How to do multiple users models authentication in django using jwt tokens?
I need a way to authenticate both models of my system with jwt tokens. One of the models is the User model, django built-in, and another is the a Ong model, which has a one-to-one relationship with User.
My first approach is a endpoint which verify if the user passed has a ONG linked to it, if yes, return True, otherwise, return False, but im not sure if its secure or something "good" to do. I tried this way because i have no idea of how do this using JWT tokens for both models.
My ong model:
class ONG(models.Model):
user = models.OneToOneField(User, on_delete=models.CASCADE)
ong_name = models.CharField(max_length=40)
custom_url = models.CharField(max_length=20, default=str(ong_name).replace(' ', ''), blank=True)
ong_address = models.CharField(max_length=200, validators=[validate_address])
ong_cnpj = models.CharField(blank=True, validators=[validate_cnpj])
ong_phone_number = models.CharField(max_length=12)
ong_email = models.CharField(validators=[EmailValidator])
class Meta:
permissions = [("pet_creation", "can create pets")]
def __str__(self):
return f'ONG: {self.ong_name}'
serializers.py
class UserSerializer(serializers.ModelSerializer):
class Meta:
model = User
fields = ["id", "username", "password"]
extra_kwargs = {"password": {"write_only": True}}
def create(self, validated_data):
user = User.objects.create_user(**validated_data)
return user
class ONGSerializer(serializers.ModelSerializer):
user = UserSerializer(many=False)
class Meta:
model = ONG
fields = ['user', 'ong_name', 'custom_url', 'ong_address', 'ong_cnpj', 'ong_phone_number', 'ong_email']
def create(self, validated_data):
user_data = validated_data.pop('user')
user = User.objects.create_user(username=user_data['username'], password=user_data['password'])
ong = ONG.objects.create(user=user, ong_name = validated_data['ong_name'], custom_url = validated_data['custom_url'],
ong_address = validated_data['ong_address'], ong_cnpj = validated_data['ong_cnpj'],
ong_phone_number = validated_data['ong_phone_number'], ong_email=validated_data['ong_email'])
ong.save()
return ong
views.py
class CreateUserView(generics.CreateAPIView):
queryset = User.objects.all()
serializer_class = UserSerializer
permission_classes = [AllowAny]
class ONGRegister(generics.CreateAPIView):
queryset = ONG.objects.all()
serializer_class = ONGSerializer
permission_classes = [AllowAny]
class UserIsOng(APIView):
def get(self, request):
username = self.request.data['username']
user_id = User.objects.filter(username=username)[0].id
user_exists = ONG.objects.filter(user_id=user_id).exists()
return Response(
data={'message': user_exists}
)
urls.py
from django.contrib import admin
from django.urls import include, path
from ongs.views import *
from rest_framework_simplejwt.views import TokenObtainPairView, TokenRefreshView
urlpatterns = [
path("ongs/", include("ongs.urls")),
path("admin/", admin.site.urls),
path("api/user/register/", CreateUserView.as_view(), name="register"),
path("api/token/", TokenObtainPairView.as_view(), name="get_token"),
path("api/token/refresh", TokenRefreshView.as_view(), name="refresh"),
path("api-auth/", include("rest_framework.urls"))]
ongs/urls.py
from django.urls import path, include
from . import views
urlpatterns = [
path("register/", views.ONGRegister.as_view(), name="ong-create"),
path("user", views.UserIsOng.as_view(), name="user-verification"),
]