We Keep Coding

Django REST User Creation/Authentication

This question is based on the one here. I am setting up a Django REST Framework for my web app and am trying to set up User accounts. Based on the REST documentation, they put all of their account code in their example in the main project directory and a separate application so did that as well. Here is what I have:
urls.py
from django.contrib import admin
from django.urls import include, path
from django.conf.urls import url
from rest_framework import routers
from . import views
router = routers.DefaultRouter()
router.register('users', views.UserViewSet)
urlpatterns = [
path('admin/', admin.site.urls),
url('', include(router.urls)),
url(r'^api-auth/', include('rest_framework.urls', namespace='rest_framework')),
]
serializers.py
from django.contrib.auth.models import User
from rest_framework import serializers
class UserSerializer(serializers.ModelSerializer):
password = serializers.CharField(write_only=True)
def create(self, validated_data):
user = User.objects.create(
username=validated_data['username']
)
user.set_password(validated_data['password'])
user.save()
return user
class Meta:
model = User
# Tuple of serialized model fields (see link [2])
fields = ( "id", "username", "password", )
views.py
from rest_framework import viewsets, permissions
from rest_framework.generics import CreateAPIView
from django.contrib.auth.models import User
from .serializers import UserSerializer
# Create your views here.
class UserViewSet(viewsets.ModelViewSet):
queryset = User.objects.all()
serializer_class = UserSerializer
permission_classes = [permissions.IsAuthenticated]
class CreateUserView(CreateAPIView):
model = User
permission_classes = [
permissions.AllowAny
]
serializer_class = UserSerializer
I have tried using the Boomerang REST Client in Chrome to POST data to this API, but it always returns a 403 Error saying "Invalid username/password." Specifically I am POSTing to http://127.0.0.1:8000/users/create/ with a Query String and 2 parameters: username and password. I also tried sending it as JSON and it returned the same. Any help would be appreciated.

It doesn't look like CreateUserView was registered in your urls.py. You should be able to register it and access it normally. I think this should work for you:
urlpatterns = [
...
url(r'^users/create/', views.CreateUserView.as_view()),
]
That said, I'd like to suggest adding an extra action for your UserViewSet instead:
# Create your views here.
class UserViewSet(viewsets.ModelViewSet):
queryset = User.objects.all()
serializer_class = UserSerializer
permission_classes = [permissions.IsAuthenticated
#action(methods=['post'], detail=False, permission_classes=[permissions.AllowAny])
def register(self, request, *args, **kwargs):
# This logic was taken from the `create` on `ModelViewSet`. Alter as needed.
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
self.perform_create(serializer)
headers = self.get_success_headers(serializer.data)
return Response(serializer.data, status=status.HTTP_201_CREATED, headers=headers)
Then you should be able to post via /users/register/. You can also specify your own url name and path on the decorator.

Maybe you are posting in the wrong url, try POST the same on http://127.0.0.1:8000/users/,
because ModelViewSet adds POST, PATCH, PUT, DELETE and GET methods automatically.
Also because you are asking for authentication (permission_classes = [permissions.IsAuthenticated]), you should send the headers for this in the request. There is a tutorial for this in the DRF site (https://www.django-rest-framework.org/tutorial/4-authentication-and-permissions/)

based on django-rest-framework documents it's better to use viewset for create user api. therefor you need to send a POST request to http://127.0.0.1:8000/api-auth/users and no need to CreateUserView function.
But if you want to have a custom user create api do you need something like below:
class UserViewSet(viewsets.ModelViewSet):
"""
A viewset that provides the standard actions
"""
queryset = User.objects.all()
serializer_class = UserSerializer
#action(detail=True, methods=['post'], permission_classes=[permissions.AllowAny])
def create_user(self, request, pk=None):
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
self.perform_create(serializer)
headers = self.get_success_headers(serializer.data)
return Response(serializer.data, status=status.HTTP_201_CREATED, headers=headers)
To have custom serializers in your ViewSet you can specify them in get_serializer_class function in your ViewSet like this:
class UserViewSet(viewsets.ModelViewSet):
# example viewset
def get_serializer_class(self):
if self.action == 'list':
return ListUserSerializer
elif self.action == 'create':
return CreateUserSerializer
elif self.action == 'update':
return UpdateUserSerializer
return DetailUserSerializer

