make the last changes to make the project requirements

Author: Mohammed2372

db.sqlite3

@@ -1,3 +1,5 @@
 from django.contrib import admin
+from .models import Todo
 
 # Register your models here.
+admin.site.register(Todo)

todo/admin.py

@@ -2,5 +2,13 @@
 
 
 class TodoConfig(AppConfig):
-    default_auto_field = 'django.db.models.BigAutoField'
-    name = 'todo'
+    default_auto_field = "django.db.models.BigAutoField"
+    name = "todo"
+
+    def ready(self):
+        from django.contrib.auth.models import User
+
+        def get_display_name(self):
+            return self.first_name or self.username
+
+        User.add_to_class("__str__", get_display_name)

todo/apps.py

@@ -2,6 +2,9 @@
 from rest_framework.serializers import ModelSerializer
 from django.contrib.auth.models import User
 from django.contrib.auth.password_validation import validate_password
+from django.contrib.auth import authenticate
+from rest_framework_simplejwt.tokens import RefreshToken
+from rest_framework.exceptions import AuthenticationFailed
 
 from .models import Todo
 
@@ -15,34 +18,103 @@ class Meta:
 class TodoDetailSerializer(ModelSerializer):
     class Meta:
         model = Todo
-        fields = "__all__"
+        fields = ["id", "title", "description", "completed"]
 
 
-class RegisterSerializer(ModelSerializer):
-    password2 = serializers.CharField(
+class RegisterSerializer(serializers.Serializer):
+    # password2 = serializers.CharField(
+    #     write_only=True, required=True, style={"input_type": "password"}
+    # )
+    name = serializers.CharField(required=True, write_only=True)
+    email = serializers.EmailField(required=True)
+    password = serializers.CharField(
         write_only=True, required=True, style={"input_type": "password"}
     )
 
-    class Meta:
-        model = User
-        fields = ["username", "email", "password", "password2"]
-        extra_kwargs = {
-            "password": {"write_only": True, "style": {"input_type": "password"}},
-            "email": {"required": True},
-            "username": {"required": True},
-        }
+    # class Meta:
+    #     model = User
+    #     fields = [
+    #         # "name",
+    #         "email",
+    #         "password",
+    #         # "password2",
+    #     ]
+    #     extra_kwargs = {
+    #         "password": {"write_only": True, "style": {"input_type": "password"}},
+    #         "email": {"required": True},
+    #         # "name": {"required": True},
+    #     }
 
     def create(self, validated_data):
-        user = User.objects.create(
-            username=validated_data["username"],
+        user = User.objects.create_user(
+            username=validated_data["email"],
             email=validated_data["email"],
             password=validated_data["password"],
+            first_name=validated_data["name"],
         )
         return user
 
+    def validate_email(self, value):
+        email_lower = value.lower()
+        if User.objects.filter(username=email_lower).exists():
+            raise serializers.ValidationError("A user with this email already exists.")
+        return value
+
+    def to_representation(self, instance):
+        return {
+            "name": instance.first_name,
+            "email": instance.email,
+        }
+
+    # def validate(self, attrs):
+    #     password2 = attrs.pop("password2")
+    #     if attrs["password"] != password2:
+    #         raise serializers.ValidationError({"password": "Passwords do not match."})
+    #     validate_password(attrs["password"], user=User(username=attrs["username"]))
+    #     return attrs
+
+
+# add email serializer to make user login with email and password
+class EmailLoginSerializer(ModelSerializer):
+    class Meta:
+        model = User
+        fields = ["email", "password"]
+
+    email = serializers.EmailField(required=True)
+    password = serializers.CharField(required=True, write_only=True)
+
     def validate(self, attrs):
-        password2 = attrs.pop("password2")
-        if attrs["password"] != password2:
-            raise serializers.ValidationError({"password": "Passwords do not match."})
-        validate_password(attrs["password"], user=User(username=attrs["username"]))
-        return attrs
+        email = attrs.get("email")
+        password = attrs.get("password")
+
+        if not email or not password:
+            raise AuthenticationFailed("Email and password are required.")
+
+        user = authenticate(email=email, password=password)
+
+        # Find the user by their email
+        # try:
+        #     user = User.objects.get(email=email)
+        # except User.DoesNotExist:
+        #     raise AuthenticationFailed(
+        #         "No active account found with the given credentials"
+        #     )
+
+        # Authentication
+        authenticated_user = authenticate(username=email, password=password)
+
+        if not authenticated_user:
+            raise AuthenticationFailed(
+                "No active account found with the given credentials"
+            )
+
+        if not authenticated_user.is_active:
+            raise AuthenticationFailed("User account is disabled.")
+
+        refresh = RefreshToken.for_user(authenticated_user)
+
+        return {
+            "refresh": str(refresh),
+            "access": str(refresh.access_token),
+            "user": authenticated_user,
+        }

