Develop Reference

ObtainAuthToken post function customization. How to get token and name in the response?

I´m trying to get response that include name apart from token.
In the documentation https://www.django-rest-framework.org/api-guide/authentication/ about ObtainAuthToken I see we can overwrite the post fn but I´m not sure how to apply it in my CreateTokenView class.
serializers.py
class AuthTokenSerializer(serializers.Serializer):
"""Serializer for the user authentication object"""
email = serializers.CharField()
password = serializers.CharField(
style={'input_type': 'password'},
trim_whitespace=False
)
def validate(self,attrs):
"""Overwriting the validate() fn"""
email = attrs.get('email')
password = attrs.get('password')
user = authenticate(
request=self.context.get('request'),
username=email,
password=password
)
if not user:
msg = _('Unable to authenticate with provided credentials')
raise serializers.ValidationError(msg, code='authentication')
attrs['user'] = user
return attrs
views.py
from rest_framework.authtoken.views import ObtainAuthToken
class CreateTokenView(ObtainAuthToken):
"""Create a new auth token for user"""
serializer_class = AuthTokenSerializer
renderer_classes = api_settings.DEFAULT_RENDERER_CLASSES

Add the post fn and customize the kwargs
from rest_framework.authtoken.models import Token
from rest_framework.response import Response
class CreateTokenView(ObtainAuthToken):
"""Create a new auth token for user"""
serializer_class = AuthTokenSerializer
renderer_classes = api_settings.DEFAULT_RENDERER_CLASSES
def post(self, request, *args, **kwargs):
serializer = self.serializer_class(data=request.data,
context={'request': request})
serializer.is_valid(raise_exception=True)
user = serializer.validated_data['user']
token, created = Token.objects.get_or_create(user=user)
return Response({
'token': token.key,
'name': user.name
})

I am trying implement authentication using the jwt token using djangorest framework but am getting assertion error

AssertionError: 'LoginView' should either include a serializer_class attribute, or override the get_serializer_class() method
Here is the code
class LoginView(GenericAPIView):
def post(self, request):
data = request.data
username = data.get('username', '')
password = data.get('password', '')
user = auth.authenticate(username=username, password=password)
if user:
auth_token = jwt.encode({'username': user.username}, settings.JWT_SECRET_KEY)
serializer = UserSerializer(user)
data = {'user': serializer.data, 'token': auth_token}
return Response(data, status=status.HTTP_200_OK)
return Response({'detail': 'Invalid credential'}, status=status.HTTP_401_UNAUTHORIZED)

JWT Token authentication - generate token

I have created a login screen which uses a username and password to login. I have a jwt authentication but I'm getting a bit confused because I have two login urls and I want only one. The jwt url is providing me the token meanwhile the other one that I have created myself I can login but no token is getting generated. This is my code:
serializers.py
class UserLoginSerializer(ModelSerializer):
token = CharField(allow_blank=True, read_only=True)
username = CharField(required=False, allow_blank=True)
class Meta:
model = User
fields = [
'username',
'password',
'token',
]
extra_kwargs = {"password":{"write_only": True}}
def validate(self, data):
user = authenticate(**data)
if user:
if user.is_active:
data['user'] = user
return data
raise exceptions.AuthenticationFailed('Account is not activated')
raise exceptions.AuthenticationFailed('User is not active')
def validate(self, data):
user_obj = None
username = data.get("username", None)
password = data["password"]
if not username:
raise ValidationError("A username is required")
user = User.objects.filter(
Q(username=username)
).distinct()
if user.exists() and user.count() == 1:
user_obj = user.first()
else:
raise ValidationError("This username is not valid")
if user_obj:
if not user_obj.check_password(password):
raise ValidationError("Incorrect credentials, please try again")
data["token"] = "SOME RANDOM TOKEN"
return data
views.py
class UserLoginAPIView(APIView):
permission_classes = [AllowAny]
serializer_class = UserLoginSerializer
def post(self, request, *args, **kwargs):
data = request.data
serializer = UserLoginSerializer(data=data)
if serializer.is_valid(raise_exception=True):
new_data = serializer.data
return Response(new_data, status=HTTP_200_OK)
return Response(serializer.errors, status=HTTP_400_BAD_REQUEST)

You can re-write your login serializer like this:
from rest_framework_jwt.serializers import JSONWebTokenSerializer
class SignInJWTSerializer(JSONWebTokenSerializer):
def validate(self, attrs):
email = attrs.get('email')
password = attrs.get('password')
if email is None or password is None:
message = 'Must include email and password'
raise serializers.ValidationError({'message': message})
...
And in url:
from rest_framework_jwt.views import ObtainJSONWebToken
path('login/', ObtainJSONWebToken.as_view(serializer_class=serializers.SignInJWTSerializer), name='login'),
also remove view class

