I am using Django Rest Auth plugin for registration and login in Django Rest Framework. I want to check OTP (unique key) while user registration.
We are sending OTP based on Mobile number to users. Django checks OTP after registration. I want to set those condition before registration.
If conditions are true then registration should be done.
class SignupForm(forms.Form):
otp_no = forms.CharField(label='OptNo', required=True)
def signup(self, request, user):
try:
otpobj = Otp.objects.get(pk=self.cleaned_data['otp_no'])
if otpobj.phone_number == self.cleaned_data['phone_number']:
user_number = UserNumber(user=user, phone_number=self.cleaned_data['phone_number'])
user_number.save()
else:
raise forms.ValidationError('Number is not valid')
except ObjectDoesNotExist:
raise forms.ValidationError('OTP is not valid')
I have added def create() and def update() method in UserSerializer but still it doesn't work. Please guide me for this solution and thanks in advance.
Related
I have custom token creating and decoding methods. Now everytime I get request I need to decode token to get request user or I get anonymous user. How can I decode it without repeating every time these lines?
auth = get_authorization_header(request).split()
if auth and len(auth) == 2:
token = auth[1].decode('utf-8')
id = decode_access_token(token)
You can create a middleware, where you decode the token and pass the info about the user to the class/function view
class SimpleMiddleware:
def __init__(self, get_response):
self.get_response = get_response
# One-time configuration and initialization.
def __call__(self, request):
# Code to be executed for each request before
# the view (and later middleware) are called.
auth = get_authorization_header(request).split()
user = None
if auth and len(auth) == 2:
token = auth[1].decode('utf-8')
id = decode_access_token(token)
user = ... # get user
response = self.get_response(request, user)
# Code to be executed for each request/response after
# the view is called.
return response
And in your view
#method_decorator(SimpleMiddleware, name='dispatch')
class SimpleView(View):
def post(self, request, user):
pass
I am using Django sample JWT and I already set up for the login user. let say now I have a login user token. but at the client-side, we still need to show like user name, user image, and email address. How to get this information in the client-side?
I created a new method that will return current login user at backend=>
#get token for login user
#action(detail=False, methods=['get'])
def get_current_user(self,request):
data = {}
data["username"] = request.user.username
.
.
.
return Response({format(data)})
It's the correct way? or Can I serialize request.user and return directly? Is there any serializer for Auth-User? I am stuck there. Thanks.
If you are going for a basic retrieve of the user,you should create a serializer for the user and a generic view which uses that serializer to return the data
I feel very difficult to cover DRF_jwt/DRF_oauth2 but Django GraphQL
JWT seems easy....
Can i use both of them together for my ease
I am new in Rest Framework
You can create a custom authentication backend for DRF that extends rest_framework.authentication.BaseAuthentication and uses graphql_jwt.utils to authenticate the user in DRF the exact same way django-graphql-jwt does it.
This is what I have:
from graphql_jwt.exceptions import JSONWebTokenError
from graphql_jwt.utils import get_payload, get_user_by_payload
from rest_framework.authentication import BaseAuthentication, get_authorization_header
from rest_framework import exceptions
class TokenAuthentication(BaseAuthentication):
keyword = 'JWT'
def authenticate(self, request):
auth = get_authorization_header(request).split()
if not auth or auth[0].lower() != self.keyword.lower().encode():
return None
if len(auth) == 1:
msg = 'Invalid token header. No credentials provided.'
raise exceptions.AuthenticationFailed(msg)
elif len(auth) > 2:
msg = 'Invalid token header. Token string should not contain spaces.'
raise exceptions.AuthenticationFailed(msg)
try:
token = auth[1].decode()
except UnicodeError:
msg = 'Invalid token header. Token string should not contain invalid characters.'
raise exceptions.AuthenticationFailed(msg)
try:
payload = get_payload(token)
user = get_user_by_payload(payload)
except JSONWebTokenError as e:
raise exceptions.AuthenticationFailed(str(e))
if user is None or not user.is_active:
raise exceptions.AuthenticationFailed('User inactive or deleted.')
return (user, None)
def authenticate_header(self, request):
return self.keyword
If you mean using django-graphql-jwt to authentication and using DRF for other user account related actions, like updating, retrieving, deleting, reset password...
You can use django-graphql-auth.
It extends django-graphql-jwt, and provide a full api to handle user account.
If the user accounts are authenticated using jwt authentication,
(backend - Django rest), how can I delete a user account from another account which is an admin account(superuser) ?
You can use django admin panel or create view
class ExampleView(APIView):
permission_classes = (IsAdminUser,)
def delete(self, request, pk=None):
user = get_object_or_404(User.objects, pk=pk)
user.delete()
return Response(status=status.HTTP_200_OK)
Then you have to link it with url containing pk parameter
I am new to django rest framework. I have an api to get corresponding token for each user. The method defined to access token is
class ObtainAuthToken(APIView):
def post(self, request):
user = authenticate(
username=request.data['username'], password=request.data['password'])
if user:
token, created = Token.objects.get_or_create(user=user)
return Response({'token': token.key, 'user': UserSerializer(user).data})
return Response('Invalid username or password', status=status.HTTP_400_BAD_REQUEST)
and in urls.py i have
url(r'^login/$',ObtainAuthToken, name='login')
But while logging in a user, i am getting the response as
{
"detail": "Method \"POST\" not allowed."
}
Where did i went wrong?
First of all - I see that you used the django-rest-auth tag. Are you actually using rest auth? If not - you should definitely consider doing it as it provides a ton of auth functionality out of the box.
As to your question, you forgot to call as_view() on ObtainAuthToken in your url conf. Change it like so and tell me if it works:
url(r'^login/$', ObtainAuthToken.as_view(), name='login')
You have the wrong indentation in your code. The post method needs to be inside the ObtainAuthToken(APIView) class. Right now is defined as a standalone function.