We Keep Coding

how to add more attributes to what an api returns

I am trying to write an API using django rest framework in which, you give a username and a password and in return you get an AuthToken or in other words you login. now I want this API to also return some fields like the email of the user along with the AuthToken. so if the authentication was successful, the get an authToken and the user's email. Can anyone help me on how I could be able to do this by adding or changing a bit of my code?
These are my models:
class UserManager(BaseUserManager):
def createUser(self, email, password=None, **extra_fields):
if not email:
raise ValueError('Email Not Found!!!')
user = self.model(email=self.normalize_email(email), **extra_fields)
user.set_password(password)
user.save(using=self._db)
return user
def createSuperUser(self, email, password):
user = self.createUser(email, password)
user.isAdmin = True
user.isSuperUser = True
user.save(using=self._db)
return user
class User(AbstractBaseUser, PermissionsMixin):
username = models.CharField(max_length=100, unique=True, validators=[RegexValidator(regex="^(?=[a-z0-9._]{5,20}$)(?!.*[_.]{2})[^_.].*[^_.]$")])
email= models.EmailField(max_length=100, unique=True, validators=[EmailValidator()])
name = models.CharField(max_length=100)
isSuspended = models.BooleanField(default=False)
isAdmin = models.BooleanField(default=False)
emailActivation = models.BooleanField(default=False)
balance = models.IntegerField(default=0)
objects = UserManager()
USERNAME_FIELD = 'username'
These are my serializers:
class UserSerializer(serializers.ModelSerializer):
class Meta:
model = get_user_model()
fields = ('username','email', 'password', 'name')
extra_kwargs = {'password': {'write_only': True, 'min_length': 8}}
def create(self, validated_data):
return get_user_model().objects.createUser(**validated_data)
def update(self, instance, validated_data):
password = validated_data.pop('password', None)
user = super().update(instance, validated_data)
if password:
user.set_password(password)
user.save()
return user
class AuthTokenSerializer(serializers.Serializer):
username = serializers.CharField()
password = serializers.CharField(trim_whitespace=False)
def validate(self, attrs):
username = attrs.get('username')
password = attrs.get('password')
user = authenticate(
request=self.context.get('request'),
username= username,
password= password
)
if not user:
msg = 'Authentication Failed.'
raise serializers.ValidationError(msg, code='authentication')
attrs['user'] = user
return attrs
And finally, these are my views:
class CreateUserView(generics.CreateAPIView):
serializer_class = UserSerializer
class CreateTokenView(ObtainAuthToken):
serializer_class = AuthTokenSerializer
renderer_classes = api_settings.DEFAULT_RENDERER_CLASSES
class ManageUserView(generics.RetrieveAPIView):
serializer_class = UserSerializer
authentication_classes = (authentication.TokenAuthentication,)
permission_classes = (permissions.IsAuthenticated,)
def get_object(self):
return self.request.user

create a new serializer inside serializer.py
from rest_framework.authtoken.models import Token as DefaultTokenModel
class TokenSerializer(serializers.ModelSerializer):
user = UserSerializer()
class Meta:
model = DefaultTokenModel
fields = ('key', 'user',)
add this function in views.py
def get_token_response(user):
serializer_class = TokenSerializer
token, _ = DefaultTokenModel.objects.get_or_create(user=user)
serializer = serializer_class(instance=token)
return Response(serializer.data, status=status.HTTP_200_OK)
now override post method of CreateTokenView
def post(self, request, *args, **kwargs):
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
user = serializer.validated_data['user']
return get_token_response(user)

For what i understand you just want to return the toekn and the email of the user right? I used this class based view to login users using token authentication.
from rest_framework.authtoken.views import ObtainAuthToken
class UserLoginView(ObtainAuthToken):
def post(self, request, **kwargs):
serializer = self.serializer_class(data=request.data,
context={
'request':request
})
serializer.is_valid(raise_exception=True)
user = serializer.validated_data['user']
token, created = Token.objects.get_or_create(user=user)
return Response(
{
'token':token.key,
'email':user.email,
}
)

How to upload image in user profile model while has one to one relationship with user model in django rest framework?

