Advice on custom user model and custom auth serializers

I need some advice from the devs out there who are experienced in Django. I am relatively new to this framework and am working on a pharmacy management app with a Django-powered backend. I plan to use mobile number as the way to sign up into the app. Most built-in classes provide email as the default way to register and create new users. I am using DRF for the REST API stuff, dj-rest-auth and django-allauth for handling authentication. Right now I am working only on user accounts within the app. Could you please give a check and point out the mistakes. Any advice on the best practices would be appreciated.

Here's the custom user model

from django.contrib.auth.models import AbstractUser
from django.db import models
from django.utils import timezone
from django.utils.translation import gettext_lazy as _
from .managers import CustomUserManager
from django.core.validators import RegexValidator

phone_validator = RegexValidator(regex=r"^[1-9]\d{9}$", message="Invalid Number")


class UserRole(models.TextChoices):
    RETAILER = "RETAILER", "retailer"
    STAFF = "STAFF", "staff"


class CustomUser(AbstractUser):
    username = None
    mobile = models.CharField(max_length=10, validators=[phone_validator], unique=True)
    role = models.CharField(
        max_length=20, choices=UserRole.choices, default=UserRole.STAFF
    )
    tenant = models.ForeignKey(
        "tenants.Tenant",
        on_delete=models.CASCADE,
        null=True,
        blank=True,
        related_name="users",
    )
    created_at = models.DateTimeField(auto_now_add=True)
    updated_at = models.DateTimeField(auto_now=True)
    objects = CustomUserManager()

    USERNAME_FIELD = "mobile"

    REQUIRED_FIELDS = []

    def __str__(self):
        return f"{self.mobile} ({self.get_full_name()})"

Here are the custom serializers.

from dj_rest_auth.serializers import LoginSerializer
from dj_rest_auth.registration.serializers import RegisterSerializer
from rest_framework import serializers
from allauth.account.adapter import get_adapter


class MobileLoginSerializer(LoginSerializer):
    username = None

    mobile = serializers.CharField(required=True)

    def validate(self, attrs):
        attrs["username"] = attrs.get("mobile")
        return super().validate(attrs)


class MobileRegisterSerializer(RegisterSerializer):
    username = None
    first_name = serializers.CharField()
    last_name = serializers.CharField()
    mobile = serializers.CharField()
    pharmacy_name = serializers.CharField(write_only=True)
    role = serializers.ChoiceField(choices=["RETAILER", "STAFF"])

    def get_cleaned_data(self):
        data = super().get_cleaned_data()
        data.update(
            {
                "first_name": self.validated_data.get("first_name", ""),
                "last_name": self.validated_data.get("last_name", ""),
                "mobile": self.validated_data.get("mobile", ""),
                "pharmacy_name": self.validated_data.get("pharmacy_name", ""),
                "role": self.validated_data.get("role", ""),
            }
        )
        return data

    def save(self, request):
        adapter = get_adapter()
        user = adapter.new_user(request)
        self.cleaned_data = self.get_cleaned_data()

        user = adapter.save_user(request, user, self, commit=False)
        user.first_name = self.cleaned_data.get("first_name")
        user.last_name = self.cleaned_data.get("last_name")
        user.mobile = self.cleaned_data.get("mobile")
        # user.pharmacy_name = self.cleaned_data.get("pharmacy_name")
        user.role = self.cleaned_data.get("role")
        user.save()

        self.custom_signup(request, user)
        return user

Here are the relevant code snippets from settings.py

...
REST_FRAMEWORK = {
    "DEFAULT_AUTHENTICATION_CLASSES": ["dj_rest_auth.jwt_auth.JWTCookieAuthentication"]
}

REST_AUTH = {
    "USE_JWT": True,
    "JWT_AUTH_COOKIE": "access",
    "JWT_AUTH_REFRESH_COOKIE": "refresh",
    "JWT_AUTH_HTTPONLY": True,
    "LOGIN_SERIALIZER": "accounts.serializers.MobileLoginSerializer",
    "REGISTER_SERIALIZER": "accounts.serializers.MobileRegisterSerializer",
}

AUTH_USER_MODEL = "accounts.CustomUser"

ACCOUNT_USER_MODEL_USERNAME_FIELD = "mobile"
ACCOUNT_EMAIL_REQUIRED = False
ACCOUNT_USERNAME_REQUIRED = False
ACCOUNT_AUTHENTICATION_METHOD = "username"

...

SITE_ID = 1

P.S.: I do not trust the AI responses. Different agents are suggesting different approaches and now I am confused.

Вернуться на верх

Последние вопросы и ответы

Advice on custom user model and custom auth serializers

Django class models.textChoices adding extra fields __new__ () positional argument error

Frontend login error with Doveland School Traffic Management System, backend built with Django works very fine and accepts email and password login

update or bulk update django

Celery vs Django Q2 for background tasks in Django — which should I choose in 2026?

Как добавить реквизит в модель пользователя Django?

Django + Gunicorn API intermittently hangs (504 errors) — workers appear idle but requests never complete

Swipe project 0987654321

Purpose of parameters of path function [duplicate]

Django update model when form previously wasn't filled

Advice on custom user model and custom auth serializers

Последние вопросы и ответы

Рекомендуемые записи по теме