diff --git a/StockSeeker/serializers.py b/StockSeeker/serializers.py index a97f96d..8cc9a9b 100644 --- a/StockSeeker/serializers.py +++ b/StockSeeker/serializers.py @@ -15,6 +15,13 @@ class UserSerializer(serializers.ModelSerializer): raise serializers.ValidationError("Cette adresse e-mail est déjà utilisée.") return value + def create(self, validated_data): + password = validated_data.pop("password") + user = User(**validated_data) + user.set_password(password) + user.save() + return user + class ProductSerializer(serializers.ModelSerializer): class Meta: diff --git a/StockSeeker/settings.py b/StockSeeker/settings.py index b445b0d..f86da6d 100644 --- a/StockSeeker/settings.py +++ b/StockSeeker/settings.py @@ -104,11 +104,12 @@ AUTH_PASSWORD_VALIDATORS = [ ] REST_FRAMEWORK = { - # Use Django's standard `django.contrib.auth` permissions, - # or allow read-only access for unauthenticated users. - 'DEFAULT_PERMISSION_CLASSES': [ - 'rest_framework.permissions.DjangoModelPermissionsOrAnonReadOnly' - ] + 'DEFAULT_AUTHENTICATION_CLASSES': ( + 'rest_framework_simplejwt.authentication.JWTAuthentication', + ), + 'DEFAULT_PERMISSION_CLASSES': ( + 'rest_framework.permissions.IsAuthenticated', + ), } # Internationalization # https://docs.djangoproject.com/en/5.1/topics/i18n/ diff --git a/StockSeeker/urls.py b/StockSeeker/urls.py index e440b5e..11204f6 100644 --- a/StockSeeker/urls.py +++ b/StockSeeker/urls.py @@ -3,11 +3,15 @@ from django.urls import include, path from rest_framework import routers from .views import * from . import views +from rest_framework_simplejwt.views import * + +##juge pas les noms d'acces OK ?## router = routers.DefaultRouter() -router.register(r'product', views.ProductViewSet) urlpatterns = [ path('', include(router.urls)), path('admin/', admin.site.urls), - path("create/", UserCreate.as_view(), name="user-create") + path('create/', UserCreate.as_view(), name="user-create"), + path('api/token/', TokenObtainPairView.as_view(), name='token_obtain_pair'), + path('api/token/refresh', TokenRefreshView.as_view(), name="token_refresh") ] diff --git a/StockSeeker/views.py b/StockSeeker/views.py index 4fab407..b659d37 100644 --- a/StockSeeker/views.py +++ b/StockSeeker/views.py @@ -4,28 +4,28 @@ from .serializers import * from rest_framework.throttling import UserRateThrottle from rest_framework.response import Response from rest_framework import generics, status +from rest_framework.permissions import IsAuthenticated, AllowAny +from rest_framework_simplejwt.tokens import RefreshToken class UserCreate(generics.CreateAPIView): + permission_classes = [AllowAny] throttle_classes = [UserRateThrottle] serializer_class = UserSerializer queryset = User.objects.all() def create(self, request): + if request.user.is_authenticated: + return Response({"detail:" "Deconnecte toi ??"}, status=status.HTTP_403_FORBIDDEN) serializers = self.get_serializer(data=request.data) serializers.is_valid(raise_exception=True) user = serializers.save() - return Response(serializers.data, status=status.HTTP_201_CREATED) + refresh = RefreshToken.for_user(user) + access_token = refresh.access_token -class ProductViewSet(viewsets.ModelViewSet): - queryset = Product.objects.all() - serializer_class = ProductSerializer - - -class CreateProject(viewsets.ModelViewSet): - queryset = Product.objects.all() - serializer_class = ProductSerializer - - def get_queryset(self): - return Product.objects.filter(user=self.request.user) + return Response({ + "user": serializers.data, + "refresh": str(refresh), + "access": str(access_token) + }, status=status.HTTP_201_CREATED)