CreateAPIView returns TypeError with st() function, when accessing endpoint via browser

I am writing API based on Django (2.2.2) and Django Rest Framework (3.9.4).
Goal is to create simple message system.
After creating endpoint for creating message, I get TypeError:
TypeError at /api/v1/message/create/
__str__ returned non-string (type Message)
The 'message_body' in the DB contains PL characteristic characters.
I tried both serializer.Serializer and serializer.ModelSerializer for my serializer, CreateAPIView and ListCreateAPIView for the view.
What is really interesting, endpoint for listing out the messages is working just fine.
This is nearly copy-paste code from my other endpoint (also CreateAPIView), which is working just as expected.
I also tried some encoding stuff on str(self), but guess not properly.
sample.json: (fixtures to test API in the browser)
{
"model": "core.message",
"pk": 1,
"fields": {
"chat": 1,
"message_body": "Wiadomość testowa 1",
"sender": "user",
"sent": "2019-05-05T10:20:37+01:00",
"is_viewed": true
}
}
models.py:
class Message(models.Model):
"""
Model representing single message in DB
"""
chat = models.ForeignKey(
'Chat',
on_delete=models.CASCADE,
unique=False
)
message_body = models.TextField(blank=False, null=False)
sender = models.CharField(max_length=4)
sent = models.DateTimeField(auto_now_add=True)
is_viewed = models.BooleanField(default=False)
def __unicode__(self):
return self.message_body
def __str__(self):
return self.message_body.decode('utf8')
views.py:
from rest_framework import generics, status
from rest_framework.authentication import TokenAuthentication
from rest_framework.permissions import IsAuthenticated
from rest_framework.response import Response
from message.serializers import (
ListMessageSerializer,
CreateMessageSerializer
)
from core.models import Message
class CreateMessageView(generics.CreateAPIView):
"""
Create new message view
"""
authentication_classes = (TokenAuthentication,)
permission_classes = (IsAuthenticated,)
serializer_class = CreateMessageSerializer
def perform_create(self, serializer):
"""
Save data to DB, if valid
"""
if serializer.is_valid():
serializer.save()
else:
return Response(
serializer.errors,
status.HTTP_400_BAD_REQUEST
)
serializers.py
from rest_framework import serializers
from core.models import Chat, Message
class CreateMessageSerializer(serializers.ModelSerializer):
"""
Serializer for creating ne message
"""
class Meta:
model = Message
fields = (
'id',
'chat',
'message_body',
'sender',
'sent',
'is_viewed'
)
read_only_field = ('id',)
def validate(self, attrs):
"""
Validate request data
"""
message_body = attrs.get('message_body')
if not message_body or message_body is None:
msg = _('Can\'t send empty message!')
raise serializers.ValidationError(msg, code='authentication')
return attrs
def create(self, validated_data):
"""
Insert Message into DB
"""
return Message.objects.create(**validated_data)
url.py:
from django.urls import path
from message import views
app_name = 'message'
urlpatterns = [
path('create/', views.CreateMessageView.as_view(), name='create'),
]
I'd like to be able to open the view in the browser at:
api/v1/message/create/
and test creating new messages by hand :)

I deleted the reelationship between PrimaryKeys of:
Chat - parent of Message in DB
Now everything is working :)