Unable to set cookie using AJAX call on DRF API

I have a Django Rest API that sets the cookie in a response object. When I hit my browsable API, the browser stores the cookie under Application>Cookies. When I try to reproduce the same result using an AJAX call, the cookie isn't stored automatically; although I do get a response object in AJAX call.
My code is as follows
views.py
class UserLogin(generics.GenericAPIView):
serializer_class = serializers.UserLoginSerializer
permission_classes = (
permissions.AllowAny,
)
def finalize_response(self, request, *args, **kwargs):
"""
Set Authorization in cookie.
"""
response_obj = super(UserLogin, self).finalize_response(
request, *args, **kwargs)
if request.POST and response_obj.status_code == 200:
response_obj['Authorization'] = 'Token '\
+ response_obj.data['auth_token']
print 'COOKIE NOT SET'
response_obj.set_cookie(
'Authorization', response_obj['Authorization'])
print 'COOKIE SET'
return response_obj
def post(self, request):
"""
If serializer is valid.
- call action.
"""
serializer = self.get_serializer(
data=request.data)
if serializer.is_valid():
user = serializer.validated_data.get('user')
token, boolean = Token.objects.get_or_create(user=user)
if not boolean:
token.created = datetime.datetime.now()
token.save()
# user.login_attempts = 0
user.save()
data = serializers.TokenSerializer(token).data
return response.Response(
data=data,
status=status.HTTP_200_OK,)
return response.Response(
data=serializer.errors,
status=status.HTTP_400_BAD_REQUEST)
serializers.py
class UserLoginSerializer(serializers.Serializer):
def __init__(self, *args, **kwargs):
super(UserLoginSerializer, self).__init__(*args, **kwargs)
self.user = None
self.fields[User.USERNAME_FIELD] = serializers.CharField()
password = serializers.CharField(
style={'input_type': 'password'})
def validate(self, data):
username = data.get(User.USERNAME_FIELD).lower()
password = data.get('password')
try:
user = User.objects.get(username=username)
except:
raise serializers.ValidationError(
messages.INVALID_CREDENTIALS_ERROR)
data['user'] = user
user_service = UserService()
is_valid = user_service.verify_account(user, password)
if not is_valid:
raise serializers.ValidationError(
messages.INACTIVE_ACCOUNT_ERROR)
return data
class Meta:
fields = (User.USERNAME_FIELD, 'password')
ajax call
$(document).ready(function() {
$('form').submit(function(event) {
var formData = {
'username' : $('input[name=username]').val(),
'password' : $('input[name=password]').val(),
};
// process the form
$.ajax({
type : 'POST',
url : 'http://13.232.122.165/users/login/',
data : formData,
dataType : 'json',
encode : true
})
// using the done promise callback
.done(function(data) {
// log data to the console so we can see
console.log(data);
location.href = "localhost:5000/profile"
// here we will handle errors and validation messages
});
// stop the form from submitting the normal way and refreshing the page
event.preventDefault();
});
});

The cookie is being attached but you can't see it from developer tools unless you're on the request url domain.
Try logging in using ajax and hitting the request url (any end point) on browser, you'll see the cookie.

Django token authorization - customizing obtain_jwt_token by overriding ObtainAuthToken class

My goal is to override obtain_jwt_token in order to get more control over the return value of the procedure, and in the doc I found only a bizarre and sketchy info on how to do this:
Note that the default obtain_auth_token view explicitly uses JSON
requests and responses, rather than using default renderer and parser
classes in your settings. If you need a customized version of the
obtain_auth_token view, you can do so by overriding the
ObtainAuthToken view class, and using that in your url conf instead
As for now, my attempt looks like this:
urlpatterns = [
url(r'^api-token-auth/', my_customized_view),
]
class Foo(ObtainAuthToken):
def post(self):
# here goes my customized code
my_customized_view = Foo.as_view()
The odds are that my code looks quite silly, and I am just lost trying to google it. I have little experience in Djagno, so please help me with this !

I have just been going through the same journey for comprehension as I wished to return the user and also allow email or username login. The documentation is not entirely clear, but as described for auth token, you can do the same for JWT.
obtain_auth_token is to ObtainAuthToken, as obtain_jwt_token is to ObtainJSONWebToken.
This is my overwritten login method:
from rest_framework_jwt.settings import api_settings
from rest_framework_jwt.views import ObtainJSONWebToken
jwt_payload_handler = api_settings.JWT_PAYLOAD_HANDLER
jwt_encode_handler = api_settings.JWT_ENCODE_HANDLER
jwt_decode_handler = api_settings.JWT_DECODE_HANDLER
class LoginView(ObtainJSONWebToken):
def post(self, request, *args, **kwargs):
# by default attempts username / passsword combination
response = super(LoginView, self).post(request, *args, **kwargs)
# token = response.data['token'] # don't use this to prevent errors
# below will return null, but not an error, if not found :)
res = response.data
token = res.get('token')
# token ok, get user
if token:
user = jwt_decode_handler(token) # aleady json - don't serialize
else: # if none, try auth by email
req = request.data # try and find email in request
email = req.get('email')
password = req.get('password')
username = req.get('username')
if email is None or password is None:
return Response({'success': False,
'message': 'Missing or incorrect credentials',
'data': req},
status=status.HTTP_400_BAD_REQUEST)
# email exists in request, try to find user
try:
user = User.objects.get(email=email)
except:
return Response({'success': False,
'message': 'User not found',
'data': req},
status=status.HTTP_404_NOT_FOUND)
if not user.check_password(password):
return Response({'success': False,
'message': 'Incorrect password',
'data': req},
status=status.HTTP_403_FORBIDDEN)
# make token from user found by email
payload = jwt_payload_handler(user)
token = jwt_encode_handler(payload)
user = UserSerializer(user).data
return Response({'success': True,
'message': 'Successfully logged in',
'token': token,
'user': user},
status=status.HTTP_200_OK)
You can change the default to check by email only if you please by customising Django's auth model, but I was happy to have both options.
I started creating an api boilerplate. There is a requirements.txt file and a config.example.py file for anyone who wants to pull it down to view the rest.
https://github.com/garyburgmann/django-api-boilerplate

In views.py, file add the following code and customize as you want.
def jwt_response_payload_handler(token, user=None, request=None):
return {
'token': token,
'user': UserSerializer(user, context={'request': request}).data
}
Default is {'token': token}
Also In your settings.py file add
JWT_AUTH = {
'JWT_RESPONSE_PAYLOAD_HANDLER':
'api.user.views.jwt_response_payload_handler',
}
( 'api.user.views.jwt_response_payload_handler',
) is the path to your custom jwt_response_payload_handler
For more help, you can view here