2

Suppose I want to register a user (I'm using the User model located in django.contrib.auth.models). Assume this is my serializers.py:

class UserSerializer(serializers.ModelSerializer):

    class Meta:
        model = User
        fields = ('username', 'password', 'email', )

What's the difference between the following views, and which one is recommended when it comes to creating a user?

View A:

def createUser(request):
    if request.method == 'POST':
        serializer = UserSerializer(data=request.DATA)
        if serializer.is_valid():
            serializer.save()
            return Response(serializer.data, status=status.HTTP_201_CREATED)
        else:
            return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)

View B:

def createUser(request):
    serializer = UserSerializer(data=request.DATA)
    if serializer.is_valid():
        user = User.objects.create_user(
            email = serializer.init_data['email'],
            username = serializer.init_data['username'],
            password = serializer.init_data['password'],
        )

        return Response(serializer.data, status=status.HTTP_201_CREATED)
    else:
        return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
SilentDev
  • 20,997
  • 28
  • 111
  • 214

1 Answers1

7

Neither of those is perfect. But View A looks promising.

  • View A is a good start, but it is incomplete solution. Because User creation is not simply User.save, but rather you have to call User.create_user method.
  • View B is the correct way to create user by calling User.create_user, however, the views contains a logic which should actually be abstracted within the Serializer.save() method.

To solve this, you have to change the behavior of Serializer.save() method. Looking at the documentation, Serializer.save(), will call either Serializer.create() or Serializer.update().

In summary, we have to override the Serializer.create() for user creation and use View A.

# File: serializers.py
class UserSerializer(serializers.ModelSerializer):
    class Meta:
        model = User

    def create(self, validated_data):
        user = User.objects.create_user(
            email = validated_data['email'],
            username = validated_data['username'],
            password = validated_data['password'],
        )
        return user
Yeo
  • 11,416
  • 6
  • 63
  • 90
  • Thanks. Why exactly is User creation not just User.save()? Because when I do it, it works (i'm assuming it's not recommended, but how come User.create_user() is the recommended approach, rather than User.save()?). – SilentDev May 06 '15 at 20:51
  • 2
    Because you do [`normalize_email`](https://github.com/django/django/blob/fe914341c83b37fd6aa8fd85620cf49dd2328ab0/django/contrib/auth/base_user.py#L19-L30) and [`set_password`](https://github.com/django/django/blob/fe914341c83b37fd6aa8fd85620cf49dd2328ab0/django/contrib/auth/base_user.py#L83-L84) when [`create_user`](https://github.com/django/django/blob/72f6513ebaa7a3fd43c26300e9a8c430dc07cdb5/django/contrib/auth/models.py#L140-L147). – Yeo May 06 '15 at 20:57
  • ah, thanks. Answer has been accepted. On a side note, I see that you used "validated_data['username']," but in these two posts: http://stackoverflow.com/questions/27078272/django-rest-framework-user-registrations-with-extra-fields and http://stackoverflow.com/questions/22718091/django-rest-framework-user-registration they used "init_data['username']". Any reason why init_data wouldn't work in this case? – SilentDev May 06 '15 at 21:04
  • 2
    @user2719875 I'm not sure, but I think it will still work, but `init_data` is most likely be the raw data (`request.DATA`) which is not validated. – Yeo May 06 '15 at 21:13