I have a UserProfile model which has one to one relationship with User model.
I am facing problem in uploading image by rest-framework API endpoint to nested model.
Problem is: Though I am explicitly using #action() decorator, then also it is calling inbuilt create() method for saving image by POST.
Then I have explicitly mentioned which method to call in urls.py. Now it shows errors.
There are errors in the implementation in serializer.py and views.py.
So if possible then please correct my mistakes and direct me in the correct direction. Its more than two days but still I am struck.
In models.py:
def user_image_upload_file_path(instance, filename):
"""Generates file path for uploading user images"""
extension = filename.split('.')[-1]
file_name = f'{uuid.uuid4()}.{extension}'
date = datetime.date.today()
initial_path = f'pictures/uploads/user/{date.year}/{date.month}/{date.day}/'
full_path = os.path.join(initial_path, file_name)
return full_path
class UserManager(BaseUserManager):
def create_user(self, email, password, username, **extra_kwargs):
"""Creates and saves a new user"""
if not email:
raise ValueError(_('Email cannot be empty'))
user = self.model(email=self.normalize_email(email), **extra_kwargs)
user.set_password(password)
user.save(using=self._db)
return user
def create_superuser(self, email, password, username, **extra_kwargs):
"""Creates and saves a new user with superuser permission"""
user = self.create_user(
email, password, username, **extra_kwargs)
user.is_staff = True
user.is_superuser = True
user.save(using=self._db)
return user
class User(AbstractBaseUser, PermissionsMixin):
"""Creates user model that supports using email as username"""
email = models.EmailField(_('Email'), max_length=255, unique=True)
created_date = models.DateTimeField(
_('Created Date'), default=timezone.now, editable=False)
objects = UserManager()
USERNAME_FIELD = 'email'
def __str__(self):
"""String representation of user model"""
return self.email
class UserProfile(models.Model, Languages):
"""Creates user profile model"""
user = models.OneToOneField(
'User',
related_name='profile',
on_delete=models.CASCADE
)
first_name = models.CharField(
_('First Name'), max_length=255, blank=True)
last_name = models.CharField(
_('Last Name'), max_length=255, blank=True)
image = models.ImageField(
_('Image'),
upload_to=user_image_upload_file_path,
null=True,
blank=True,
max_length=1024
)
#receiver(post_save, sender=User)
def user_is_created(sender, instance, created, **kwargs):
if created:
UserProfile.objects.create(user=instance)
else:
instance.profile.save()
In serializer.py:
class UserSerializer(serializers.ModelSerializer):
"""Minimal serializer for supporting user image upload field"""
class Meta:
model = get_user_model()
fields = ('username', )
class UserImageUploadSerializer(serializers.ModelSerializer):
"""Serializer for user profile"""
user = UserSerializer(read_only=True)
class Meta:
model = UserProfile
fields = ('id', 'user', 'image', )
read_only_fields = ('id', 'user', )
In views.py:
class UserImageUploadView(viewsets.ModelViewSet):
serializer_class = serializer.UserImageUploadSerializer
authentication_classes = [authentication.TokenAuthentication, ]
permission_classes = [permissions.IsAuthenticated, ]
queryset = get_user_model().objects.all()
def get_queryset(self):
"""Return object for only authenticated user"""
return self.queryset.filter(id=self.request.user)
#action(detail=True, methods=['POST'], url_path='user-upload-image')
def image_upload(self, pk=None):
"""Save the uploaded picture and profile data"""
user = self.get_object()
profile = user.profile
data = {'user': user, 'id': profile.pk, 'data': request.data}
serializer_ = serializer.UserImageUploadSerializer(data=data)
if serializer_.is_valid():
serializer_.save()
return Response(serializer_.data, status=status.HTTP_200_OK)
else:
return Response(serializer_.errors, status=status.HTTP_400_BAD_REQUEST)
In urls.py:
urlpatterns = [
path('<int:pk>/upload-image/', views.UserImageUploadView.as_view(
{'get': 'list', 'post': 'image_upload', }), name='user-image-upload')
]

