2👍
I would recommend using class-based views with Django REST Framework. They give you a lot of extra power that is missing from function-based views, and they are more supported. While this is less important for this case, this is also a very basic situation that avoids most of what Django REST Framework brings to the table.
Do i need separate validation on the phone number, first_name, last_name, email to make sure they are required or is that handled by the model?
When you call serializer.is_valid
, it should check to make sure that any fields that are specified as required on the model are included. Try it out, and if it isn’t happening make sure that you don’t have empty=False
specified on any of the fields. If you aren’t in the position to fix that, you can override the field on the serializer and set required=True
there.
Is this the correct way to handle the POST of the phone number?
The serializer can create the user automatically by just calling serializer.save()
. If you have custom logic in the create_user
manager that you need to use, then you probably can’t use save
.
Is this secure ? If not, what can I do to make it more secure?
Django will help you out a lot here, so your code currently looks pretty well. One thing you may want to consider is that the init_data
from the serializer is the same as that from request.DATA
. You should probably access the validated data from serializer.object
(like serializer.object.username
instead, as any validators may have modified your data to make it more friendly to the Django ORM.