Gain insights into creating custom users, using Simple JWT for authentication, sending verification emails, managing tokens, resetting passwords, and testing endpoints in Django RESTful projects.

“Django-Restful Custom User Authentication Using Simple JWT”.png

Django_PostmanClip.tar.gz

initial-setup

installations

custom-model

reg-serializer

reg-view

reg-endpoint-one

reg-endpoint-two

reg-endpoint-three

email-verification-one

email-verification-two

resend-email-verification-one

resend-email-verification-two

login-serializer

login-view

login-view-one

login-endpoint-one

login-endpoint-two

password-reset-serializer

password-reset-email

password-reset-view

password-reset-endpoint-one

password-reset-endpoint-two

user-listing-and-retrieval-one

user-listing-and-retrieval-two

user-logout-and-token-blacklisting-one

user-logout-and-token-blacklisting-two

endpoint-listing-one

endpoint-listing-two

Postman-1

Django-Postman V 1.0-copy

In this course, you will learn to use a package called Simple JWT to help implement JWT authentication in your Django RESTful projects.

In the beginning, you will learn how to create custom users in Django using Django RESTful. Next, you will learn to register users using JWT and send them account verification emails. After that, you will learn how to make custom token claims when logging in users, and also how to refresh the tokens after expiry. You will then learn how to reset passwords and understand how password reset emails work. You will learn to organize your users in Django RESTful, log them out, and also black-list their JWT tokens. You will finish by learning how to manage and test your endpoints by documenting and testing them.

After the completion of this course, you will be able to create custom users in Django RESTful framework, authenticate them using Simple JWT, programmatically send account verification and password reset emails.

Custom User Authentication with Simple JWT in Django RESTful



This lesson focuses on implementing the reset view.

# Create a view for validating the password reset token
When a user clicks on a password reset link, we need to validate the password reset token—checking to see whether it has already been used, if it's been tampered with, or if it's expired.
Let's create the class.

# ....other imports

# updated imports
from django.utils.encoding import smart_bytes, smart_str, DjangoUnicodeDecodeError
from django.utils.http import urlsafe_base64_encode, urlsafe_base64_decode


# other views

class PasswordResetTokenValidationView(generics.GenericAPIView):
    
    def get(self, request, uidb64, token):
        
        try:
            id = smart_str(urlsafe_base64_decode(uidb64))
            user = User.objects.get(id=id)

            if not PasswordResetTokenGenerator().check_token(user, token):
                return Response({'Error': 'Password reset link is expired! Please request for a new one!'}, status=status.HTTP_401_UNAUTHORIZED)

            return Response({'Success':True, 'Message':'Valid Credentials','uidb64':uidb64, 'token': token}, status=status.HTTP_200_OK)

        except DjangoUnicodeDecodeError as exc:
            if not PasswordResetTokenGenerator().check_token(user):
                return Response({'Error': 'Token is not valid! Please request for a new one!'}, status=status.HTTP_401_UNAUTHORIZED)

In the code above:
- We have the `PasswordResetTokenValidationView` class in **line 10**, which is responsible for the reset token validation.
- The `get()` request method in **line 12** takes an instance, the request, the base64-encoded user ID (`uidb64`), and the password reset token as arguments. Inside it, we have a `try` block that contains the token validation code.
- In the `try` block, from **lines 14–21**:
  - The `id` variable stores the plain user ID, which we get from decoding `uidb64`.
  - The `user` variable stores the user object we get using the `id`.
  - The `if` condition checks the validity of the token—if it's been used before or is expired. If the check returns the boolean `False`, we produce a response with an error message telling the user that the link is expired. Otherwise, it returns a `Success` message, the `uidb64`, and the `token`.
- The `except` block from **lines 23–25** catches the `DjangoUnicodeDecodeError` in case a user tampers with the token and returns an error message.

The default expiry time for the `password reset token` is three days. This can be changed by adding the following line of code in `settings.py`:
```py
PASSWORD_RESET_TIMEOUT = 259200 # 3 days, in seconds(replace with the desired number of days in seconds)
``` 

# Create a view for setting the new password
This view is responsible for setting the user's new password after we have checked and approved the validity of their password reset link. Let's create it now.

Password Reset View

About This Course

Registering Custom User Using Simple JWT

Logging in User Using Simple JWT

Resetting User Password

Organizing Users

User Logout

Managing and Testing the Endpoints

Conclusion

Appendix

Password Reset View

Create a view for validating the password reset token