To achieve this task I have manually created the image saving feature using APIView.
Please update if any efficient code exists
In my urls.py file:
urlpatterns = [
path('upload-image/', views.UserImageUploadView.as_view(), name='user-image-upload'),
]
In views.py:
from rest_framework.parsers import FormParser, MultiPartParser, JSONParser
from rest_framework.views import APIView
from . import serializer
from core import models
class UserImageUploadView(APIView):
"""View to upload or view image for user"""
serializer_class = serializer.TempSerializer
authentication_classes = [authentication.TokenAuthentication, ]
permission_classes = [permissions.IsAuthenticated, ]
parser_classes = [JSONParser, MultiPartParser]
def get(self, request, format=None):
"""To get user profile picture"""
user = get_user_model().objects.get(email=request.user)
user_profile = models.UserProfile.objects.get(user=user)
# Preparing the data manually as per our serializer
data = {'user': {'username': user.username},
'image': user_profile.image or None}
# Serializing our prepared data
ser = serializer.TempSerializer(
user_profile, data=data, context={"request": request})
# Returning appropriate response
if ser.is_valid():
return_ser_data = {'id': ser.data.get('id'),
'image': ser.data.get('image')}
return Response(return_ser_data, status=status.HTTP_200_OK)
else:
return Response(ser.errors, status=status.HTTP_400_BAD_REQUEST)
def post(self, request, format=None):
"""To save the profile picture"""
user = get_user_model().objects.get(email=request.user)
user_profile = models.UserProfile.objects.get(user=user)
# Formatting the data to as per our defined serializer
data = {'user': {'username': user.username},
'image': request.data.get('image')}
# Serializing our data
ser = serializer.TempSerializer(
user_profile, data=data, context={"request": request})
if ser.is_valid():
if ser.validated_data:
# Deleting the old image before uploading new image
if user_profile.image:
user_profile.image.delete()
# Saving the model
ser.save(user=user)
return_ser_data = {'id': ser.data.get('id'),
'image': ser.data.get('image')}
return Response(return_ser_data, status=status.HTTP_200_OK)
else:
return Response(ser.errors, status=status.HTTP_400_BAD_REQUEST)
In serializer.py:
class UserSerializer(serializers.ModelSerializer):
"""Minimal serializer for supporting user image upload field"""
class Meta:
model = get_user_model()
fields = ('username', )
class TempSerializer(serializers.ModelSerializer):
"""Serializer for user image upload"""
user = UserSerializer(read_only=True)
image = serializers.ImageField(allow_null=True, use_url=True)
class Meta:
model = UserProfile
fields = ('id', 'user', 'image')
read_only_fields = ('id', 'user')

How to use 2 models within a serializer in Django REST API?

I just started using the Django Rest Framework recently and was wondering how to use 2 models within a single serializer. I have a custom model named 'Profile' and am also using a default Django model 'User'. With these two tables, I planned to use nested representations. Finally, in order to test the RegisterAPI, I wanted to create data using the POSTMAN tool but currently, it's not working as expected.
This is what I had done so far:
models.py:
class Profile(models.Model):
user = models.OneToOneField(User, on_delete = models.CASCADE)
company = models.CharField(max_length=100, blank=True, null=True)
address = models.TextField()
views.py:
class RegisterAPI(APIView):
permission_classes = [AllowAny]
def post(self, request, format=None):
serializer = UserSerializer(data=request.data)
if serializer.is_valid():
serializer.save()
content = {
'result': 'Thanks for registering!'
}
return Response(content, status=status.HTTP_201_CREATED)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
serializers.py:
from rest_framework import serializers
from myapp.models import Profile
from django.contrib.auth.models import User
class ProfileSerializer(serializers.ModelSerializer):
class Meta:
model = Profile
fields = ['company', 'address']
class UserSerializer(serializers.ModelSerializer):
profile = ProfileSerializer(many = True)
class Meta:
model = User
fields = ['username', 'email', 'password', 'profile']
def create(self, validated_data):
profile_data = validated_data.pop('profile')
password = validated_data.pop('password', None)
# instance = self.Meta.model(**validated_data)
user = User.objects.create(**validated_data)
if password is not None:
user.set_password(password)
user.save()
Profile.objects.create(user = user, **profile_data)
return user
Within POSTMAN, I am not able to set the fields 'company' and 'address' for the Profile serializer. How can I do this?