todo/serializers.py

@@ -4,7 +4,7 @@
 
 
 urlpatterns = [
-    path("", views.TodoListCreateAPIView.as_view(), name="todo-list"),
+    path("todos/", views.TodoListCreateAPIView.as_view(), name="todo-list"),
     path(
         "todos/<int:todo_id>/",
         views.TodoRetrieveUpdateDestroyAPIView.as_view(),

todo/urls.py

@@ -4,9 +4,19 @@
 from rest_framework import status, generics, permissions
 from django_filters.rest_framework import DjangoFilterBackend
 from django.contrib.auth.models import User
+from django.contrib.auth import login
+from rest_framework.filters import (
+    SearchFilter,
+    OrderingFilter,
+)
 
 from .models import Todo
-from .serializers import TodoSerializer, TodoDetailSerializer, RegisterSerializer
+from .serializers import (
+    TodoSerializer,
+    TodoDetailSerializer,
+    RegisterSerializer,
+    EmailLoginSerializer,
+)
 from .filters import TodoFilter
 
 
@@ -16,10 +26,20 @@ class TodoListCreateAPIView(generics.ListCreateAPIView):
     # queryset = Todo.objects.all()
     serializer_class = TodoSerializer
     filterset_class = TodoFilter
-    filter_backends = [DjangoFilterBackend]
     permission_classes = [permissions.IsAuthenticated]
+    filter_backends = filter_backends = [
+        DjangoFilterBackend,
+        SearchFilter,
+        OrderingFilter,
+    ]
+
+    search_fields = ["title", "description"]
+    ordering_fields = ["date_created", "title", "completed"]
+    ordering = ["-date_created"]
 
     def get_queryset(self):
+        if self.request.user.is_superuser:
+            return Todo.objects.all()
         return Todo.objects.filter(owner=self.request.user)
 
     def perform_create(self, serializer):
@@ -78,3 +98,18 @@ class RegisterView(generics.CreateAPIView):
     queryset = User.objects.all()
     serializer_class = RegisterSerializer
     permission_classes = [permissions.AllowAny]
+
+
+class EmailLoginView(generics.CreateAPIView):
+    permission_classes = [permissions.AllowAny]
+    serializer_class = EmailLoginSerializer
+
+    def post(self, request, *args, **kwargs):
+        serializer = EmailLoginSerializer(data=request.data)
+        serializer.is_valid(raise_exception=True)
+
+        validated_data = serializer.validated_data
+        user = validated_data.pop("user")
+        login(request, user)
+
+        return Response(serializer.validated_data, status=status.HTTP_200_OK)

todo/views.py

@@ -39,7 +39,7 @@
     'django.contrib.staticfiles',
 
     'rest_framework',
-    'todo',
+    'todo.apps.TodoConfig',
     'django_filters',
     'rest_framework_simplejwt',
 ]
@@ -139,6 +139,19 @@
     "DEFAULT_PAGINATION_CLASS": "rest_framework.pagination.PageNumberPagination",
     "PAGE_SIZE": 10,
     "DEFAULT_FILTER_BACKENDS": ["django_filters.rest_framework.DjangoFilterBackend"],
+    # --- THROTTLING ---
+    "DEFAULT_THROTTLE_CLASSES": [
+        # This one is for anonymous users (e.g., login/register)
+        "rest_framework.throttling.AnonRateThrottle",
+        # This one is for logged-in users
+        "rest_framework.throttling.UserRateThrottle",
+    ],
+    "DEFAULT_THROTTLE_RATES": {
+        # Limit for anonymous users
+        "anon": "20/minute",
+        # Limit for logged-in users
+        "user": "1000/day",
+    },
 }
 
 LOGIN_REDIRECT_URL = '/'

todoapi/settings.py

@@ -19,13 +19,14 @@
 from django.urls import path, include
 from rest_framework_simplejwt.views import TokenObtainPairView, TokenRefreshView
 
-from todo.views import RegisterView
+from todo.views import RegisterView, EmailLoginView
 
 urlpatterns = [
     path("admin/", admin.site.urls),
     path("", include("todo.urls")),
     path("api-auth/", include("rest_framework.urls")),
-    path("auth/register/", RegisterView.as_view(), name='user-register'),
-    path("auth/login/", TokenObtainPairView.as_view(), name='token-obtain-pair'),
-    path("auth/refresh/", TokenRefreshView.as_view(), name='token-refresh'),
+    path("register/", RegisterView.as_view(), name="user-register"),
+    # path("auth/login/", TokenObtainPairView.as_view(), name='token-obtain-pair'),
+    path("login/", EmailLoginView.as_view(), name="token_obtain_pair"),
+    path("refresh/", TokenRefreshView.as_view(), name="token-refresh"),
 ]