt.views import refresh_jwt_token, verify_jwt_token urlpatterns = [ path('test', TestView.as_view()), path('create-user/', UserView.as_view()), path('get-user', UserLoginView.as_view()), path('login-user/', UserLoginView.as_view()), ]
My views.py file:
from rest_framework.views import APIView from rest_framework.response import Response from .serializers import UserSerializer from django.contrib.auth.models import User from django.contrib.auth import authenticate class TestView(APIView): def get(self, request, format=None): print("API called") return Response("You did it!", status=200) class UserView(APIView): def post(self, request, format=None): print("Creating User") user_data = request.data print(request.data) user_serializer = UserSerializer(data=user_data) if user_serializer.is_valid(raise_exception=False): user_serializer.save() return Response({'user': user_serializer.data}, status=200) return Response({'msg': "error: no user created"}, status=400) class UserLoginView(APIView): # convert user token to user data def get(self, request, format=None): if request.user.is_authenticated == False or request.user.is_active == False: return Response('Invalid credentials', status=403) user = UserSerializer(request.user) print(user.data) return Response("Testing", status=200) def post(self, request, format=None): print("Login class") # Looking for user's email or username user_obj = User.objects.filter(email=request.data['email']).first( ) or User.objects.filter(username=request.data['username']).first() # if user is valid, returns user data in credentials if user_obj is not None: credentials = { 'username': user_obj.username, 'password': request.data['password'] } user = authenticate(**credentials) # if user is valid and active, logs user in if user and user.is_active: user_serializer = UserSerializer(user) return Response("Login successful", user_serializer.data, status=200) return Response("Invalid credentials", status=403)
My serializers.py file:
from rest_framework import serializers from django.contrib.auth.models import User from rest_framework.validators import UniqueValidator from rest_framework_jwt.settings import api_settings class UserSerializer(serializers.ModelSerializer): token = serializers.SerializerMethodField() email = serializers.EmailField( required=True, validators=[UniqueValidator(queryset=User.objects.all())] ) username = serializers.CharField( required=True, max_length=32, validators=[UniqueValidator(queryset=User.objects.all())] ) first_name = serializers.CharField( required=True, max_length=32 ) last_name = serializers.CharField( required=True, max_length=32 ) password = serializers.CharField( required=True, min_length=8, write_only=True ) def create(self, validated_data): password = validated_data.pop('password', None) instance = self.Meta.model(**validated_data) if password is not None: instance.set_password(password) instance.save() return instance def get_token(self, obj): jwt_payload_handler = api_settings.JWT_PAYLOAD_HANDLER jwt_encode_handler = api_settings.JWT_ENCODE_HANDLER payload = jwt_payload_handler(obj) token = jwt_encode_handler(payload) return token class Meta: model = User fields = ( 'token', 'username', 'password', 'first_name', 'last_name', 'email', 'id' )
My project’s settings.py file:
""" Django settings for AIOHA_backend project. Generated by 'django-admin startproject' using Django 4.0.3. For more information on this file, see https://docs.djangoproject.com/en/4.0/topics/settings/ For the full list of settings and their values, see https://docs.djangoproject.com/en/4.0/ref/settings/ """ from pathlib import Path import datetime # Build paths inside the project like this: BASE_DIR / 'subdir'. BASE_DIR = Path(__file__).resolve().parent.parent # Quick-start development settings - unsuitable for production # See https://docs.djangoproject.com/en/4.0/howto/deployment/checklist/ # SECURITY WARNING: keep the secret key used in production secret! SECRET_KEY = 'django-insecure-8dz4fx@zy9&parzic^-v5%*r^w^fncmjtd2my1b)(c-e0bgs8^' # SECURITY WARNING: don't run with debug turned on in production! DEBUG = True ALLOWED_HOSTS = ['localhost'] # Application definition INSTALLED_APPS = [ 'django.contrib.admin', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', 'rest_framework', 'corsheaders', 'userAPI', ] MIDDLEWARE = [ 'django.middleware.security.SecurityMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', 'corsheaders.middleware.CorsMiddleware', ] ROOT_URLCONF = 'AIOHA_backend.urls' TEMPLATES = [ { 'BACKEND': 'django.template.backends.django.DjangoTemplates', 'DIRS': [], 'APP_DIRS': True, 'OPTIONS': { 'context_processors': [ 'django.template.context_processors.debug', 'django.template.context_processors.request', 'django.contrib.auth.context_processors.auth', 'django.contrib.messages.context_processors.messages', ], }, }, ] WSGI_APPLICATION = 'AIOHA_backend.wsgi.application' # Database # https://docs.djangoproject.com/en/4.0/ref/settings/#databases DATABASES = { 'default': { 'ENGINE': 'django.db.backends.sqlite3', 'NAME': BASE_DIR / 'db.sqlite3', } } # Password validation # https://docs.djangoproject.com/en/4.0/ref/settings/#auth-password-validators AUTH_PASSWORD_VALIDATORS = [ { 'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator', }, { 'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator', }, { 'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator', }, { 'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator', }, ] # Internationalization # https://docs.djangoproject.com/en/4.0/topics/i18n/ LANGUAGE_CODE = 'en-us' TIME_ZONE = 'UTC' USE_I18N = True USE_TZ = True # Static files (CSS, JavaScript, Images) # https://docs.djangoproject.com/en/4.0/howto/static-files/ STATIC_URL = 'static/' # Default primary key field type # https://docs.djangoproject.com/en/4.0/ref/settings/#default-auto-field DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField' REST_FRAMEWORK = { 'DEFAULT_PERMISSION_CLASSES': ( 'rest_framework.permissions.AllowAny', 'rest_framework.permissions.IsAuthenticated', ), 'DEFAULT_AUTHENTICATION_CLASSES': ( 'rest_framework.authentication.SessionAuthentication', 'rest_framework.authentication.BasicAuthentication', 'rest_framework_simplejwt.authentication.JWTAuthentication', 'rest_framework_jwt.authentication.JSONWebTokenAuthentication', ), } JWT_AUTH = { # how long the original token is valid for 'JWT_EXPIRATION_DELTA': datetime.timedelta(days=3), # allow refreshing of tokens 'JWT_ALLOW_REFRESH': True, }
Postman Request:
I get the same for when I tried to log in an existing user, after which I tried creating a new one, thinking I had forgotten the password.
Command Line looks like this:
What am I missing or doing wrong? Please guide!
Advertisement
Answer
You need to add permission_classes
in UserView
. It should contain AllowAny
so that the api without authentication is allowed.
from rest_framework.permissions import AllowAny class UserView(APIView): permission_classes = [AllowAny] def post(self, request, format=None): ...