None model related field as SlugRelatedField to Serializer

I've added a view to create a new user, this takes a username, password, email and a slug field to link to a permission.
{
"username" : "TestUsername",
"email" : "TestUsername#outlook.com",
"password" : "Password01",
"group" : "partial-permission"
}
The view for this request is;
class CreateUserSerializer(serializers.ModelSerializer):
group = serializers.SlugRelatedField(queryset=CompanyGroup.objects.all(), slug_field='slug_field')
class Meta:
model = User
fields = ['company', 'email', 'username', 'password', 'token', 'group']
read_only_fields = ['token']
write_only_fields = ('password',)
def create(self, validated_data):
return User.objects.create_user(**validated_data)
I'm trying to use the SlugRelatedField to link automatically to the Group passed in the slug field and pass this onto my create_user method in my model.
class UserManager(BaseUserManager):
def get_queryset(self):
return UserQuerySet(self.model, using=self._db).active_and_not_deleted()
def create_user(self, username, email, password, group=None, company=None):
user = self.model(username=username, email=self.normalize_email(email), company=company)
user.set_password(password)
return user
When doing this I'm getting the exception:
AttributeError at /users/
Got AttributeError when attempting to get a value for field `group` on serializer `CreateUserSerializer`.
The serializer field might be named incorrectly and not match any attribute or key on the `User` instance.
Original exception text was: 'User' object has no attribute 'group'.
I understand that this exception explains exactly what my problem is, but I'm trying to avoid having it on the User object and manually looking up the Group from the objects.
Edit:
Models as request;
class User(AbstractUser):
# Date the User was created
created_at = models.DateTimeField(auto_now_add=True)
# Date the User info was last updated
updated_at = models.DateTimeField(auto_now=True)
# Date the User last logged into the app
last_active = models.DateTimeField(auto_now=True)
# The company which this user is associated with.
company = models.ForeignKey(Company, on_delete=models.CASCADE, null=True)
# Indicates whether this user has been deleted or not
is_deleted = models.BooleanField(default=False)
USERNAME_FIELD = 'username'
REQUIRED_FIELDS = ['email']
objects = UserManager()
def __str__(self):
return self.username
#property
def token(self):
return self._generate_jwt_token()
def _generate_jwt_token(self):
dt = datetime.now() + timedelta(days=60)
token = jwt.encode({
'id': self.pk,
'exp': int(dt.strftime('%s'))
}, settings.SECRET_KEY, algorithm='HS256')
return token.decode('utf-8')
And group;
class CompanyGroup(Group):
slug_field = models.SlugField()
objects = GroupManager()
def __str__(self):
return self.name

I think there needs to have a ManyToMany Relation between User and GroupCompany(as far as I understood from comments). Because as per documentation:
SlugRelatedField may be used to represent the target of the relationship using a field on the target.
So, you can add it like this:
class User(AbstractUser):
# rest of the fields
group = models.ManyToManyField(GroupCompany)
Need to make sure, slug_field is unique in GroupCompany:
slug_field = models.SlugField(unique=True)
Also, you need to change the create_user model manager method as well:
def create_user(self, username, email, password, company=None):
user = self.model(username=username, email=self.normalize_email(email), company=company)
user.set_password(password)
user.save()
return user
And update the serializer as well:
class CreateUserSerializer(serializers.ModelSerializer):
group = serializers.SlugRelatedField(queryset=CompanyGroup.objects.all(), slug_field='slug_field', many=True) # added many True
def create(self, validated_data):
group = validated_data.pop('group')
user = User.objects.create_user(**validated_data)
user.group.add(group)
return user
Update
class CreateUserSerializer(serializers.ModelSerializer):
company_group = serializers.CharField(write_only=True) # added many True
def create(self, validated_data):
group = validated_data.pop('company_group')
user = User.objects.create_user(**validated_data)
group, _ = CompanyGroup.objects.create(slug_field=company_group)
user.group.add(group)
return user

How to prevent JWT Django (all-auth) from changing token when its username is updated?

