feat: implement custom user model with JWT authentication and registration endpoints

2026-05-04 08:56:52 +00:00 · 2026-04-09 14:10:52 +05:30
parent 6bf186806b
commit f1c3b3f9f2
14 changed files with 242 additions and 4 deletions
@@ -7,3 +7,5 @@ __pycache__/
 *.pyc
 *.pyo
 *.pyd
 docs/
@@ -11,7 +11,9 @@ https://docs.djangoproject.com/en/6.0/ref/settings/
 """
 import os
 from datetime import timedelta
 from pathlib import Path
 import environ
 # Build paths inside the project like this: BASE_DIR / 'subdir'.
@@ -42,12 +44,13 @@ INSTALLED_APPS = [
    "django.contrib.sessions",
    "django.contrib.messages",
    "django.contrib.staticfiles",
-    "rest_framework", # for API
+    "rest_framework",  # for API
-    "corsheaders", # for API and Frontend connect
+    "corsheaders",  # for API and Frontend connect
    "users",  # custom user app
 ]
 MIDDLEWARE = [
-    "corsheaders.middleware.CorsMiddleware", # allow frontend to connect
+    "corsheaders.middleware.CorsMiddleware",  # allow frontend to connect
    "django.middleware.security.SecurityMiddleware",
    "django.contrib.sessions.middleware.SessionMiddleware",
    "django.middleware.common.CommonMiddleware",
@@ -93,6 +96,22 @@ DATABASES = {
 CORS_ALLOWED_ORIGINS = env.list("CORS_ALLOWED_ORIGINS")
 AUTH_USER_MODEL = "users.User"
 REST_FRAMEWORK = {
    "DEFAULT_AUTHENTICATION_CLASSES": ("rest_framework_simplejwt.authentication.JWTAuthentication",),
    "DEFAULT_PERMISSION_CLASSES": ("rest_framework.permissions.IsAuthenticated",),
 }
 SIMPLE_JWT = {
    "ACCESS_TOKEN_LIFETIME": timedelta(minutes=60),
    "REFRESH_TOKEN_LIFETIME": timedelta(days=1),
    "ROTATE_REFRESH_TOKENS": True,
    "BLACKLIST_AFTER_ROTATION": True,
    "AUTH_HEADER_TYPES": ("Bearer",),
    "AUTH_TOKEN_CLASSES": ("rest_framework_simplejwt.tokens.AccessToken",),
 }
 # Password validation
 # https://docs.djangoproject.com/en/6.0/ref/settings/#auth-password-validators
@@ -16,8 +16,9 @@ Including another URLconf
 """
 from django.contrib import admin
-from django.urls import path
+from django.urls import include, path
 urlpatterns = [
    path("admin/", admin.site.urls),
    path("api/auth/", include("users.urls")),  # user related operations
 ]
@@ -13,3 +13,13 @@ dependencies = [
    "psycopg2-binary>=2.9.11",
    "ruff>=0.15.9",
 ]
 [tool.ruff]
 target-version = "py313"
 line-length = 120
 [tool.ruff.lint]
 select = ["E", "F", "W", "UP", "I"]
 [tool.ruff.lint.per-file-ignores]
