Home > Backend Development > Python Tutorial > Step-by-Step Guide to User Authentication with Django, Djoser, and JWT: Part I

Step-by-Step Guide to User Authentication with Django, Djoser, and JWT: Part I

Patricia Arquette
Release: 2024-12-27 12:24:11
Original
273 people have browsed it

User authentication and management are foundational features when starting a new project. Because these tasks are often repeated, various packages have been developed to streamline the process, allowing developers to focus on other aspects of their projects. One such package is Djoser, which integrates seamlessly with Django REST Framework (DRF) to handle authentication and user management. In this guide, I’ll walk you through building a full user authentication system using Djoser, including setting up email functionality and custom email templates.

Setting Up the Project

Start by creating a directory for your project:

mkdir userauth
Copy after login
Copy after login
Copy after login

Navigate to the new directory in your preferred IDE, set up a virtual environment and activate it

python venv .venv
source .venv/bin/activate
Copy after login
Copy after login

Next, install the necessary packages:

pip install django djangorestframework djoser djangorestframework_simplejwt social-auth-app-django drf-yasg

Copy after login
Copy after login

Note: Some dependencies, such as social-auth-app-django, might be installed automatically with Djoser. If so, you can skip explicitly adding them

Once installed, generate a requirements.txt file to track your dependencies:

pip freeze > requirements.txt
Copy after login
Copy after login

You should see all the installed packages listed in the requirements.txt file, including any dependencies.

Create the Django Project and get the server running

django-admin startapp userauth . 
Copy after login
Copy after login

This will create the django project. We then need to create an app inside our project

python manage.py startapp accounts
Copy after login
Copy after login

Your project directory should now contain the following:

  • .venv (virtual environment)

  • accounts/ (authentication app)

  • userauth/ (main project folder)

  • manage.py

  • requirements.txt

Configuring the Project

Add the required packages and apps to the INSTALLED_APPS section in settings.py:

INSTALLED_APPS = [
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',

     # Third Party Apps
    'rest_framework',
    'djoser',
    'rest_framework_simplejwt',
    'drf_yasg',

    # Local Apps
    'accounts',
]
Copy after login
Copy after login

Update your settings.py to include configurations for Django REST Framework and SimpleJWT:

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework_simplejwt.authentication.JWTAuthentication',
    ),
}
Copy after login
Copy after login

Let's create our custom user model since
create managers.py file in the accounts folder
accounts/managers.py

from django.contrib.auth.models import BaseUserManager


class CustomUserManager(BaseUserManager):

    def create_user(self, email, username, password=None, **extra_fields) -> None:

        if not username:
            raise ValueError("Username is required")

        if not email:
            raise ValueError("Email is required")


        email = self.normalize_email(email)
        user = self.model(email=email, username=username, **extra_fields)
        user.set_password(password)
        user.save()
        return user


    def create_superuser(self, email, username, password, **extra_fields):
        """
        Create and save a SuperUser with the given email and password.
        """
        extra_fields.setdefault("is_staff", True)
        extra_fields.setdefault("is_superuser", True)
        extra_fields.setdefault("is_active", True)

        if extra_fields.get("is_staff") is not True:
            raise ValueError("Superuser must have is_staff=True.")

        if extra_fields.get("is_superuser") is not True:
            raise ValueError("Superuser must have is_superuser=True.")

        return self.create_user(email, username, password, **extra_fields)
Copy after login

accounts/models.py

from django.db import models
from django.contrib.auth.models import AbstractUser
from accounts.managers import CustomUserManager



class CustomUser(AbstractUser):
    username = None
    email = models.EmailField(unique=True)
    is_verified = models.BooleanField(default=False)


    USERNAME_FIELD = 'email'
    REQUIRED_FIELDS = []

    objects = CustomUserManager()


    def __str__(self):
        return self.email
Copy after login

Add this line in your settings.py file

AUTH_USER_MODEL = 'accounts.CustomUser'
Copy after login

We can go ahead to make our migrations then run the local development server

python manage.py makemigrations
python manage.py migrate
python manage.py runserver
Copy after login

There should be no issues up to this point.