I'm using all-auth / django-rest-auth for Authorization. When the User changes his/her username, Django (Django REST Framework) changes user's token and this makes user log-out from app; I set the app to logout if its user's token is invalid.
What I want to do is that even if user changes username, email, or any field in User, it keeps token.
Here is settings.py
REST_USE_JWT = True
AUTHENTICATION_BACKENDS = (
# Needed to login by username in Django admin, regardless of `allauth`
'django.contrib.auth.backends.ModelBackend',
# `allauth` specific authentication methods, such as login by e-mail
'allauth.account.auth_backends.AuthenticationBackend',
# Facebook OAuth2
'social_core.backends.facebook.FacebookAppOAuth2',
'social_core.backends.facebook.FacebookOAuth2',
# django-rest-framework-social-oauth2
'rest_framework_social_oauth2.backends.DjangoOAuth2',
)
JWT_AUTH = {
'JWT_EXPIRATION_DELTA': datetime.timedelta(days=30),
}
...
Thanks!

Suggestion:
1) Make username as some hash object (uuid) and create new field called username_custom,
(change your login and register views)
2) Prepare your mode as:
USERNAME_FIELD = 'username' so it is default username in Django
3) Never update default field username and your token will never change.
Example
1) Use package for user model : https://github.com/jcugat/django-custom-user
2) Model example
Model
class UserModel(AbstractEmailUser):
first_name = models.CharField(max_length=255)
last_name = models.CharField(max_length=255)
username = models.CharField(max_length=255, db_index=True, unique=True)
email = models.EmailField(unique=False, db_index=True)
username_custom = models.CharField(max_length=255, db_index=True, unique=True)
USERNAME_FIELD = 'username'
def save(self, force_insert=False, force_update=False, using=None, update_fields=None):
self.first_name = self.first_name.capitalize()
self.last_name = self.last_name.capitalize()
self.full_name = '{} {}'.format(self.first_name.capitalize(), self.last_name.capitalize())
super(UserModel, self).save(force_insert, force_update)
def clean(self):
if UserModel.objects.filter(email=self.email, username_custom=self.username_custom).exists():
raise ValidationError('User already exists!')
You can see there is new field username_custom.
Now rest api create user.
class UserRegister(APIView):
permission_classes = (AllowAny,)
authentication_classes = ()
def post(self, request):
data = request.data
# or you can check username_custom
if UserModel.objects.filter(email=data['email']).exists():
return Response(data={'success': False, 'msg': 'User with email already exists.'},
status=status.HTTP_403_FORBIDDEN)
data['username'] = '%s' % uuid.uuid4()
serializer = UserRegisterSerializer(data=data)
if serializer.is_valid(raise_exception=True):
serializer.save()
token_data = UserModel.objects.get(email=serializer.data['email'])
payload = jwt_payload_handler(token_data)
token = jwt_encode_handler(payload)
return Response(data={'success': True, 'user': serializer.data,
'token': token_prefix + token}, status=status.HTTP_201_CREATED)
return Response(data={'success': False, 'msg': serializer.errors},
status=status.HTTP_400_BAD_REQUEST)
Serializer
class UserRegisterSerializer(serializers.ModelSerializer):
username = serializers.UUIDField()
class Meta:
model = UserModel
fields = ('password', 'email', 'user_type', 'username', 'first_name', 'last_name', 'username_custom',)
def create(self, validated_data):
user = UserModel.objects.create_user(**validated_data)
return user
You must preprare UPDATE method to check unique email field so you dont get 2 email in your DB, or username_custom whatever you want to be authorization.
Login API
class UserLoginView(APIView):
permission_classes = (AllowAny,)
def get(self, request, email, password):
# or you can check username_custom
if not UserModel.objects.filter(email=email.lower()).exists():
return Response(data={'success': False, 'msg': 'Email or password wrong!'},
status=status.HTTP_404_NOT_FOUND)
qv = UserModel.objects.get(email=email.lower())
user = authenticate(username=qv.username, password=password)
if user:
if user.is_active:
token_data = UserModel.objects.get(id=user.id)
payload = jwt_payload_handler(token_data)
token = jwt_encode_handler(payload)
return Response(data={'success': True,
'token': token_prefix + token}, status=status.HTTP_200_OK)
return Response(data={'success': False, 'msg': 'Email or password wrong!'},
status=status.HTTP_400_BAD_REQUEST)