rest_auth.serializers¶

Serializer implementations for authentication.

class rest_auth.serializers.LoginSerializer(instance=None, data=<class 'rest_framework.fields.empty'>, **kwargs)[source]¶

Serializer for loggin in. It checks username and password are correct for settings.AUTH_USER_MODEL.

After validating it, user instance created for authenticated user. View methods should persist this user. (through django.contrib.auth.login)

Parameters:	username – `USERNAME_FIELD` for AUTH_USER_MODEL password – user’s password

validate(data)[source]¶

Checks username & password. uses django.contrib.auth.authenticate

Parameters:	data – validated data from `Serializer.validate`
Returns:	validated_data
Raises:	VaildationError – if username or password are incorrect

confirm_login_allowed(user)[source]¶

Checks if validated user is allowed for website.

Override this method if you use custom authentication method and have additional methods for allowing login.

Raises:	VaildationError – if user are not allowed

create(validated_data)[source]¶

persist a authenticated user in this step.

Parameters:	validated_data – validated_data should contains `request`. You should pass request to serialzer.save.

perform_login(request, user)[source]¶: Persist a user. Override this method if you do more than persisting user.

get_user()[source]¶

Returns:	`user` instance created after `self.validate`

class rest_auth.serializers.PasswordResetSerializer(instance=None, data=<class 'rest_framework.fields.empty'>, **kwargs)[source]¶

Sends a website link for resetting password. It uses django’s PasswordResetForm directly because there is just one required field, email, and form implemented its business logic nicely.

Parameters:	email – email address to receive password-reset-link.

password_reset_form_class¶: alias of django.contrib.auth.forms.PasswordResetForm

validate_email(value)[source]¶

Raises:	VaildationError – `rest_framework`’s field validation VaildationError – `django`’s field vaildation

save(domain_override=None, subject_template_name='registration/password_reset_subject.txt', email_template_name='registration/password_reset_email.html', use_https=True, token_generator=<django.contrib.auth.tokens.PasswordResetTokenGenerator object>, from_email=None, request=None, html_email_template_name=None, extra_email_context=None)[source]¶: sends a email, which contains link for resetting password

class rest_auth.serializers.SetPasswordSerializer(user, *args, **kwargs)[source]¶

This serializer resets password of a given user. Please be VERY CAREFUL for using this any given user’s password can be changed.

Setting permission IsAdminUser is recommended.

Parameters:	new_password1 – new password new_password2 – new password confirmation.

validate(data)[source]¶

Raises:	VaildationError – if two given passwords are different.

create(validated_data)[source]¶: resets password

class rest_auth.serializers.PasswordChangeSerializer(user, *args, **kwargs)[source]¶

resets password of user. Resetting password is done if old_password is correct and two new passwords are equals.

Parameters:	old_password – old_password new_password1 – new password new_password2 – new password confirmation.

validate_old_password(old_password)[source]¶

Raises:	ValidationError – if old_password is not correct

class rest_auth.serializers.SignupSerializer(instance=None, data=<class 'rest_framework.fields.empty'>, **kwargs)[source]¶

Signup serializer for rest_framework & AUTH_USER_MODEL.

Fields & methods are built on a django’s defualt User model. Extend this serializer if you need your custom user model.

(Even if AUTH_USER_MODEL is can be customized, this is recommended that You don’t change & use customized user model. using custom user model is very complex.)

Parameters:	username – `USERNAME_FIELD` of `AUTH_USER_MODEL` email – `User.get_email_field_name()` password1 – password of a user (write_only, used only when created) password2 – password confirmation (write_only)
TODO:	Serializer Only implements creating. list/get are need to be implmtd

validate(data)[source]¶

Vaildates if two passwords are equal.

Raises:	ValidationError – when 2 passwds are different

create(validated_data)[source]¶

Creates user instance

CAVEAT:

A clear difference between django’s ModelForm and rest_framework’s ModelSerializer is that, model serializer’s save method doesn’t respect form’s commit=True.

Inside super().create, a query is fired to create user, and inside this, additional query is fired to save hashed password. It’s because ModelSerializer’s create method uses default manager’s create function, Model._default_manager.create()

(User model creation is recommended by calling UserManager’s create_user method)

Parameters:	validated_data – validated data created after `self.vaildate`

send_mail(user, domain_override=None, subject_template_name='registration/verify_email.txt', email_template_name='registration/verify_email.html', use_https=False, token_generator=<django.contrib.auth.tokens.PasswordResetTokenGenerator object>, from_email=None, request=None, html_email_template_name=None, extra_email_context=None)[source]¶: Send verification mail to newbie.