Configuring Djoser URLs

Include the URLs that Djoser provides in your project’s URL patterns, along with Swagger for API documentation:

userauth/urls.py

from django.contrib import admin
from django.urls import include, path
from rest_framework import permissions
from drf_yasg.views import get_schema_view
from drf_yasg import openapi


schema_view = get_schema_view(
    openapi.Info(
        title="User Accounts API",
        default_version="v1",
        description="REST implementation of Django authentication system using Djoser",
        contact=openapi.Contact(email="contact@snippets.local"),
        license=openapi.License(name="BSD License"),
    ),
    public=True,
    permission_classes=(permissions.AllowAny,),
)

urlpatterns = [
    path('admin/', admin.site.urls),
    path('api/docs', schema_view.with_ui("swagger", cache_timeout=0), name="swagger-ui"),
    path('api/', include('djoser.urls')), 
    path('api/', include('djoser.urls.jwt'))
]

Copy after login

Go to http://127.0.0.1:8000/api/docs/ in your browser to view the API documentation.

Configuring Djoser Settings

All settings that can be configured for djoser can be found here Djoser settings

userauth/settings.py

mkdir userauth
Copy after login
Copy after login
Copy after login

Here we are requiring users to receive an activation email. The activation url is the link sent to the user's email for them to click. The token and uid needs to be extracted and a post request sent with them as the body to the activation route in your project

Configuring Email Sending

Finally we need to configure email sending. I'll be using mailtrap for email sending. You can choose to send the email to the console or whatever email service you choose.

For sending the email to your console

python venv .venv
source .venv/bin/activate
Copy after login
Copy after login

Using external mail service

pip install django djangorestframework djoser djangorestframework_simplejwt social-auth-app-django drf-yasg

Copy after login
Copy after login

Replace the placeholders with the correct credentials

To test this out, we'll use postman to test it out.

Creating a new user

Step-by-Step Guide to User Authentication with Django, Djoser, and JWT: Part I

Then the activation email sent to the user

Step-by-Step Guide to User Authentication with Django, Djoser, and JWT: Part I

Customizing Email Templates

Let's customize the email template a little
Create a template folder in the accounts directory, then create an email folder and go ahead to create template folder in there

accounts/templates/email/activation_email.py
We customize the default email that comes with djoser

pip freeze > requirements.txt
Copy after login
Copy after login

To customize the site name in the template, add this line to the djoser setting

django-admin startapp userauth . 
Copy after login
Copy after login

The email template looks like this now

Step-by-Step Guide to User Authentication with Django, Djoser, and JWT: Part I

Extending Activation View

For the last part of this article, let work on the email verification.
We start by customizing the activation view in accounts/views.py:

accounts/views.py

python manage.py startapp accounts
Copy after login
Copy after login

We are extending the activation view on djoser to customize it and set the is_verified field on our user model to true

accounts/urls.py

INSTALLED_APPS = [
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',

     # Third Party Apps
    'rest_framework',
    'djoser',
    'rest_framework_simplejwt',
    'drf_yasg',

    # Local Apps
    'accounts',
]
Copy after login
Copy after login

Urls file in the project level
userauth/urls.py

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework_simplejwt.authentication.JWTAuthentication',
    ),
}
Copy after login
Copy after login

To test this out create a new test user and click the activation url sent to the email.
You get to this page, because the url does not exist in our project

Step-by-Step Guide to User Authentication with Django, Djoser, and JWT: Part I

from the url extract the uid and token and make a post request to the activation route you defined in your accounts/urls.py file

from the screenshot, my route is ;

mkdir userauth
Copy after login
Copy after login
Copy after login

The uid is MTY
The token is cil456-aaf8331efb885f0b4412f35ce544648c

Using the parameters to make a post request to the activate endpoint

Step-by-Step Guide to User Authentication with Django, Djoser, and JWT: Part I

This concludes the tutorial for setting up user authentication with Djoser. You now have a functional authentication system with email activation and customizable templates. In the second part of this series, we’ll explore social authentication, enabling users to sign up and log in using third-party services like Google, Facebook, and GitHub. Stay tuned for more!

If you have any questions or feedback, feel free to leave a comment.

The above is the detailed content of Step-by-Step Guide to User Authentication with Django, Djoser, and JWT: Part I. For more information, please follow other related articles on the PHP Chinese website!

source:dev.to
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template