Django Rest Framework login failure
I'm trying to make DRF work without custom serializers, views and urls, just using the default ones, but there is an issue with my login. Whenever i create a user on /api/v1/auth/register (this happens successfully) and then try to log in on /api/v1/auth/login, I get this error message:
{
"non_field_errors": [
"Unable to log in with provided credentials."
]
}
The required login credentials are these, although I've setup ACCOUNT_USERNAME_REQUIRED = False:
{
"username": "",
"email": "",
"password": ""
}
On the admin panel I login successfully with the same credentials, a proof they are correct. Even when I set up to use just the email as credentials, I am still required a password. Here is my settings.py:
...
ALLOWED_HOSTS = []
# Application definition
INSTALLED_APPS = [
...
'django.contrib.sites',
'rest_framework',
'rest_framework.authtoken',
'dj_rest_auth',
'rest_framework_simplejwt',
'allauth',
'allauth.account',
'allauth.socialaccount',
'dj_rest_auth.registration',
]
MIDDLEWARE = [
...
"allauth.account.middleware.AccountMiddleware",
]
...
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'dj_rest_auth.jwt_auth.JWTCookieAuthentication',
)
}
SIMPLE_JWT = {
"ACCESS_TOKEN_LIFETIME": timedelta(hours=1),
"REFRESH_TOKEN_LIFETIME": timedelta(days=1),
}
REST_AUTH = {
"USE_JWT": True,
"JWT_AUTH_COOKIE": "_auth",
"JWT_AUTH_REFRESH_COOKIE": "_refresh",
"JWT_AUTH_HTTPONLY": False,
}
SITE_ID = 1
ACCOUNT_AUTHENTICATION_METHOD = "email"
ACCOUNT_USERNAME_REQUIRED = False
ACCOUNT_EMAIL_REQUIRED = True
ACCOUNT_EMAIL_VERIFICATION = "mandatory"
ACCOUNT_CONFIRM_EMAIL_ON_GET = True
LOGIN_URL = "/api/v1/auth/login"
I've tried many other approaches like custom user model, views and serializers, but it never worked, even became worse. I suppose there is something to do with dj_rest_auth.serializers.LoginSerializer, because it throws the error, but I don't know how to fix it. As you can see it is a big serializer and many thing can go wrong here:
class LoginSerializer(serializers.Serializer):
username = serializers.CharField(required=False, allow_blank=True)
email = serializers.EmailField(required=False, allow_blank=True)
password = serializers.CharField(style={'input_type': 'password'})
def authenticate(self, **kwargs):
return authenticate(self.context['request'], **kwargs)
def _validate_email(self, email, password):
if email and password:
user = self.authenticate(email=email, password=password)
else:
msg = _('Must include "email" and "password".')
raise exceptions.ValidationError(msg)
return user
def _validate_username(self, username, password):
if username and password:
user = self.authenticate(username=username, password=password)
else:
msg = _('Must include "username" and "password".')
raise exceptions.ValidationError(msg)
return user
def _validate_username_email(self, username, email, password):
if email and password:
user = self.authenticate(email=email, password=password)
elif username and password:
user = self.authenticate(username=username, password=password)
else:
msg = _('Must include either "username" or "email" and "password".')
raise exceptions.ValidationError(msg)
return user
def get_auth_user_using_allauth(self, username, email, password):
from allauth.account import app_settings as allauth_account_settings
# Authentication through email
if allauth_account_settings.AUTHENTICATION_METHOD == allauth_account_settings.AuthenticationMethod.EMAIL:
return self._validate_email(email, password)
# Authentication through username
if allauth_account_settings.AUTHENTICATION_METHOD == allauth_account_settings.AuthenticationMethod.USERNAME:
return self._validate_username(username, password)
# Authentication through either username or email
return self._validate_username_email(username, email, password)
def get_auth_user_using_orm(self, username, email, password):
if email:
try:
username = UserModel.objects.get(email__iexact=email).get_username()
except UserModel.DoesNotExist:
pass
if username:
return self._validate_username_email(username, '', password)
return None
def get_auth_user(self, username, email, password):
"""
Retrieve the auth user from given POST payload by using
either `allauth` auth scheme or bare Django auth scheme.
Returns the authenticated user instance if credentials are correct,
else `None` will be returned
"""
if 'allauth' in settings.INSTALLED_APPS:
# When `is_active` of a user is set to False, allauth tries to return template html
# which does not exist. This is the solution for it. See issue #264.
try:
return self.get_auth_user_using_allauth(username, email, password)
except url_exceptions.NoReverseMatch:
msg = _('Unable to log in with provided credentials.')
raise exceptions.ValidationError(msg)
return self.get_auth_user_using_orm(username, email, password)
@staticmethod
def validate_auth_user_status(user):
if not user.is_active:
msg = _('User account is disabled.')
raise exceptions.ValidationError(msg)
@staticmethod
def validate_email_verification_status(user, email=None):
from allauth.account import app_settings as allauth_account_settings
if (
allauth_account_settings.EMAIL_VERIFICATION == allauth_account_settings.EmailVerificationMethod.MANDATORY and not user.emailaddress_set.filter(email=user.email, verified=True).exists()
):
raise serializers.ValidationError(_('E-mail is not verified.'))
def validate(self, attrs):
username = attrs.get('username')
email = attrs.get('email')
password = attrs.get('password')
user = self.get_auth_user(username, email, password)
if not user:
msg = _('Unable to log in with provided credentials.')
raise exceptions.ValidationError(msg)
# Did we get back an active user?
self.validate_auth_user_status(user)
# If required, is the email verified?
if 'dj_rest_auth.registration' in settings.INSTALLED_APPS:
self.validate_email_verification_status(user, email=email)
attrs['user'] = user
return attrs
PS I am very stupid (you can already see), so please explain me as simple as possible. Than you!