Django Rest Framework Create REST API only for executions

I'm working on a django project in which I need to build a rest API for some executions, I don't have much concerns about models as I only need to perform executions on the base of user's inputs/calls.
Here's my scenario:
The Major thing is the Deployment ( An App in my project )
On a get request user will get a list of all it's
deployments(objects).
A user will send a POST request to /deployments along with the complete
object as:
{
"deployment_name": "dep4",
"credentials": "cre4",
"project_name": "pro4",
"project_id": "004",
"cluster_name": "clus4",
"zone_region": "zon4",
"services": "Single",
"configuration": "conf4",
"routing": "route4" }
then I need to use this data, validate and perform some execution on the base of this data. For example, I will make deployments on a cloud platform with the help of this information by using third-party APIs.
I'm really confused by the documentation of DRF, especially about serializers.
Update: Currently, How I'm trying to do the POST:
From apiview.py
class DeploymentsList(APIView):
queryset = DeploymentOnUserModel.objects.all()
def post(self, request):
print(request.data)
DeploymentOnUserModel.objects.create(
deployment_name=request.data['deployment_name'],
credentials=request.data['credentials'],
project_name=request.data['project_name'],
project_id=request.data['project_id'],
cluster_name=request.data['cluster_name'],
zone_region=request.data['zone_region'],
services=request.data['services'],
configuration=request.data['configuration'],
routing=request.data['routing'],
)
return Response(request.data)
So, how can I validate the incoming data/request?
Here's my Deployment Model:
class DeploymentOnUserModel(models.Model):
deployment_name = models.CharField(max_length=256, )
credentials = models.TextField(blank=False)
project_name = models.CharField(max_length=150, blank=False)
project_id = models.CharField(max_length=150, blank=True)
cluster_name = models.CharField(max_length=256, blank=False)
zone_region = models.CharField(max_length=150, blank=False)
services = models.CharField(max_length=150, choices=services)
configuration = models.TextField()
routing = models.TextField()
def save(self, **kwargs):
if not self.id and self.services == 'Multiple' and not self.routing and not self.configuration:
raise ValidationError("You must have to provide routing for multiple services deployment.")
super().save(**kwargs)
From urls.py:
app_name = 'deployments'
urlpatterns = [
path('deployments/', apiview.DeploymentsList.as_view(), name='deployment_list'),
path('deployments/<int:pk>', apiview.DeploymentDetail.as_view(), name='deployment_detail')
]
Which approach and things from DRF I should use to implement my API.

You will probably want to implement DRFs ModelSerializer and ModelViewSet such that you can easily reuse the Django model you already have.
Your serializer could be like this (e.g. in serializers.py):
from rest_framework import serializers
from .models import DeploymentOnUser
class DeploymentOnUserModelSerializer(serializers.ModelSerializer):
class Meta:
model = DeploymentOnUser
fields = (deployment_name, credentials, )
You should add your own validation here, much like you would do with Django forms.
The viewset could be like this (e.g. in views.py):
from rest_framework import viewsets
from rest_framework.response import Response
from .models import DeploymentOnUserModel
from .serializers import DeploymentOnUserModelSerializer
class DeploymentOnUserViewSet(viewsets.ModelViewSet):
queryset = DeploymentOnUserModel.objects.all()
serializer_class = DeploymentOnUserModelSerializer
def create(self, request, *args, **kwargs):
"""overwrite this for extra actions"""
serializer = self.serializer_class(data=request.data)
serializer.is_valid(raise_exception=True)
serializer.save()
return Response(serializer.data)
Depending on your situation, you might even need to overwrite create -- this just shows how you could do it.
The ModelViewSet and ModelSerializer remove much of the boilerplate code. However, if you haven't used DRF before, it doesn't hurt to first go through the tutorial
Don't forget to also register the viewset in urls.py:
from django.conf.urls import url, include
from rest_framework import routers
from .views import DeploymentOnUserViewSet
router = routers.DefaultRouter()
router.register('deployments', DeploymentOnUserViewSet)
urlpatterns = [
# other patterns also go here
url('', include(router.urls)),
]
You could then test your API by doing e.g. a POST call on /deployments/.
For unit testing, I mostly use this pattern:
from rest_framework.test import APIRequestFactory
# Create a POST request, at the root
request = APIRequestFactory().post('/')
response = DeploymentOnUserViewSet.as_view({'post': 'create'})(request)
assert response.status_code == 200

