How to create or register User using django-tastypie API programmatically?

Question

My code below kinda works, it creates the User object and saves but it doesn't save the password:

class CreateUserResource(ModelResource):
    class Meta:
        allowed_methods = ['post']
        object_class = User
        authentication = Authentication()
        authorization = Authorization()
        include_resource_uri = False
        fields = ['username']

    def obj_create(self, bundle, request=None, **kwargs):
        try:
            bundle = super(CreateUserResource, self).obj_create(bundle, request, **kwargs)
        except IntegrityError:
            raise BadRequest('That username already exists')
        return bundle

If I add 'password' to the Meta fields then it does save the raw password but not hashing it. What am I doing wrong?

---

So this is what worked for me:

def obj_create(self, bundle, request=None, **kwargs):
    username, password = bundle.data['username'], bundle.data['password']
    try:
        bundle.obj = User.objects.create_user(username, '', password)
    except IntegrityError:
        raise BadRequest('That username already exists')
    return bundle

Answer 1

When creating a user you need either use method set_password user.set_password(bundle.data.get('password')) or use a create_user method of User object.

user = User.objects.create_user(bundle.data.get('username'), bundle.data.get('email'), bundle.data.get('password'))

So something like this would work for you:

def obj_create(self, bundle, request=None, **kwargs):
    try:
        bundle = super(CreateUserResource, self).obj_create(bundle, request, **kwargs)
        bundle.obj.set_password(bundle.data.get('password'))
        bundle.obj.save() 
    except IntegrityError:
        raise BadRequest('That username already exists')
    return bundle

Answer 2

I was in the same situation and found both solutions helpful, but not complete. In both of them, I could create users with empty username. I didn't want to have such leaks so here is what I did.

First, I created a validation form:

from django import forms
from django.forms import ModelForm
from django.contrib.auth.models import User

class UserForm(forms.ModelForm):
def __init__(self, *args, **kwargs): 
    super(UserForm, self).__init__(*args, **kwargs)

    self.fields['username'].error_messages = {'required': "Please enter username"}
    self.fields['username'].max_length = 30
    self.fields['password'].error_messages = {'required': 'Please enter password'}
    self.fields['password'].max_length = 30

    self.fields['email'].required = False

def clean_username(self):
    username = self.cleaned_data['username']
    if len(username) < 4:
        raise forms.ValidationError("Username has to be longer than 4 characters")  
    return username

def clean_password(self):
    password = self.cleaned_data['password']
    if len(password) < 5:
        raise forms.ValidationError("Password has to be longer than 5 characters")
    return password   

class Meta:
    model = User
    fields = ('username', 'email', 'password')

Then, inside the UserResource

validation = FormValidation(form_class=UserForm)

def obj_create(self, bundle, request=None, **kwargs):
    bundle = super(UserResource, self).obj_create(bundle, request, **kwargs)
    bundle.obj.set_password(bundle.data.get('password'))
    bundle.obj.save() 

    return bundle

I hope my solution can help fellow developers. Happy coding!