How to register users in Django REST framework?

Question

I'm coding a REST API with Django REST framework. The API will be the backend of a social mobile app. After following the tutorial, I can serialise all my models and I am able to create new resources and update them.

I'm using AuthToken for authentication.

My question is:

Once I have the /users resource, I want the app user to be able to register. So, is it better to have a separate resource like /register or allow anonymous users to POST to /users a new resource?

Also, some guidance about permissions would be great.

Answer 1

Django REST Framework 3 allow override create method in serializers:

from rest_framework import serializers from django.contrib.auth import get_user_model # If used custom user model  UserModel = get_user_model()   class UserSerializer(serializers.ModelSerializer):      password = serializers.CharField(write_only=True)      def create(self, validated_data):          user = UserModel.objects.create_user(             username=validated_data['username'],             password=validated_data['password'],         )          return user      class Meta:         model = UserModel         # Tuple of serialized model fields (see link [2])         fields = ( "id", "username", "password", ) 

Serialized fields for classes inherited from ModelSerializer must be declared patently in Meta for Django Rest Framework v3.5 and newest.

File api.py:

from rest_framework import permissions from rest_framework.generics import CreateAPIView from django.contrib.auth import get_user_model # If used custom user model  from .serializers import UserSerializer   class CreateUserView(CreateAPIView):      model = get_user_model()     permission_classes = [         permissions.AllowAny # Or anon users can't register     ]     serializer_class = UserSerializer 

Answer 2

I went ahead and made my own custom view for handling registration since my serializer doesn't expect to show/retrieve the password. I made the url different from the /users resource.

My url conf:

url(r'^users/register', 'myapp.views.create_auth'), 

My view:

@api_view(['POST']) def create_auth(request):     serialized = UserSerializer(data=request.DATA)     if serialized.is_valid():         User.objects.create_user(             serialized.init_data['email'],             serialized.init_data['username'],             serialized.init_data['password']         )         return Response(serialized.data, status=status.HTTP_201_CREATED)     else:         return Response(serialized._errors, status=status.HTTP_400_BAD_REQUEST) 

I may be wrong, but it doesn't seem like you'll need to limit permissions on this view since you'd want unauthenticated requests ...