 "**/migrations/*" = ["E501"] # boilerplate - ignore
@@ -0,0 +1 @@
 # Register your models here.
@@ -0,0 +1,5 @@
 from django.apps import AppConfig
 class UsersConfig(AppConfig):
    name = "users"
@@ -0,0 +1,94 @@
 # Generated by Django 6.0.4 on 2026-04-09 08:29
 import django.utils.timezone
 from django.db import migrations, models
 class Migration(migrations.Migration):
    initial = True
    dependencies = [
        ("auth", "0012_alter_user_first_name_max_length"),
    ]
    operations = [
        migrations.CreateModel(
            name="User",
            fields=[
                (
                    "id",
                    models.BigAutoField(
                        auto_created=True,
                        primary_key=True,
                        serialize=False,
                        verbose_name="ID",
                    ),
                ),
                ("password", models.CharField(max_length=128, verbose_name="password")),
                (
                    "last_login",
                    models.DateTimeField(blank=True, null=True, verbose_name="last login"),
                ),
                (
                    "is_superuser",
                    models.BooleanField(
                        default=False,
                        help_text="Designates that this user has all permissions without explicitly assigning them.",
                        verbose_name="superuser status",
                    ),
                ),
                (
                    "is_staff",
                    models.BooleanField(
                        default=False,
                        help_text="Designates whether the user can log into this admin site.",
                        verbose_name="staff status",
                    ),
                ),
                (
                    "is_active",
                    models.BooleanField(
                        default=True,
                        help_text="Designates whether this user should be treated as active. Unselect this instead of deleting accounts.",
                        verbose_name="active",
                    ),
                ),
                (
                    "date_joined",
                    models.DateTimeField(default=django.utils.timezone.now, verbose_name="date joined"),
                ),
                ("full_name", models.CharField(max_length=100)),
                (
                    "email",
                    models.EmailField(max_length=254, unique=True, verbose_name="email address"),
                ),
                (
                    "groups",
                    models.ManyToManyField(
                        blank=True,
                        help_text="The groups this user belongs to. A user will get all permissions granted to each of their groups.",
                        related_name="user_set",
                        related_query_name="user",
                        to="auth.group",
                        verbose_name="groups",
                    ),
                ),
                (
                    "user_permissions",
                    models.ManyToManyField(
                        blank=True,
                        help_text="Specific permissions for this user.",
                        related_name="user_set",
                        related_query_name="user",
                        to="auth.permission",
                        verbose_name="user permissions",
                    ),
                ),
            ],
            options={
                "verbose_name": "user",
                "verbose_name_plural": "users",
                "abstract": False,
            },
        ),
    ]
@@ -0,0 +1,50 @@
 from django.contrib.auth.models import AbstractUser, BaseUserManager
 from django.db import models
 from django.utils.translation import gettext_lazy as _
 class CustomUserManager(BaseUserManager):
    """
    General User Model
    """
    def create_user(self, email, password=None, **extra_fields):
        if not email:
            raise ValueError(_("The Email must be set"))
        email = self.normalize_email(email)
        user = self.model(email=email, **extra_fields)
        user.set_password(password)
        user.save()
        return user
    def create_superuser(self, email, password, **extra_fields):
        """
        Admin Model
        """
        extra_fields.update({"is_staff": True, "is_superuser": True, "is_active": True})
        return self.create_user(email, password, **extra_fields)
 class User(AbstractUser):
    """
    Database table structure.
    """
    # Reset default fields
    username = None
    first_name = None
    last_name = None
    full_name = models.CharField(max_length=100)
    email = models.EmailField(_("email address"), unique=True)
    objects = CustomUserManager()
    # Login uses email instead of username
    USERNAME_FIELD = "email"
    REQUIRED_FIELDS = []
    def __str__(self):
        return self.email
@@ -0,0 +1,20 @@
 from django.contrib.auth import get_user_model
 from rest_framework import serializers
 User = get_user_model()
 class UserSerializer(serializers.ModelSerializer):
    password = serializers.CharField(write_only=True)
    class Meta:
        model = User
        fields = ("id", "email", "full_name", "password")
    def create(self, validated_data):
        user = User.objects.create_user(
            email=validated_data["email"],
            password=validated_data["password"],
            full_name=validated_data.get("full_name", ""),
        )
        return user
@@ -0,0 +1 @@
 # Create your tests here.
@@ -0,0 +1,14 @@
 from django.urls import path
 from rest_framework_simplejwt.views import TokenObtainPairView, TokenRefreshView
 from .views import MeView, RegisterView
 urlpatterns = [
    path("register/", RegisterView.as_view(), name="register"),
    # Login and get access and refresh tokens
    path("login/", TokenObtainPairView.as_view(), name="token_obtain_pair"),
    # Get a new access token using a refresh token
    path("refresh/", TokenRefreshView.as_view(), name="token_refresh"),
    # Get current user info
    path("me/", MeView.as_view(), name="me"),
 ]
@@ -0,0 +1,21 @@
 from django.contrib.auth import get_user_model
 from rest_framework import generics, permissions
 from .serializers import UserSerializer
 User = get_user_model()
 class RegisterView(generics.CreateAPIView):
    queryset = User.objects.all()
    permission_classes = (permissions.AllowAny,)
    serializer_class = UserSerializer
 class MeView(generics.RetrieveAPIView):
    serializer_class = UserSerializer
    permission_classes = (permissions.IsAuthenticated,)
    def get_object(self):
        # Returns the user associated with the JWT token in the request
        return self.request.user