How to do multiple users models authentication in django using jwt tokens?

I need a way to authenticate both models of my system with jwt tokens. One of the models is the User model, django built-in, and another is the a Ong model, which has a one-to-one relationship with User.

My first approach is a endpoint which verify if the user passed has a ONG linked to it, if yes, return True, otherwise, return False, but im not sure if its secure or something "good" to do. I tried this way because i have no idea of how do this using JWT tokens for both models.

My ong model:

class ONG(models.Model):
    user = models.OneToOneField(User, on_delete=models.CASCADE)
    ong_name = models.CharField(max_length=40)
    custom_url = models.CharField(max_length=20, default=str(ong_name).replace(' ', ''), blank=True)
    ong_address = models.CharField(max_length=200, validators=[validate_address])
    ong_cnpj = models.CharField(blank=True, validators=[validate_cnpj])
    ong_phone_number = models.CharField(max_length=12)
    ong_email = models.CharField(validators=[EmailValidator])
    class Meta:
        permissions = [("pet_creation", "can create pets")]
    def __str__(self):
        return f'ONG: {self.ong_name}'

serializers.py

class UserSerializer(serializers.ModelSerializer):
    class Meta:
        model = User
        fields = ["id", "username", "password"]
        extra_kwargs = {"password": {"write_only": True}}

    def create(self, validated_data):
        user = User.objects.create_user(**validated_data)
        return user

class ONGSerializer(serializers.ModelSerializer):
    user = UserSerializer(many=False)
    class Meta:
        model = ONG
        fields = ['user', 'ong_name', 'custom_url', 'ong_address', 'ong_cnpj', 'ong_phone_number', 'ong_email']
    def create(self, validated_data):
        user_data = validated_data.pop('user')
        user = User.objects.create_user(username=user_data['username'], password=user_data['password'])
        ong = ONG.objects.create(user=user, ong_name = validated_data['ong_name'], custom_url = validated_data['custom_url'],
                                 ong_address = validated_data['ong_address'], ong_cnpj = validated_data['ong_cnpj'],
                                 ong_phone_number = validated_data['ong_phone_number'], ong_email=validated_data['ong_email'])
        ong.save()
        return ong

views.py


class CreateUserView(generics.CreateAPIView):
    queryset = User.objects.all()
    serializer_class = UserSerializer
    permission_classes = [AllowAny]


class ONGRegister(generics.CreateAPIView):
    queryset = ONG.objects.all()
    serializer_class = ONGSerializer
    permission_classes = [AllowAny]

class UserIsOng(APIView):
    def get(self, request):
        username = self.request.data['username']
        user_id = User.objects.filter(username=username)[0].id
        user_exists = ONG.objects.filter(user_id=user_id).exists()
        return Response(
            data={'message': user_exists}
        )

urls.py

from django.contrib import admin
from django.urls import include, path
from ongs.views import *
from rest_framework_simplejwt.views import TokenObtainPairView, TokenRefreshView


urlpatterns = [
    path("ongs/", include("ongs.urls")),
    path("admin/", admin.site.urls),
    path("api/user/register/", CreateUserView.as_view(), name="register"),
    path("api/token/", TokenObtainPairView.as_view(), name="get_token"),
    path("api/token/refresh", TokenRefreshView.as_view(), name="refresh"),
    path("api-auth/", include("rest_framework.urls"))]

ongs/urls.py

from django.urls import path, include
from . import views

urlpatterns = [
    path("register/", views.ONGRegister.as_view(), name="ong-create"),
    path("user", views.UserIsOng.as_view(), name="user-verification"),
]
Back to Top