Custom Hyperlinked URL field for more than one lookup field in a serializer of DRF

I am using Django Rest Framework for developing web api for my project. As in my project i need to build nested api's endpoint like this:
/users/ - to get all users
/users/<user_pk> - to get details of a particular user
/users/<user_pk>/mails/ - to get all mails sent by a user
/users/<user_pk>/mails/<pk> - to get details of a mail sent by a user
So, i am using drf-nested-routers for ease of writing & maintaing these nested resources.
I want output of all my endpoints have hyperlink for getting details of each nested resource alongwith other details like this:
[
{
"url" : "http://localhost:8000/users/1",
"first_name" : "Name1",
"last_name": "Lastname"
"email" : "name1#xyz.com",
"mails": [
{
"url": "http://localhost:8000/users/1/mails/1",
"extra_data": "This is a extra data",
"mail":{
"url": "http://localhost:8000/mails/3"
"to" : "abc#xyz.com",
"from": "name1#xyz.com",
"subject": "This is a subject text",
"message": "This is a message text"
}
},
{
..........
}
..........
]
}
.........
]
To do this, i write my serializers by inherit HyperlinkedModelSerializer as per DRF docs, which automatically adds a url field in response during serialization.
But, by default DRF serializers does not support generation of url for nested resource like above mentioned or we can say more than single lookup field. To handle this situation, they recommended to create custom hyperlinked field.
I followed this doc, and write custom code for handling url generation of nested resource. My code snippets are as follows:
models.py
from django.contrib.auth.models import AbstractUser
from django.db import models
# User model
class User(models.AbstractUser):
mails = models.ManyToManyField('Mail', through='UserMail',
through_fields=('user', 'mail'))
# Mail model
class Mail(models.Model):
to = models.EmailField()
from = models.EmailField()
subject = models.CharField()
message = models.CharField()
# User Mail model
class UserMail(models.Model):
user = models.ForeignKey('User')
mail = models.ForeignKey('Mail')
extra_data = models.CharField()
serializers.py
from rest_framework import serializers
from .models import User, Mail, UserMail
from .serializers_fields import UserMailHyperlink
# Mail Serializer
class MailSerializer(serializers.HyperlinkedModelSerializer):
class Meta:
model = Mail
fields = ('url', 'to', 'from', 'subject', 'message' )
# User Mail Serializer
class UserMailSerializer(serializers.HyperlinkedModelSerializer):
url = UserMailHyperlink()
mail = MailSerializer()
class Meta:
model = UserMail
fields = ('url', 'extra_data', 'mail')
# User Serializer
class UserSerializer(serializers.HyperlinkedModelSerializer):
mails = UserMailSerializer(source='usermail_set', many=True)
class Meta:
model = User
fields = ('url', 'first_name', 'last_name', 'email', 'mails')
serializers_fields.py
from rest_framework import serializers
from rest_framework.reverse import reverse
from .models import UserMail
class UserMailHyperlink(serializers.HyperlinkedRelatedField):
view_name = 'user-mail-detail'
queryset = UserMail.objects.all()
def get_url(self, obj, view_name, request, format):
url_kwargs = {
'user_pk' : obj.user.pk,
'pk' : obj.pk
}
return reverse(view_name, kwargs=url_kwargs, request=request,
format=format)
def get_object(self, view_name, view_args, view_kwargs):
lookup_kwargs = {
'user_pk': view_kwargs['user_pk'],
'pk': view_kwargs['pk']
}
return self.get_queryset().get(**lookup_kwargs)
views.py
from rest_framework import viewsets
from rest_framework.response import Response
from django.shortcuts import get_object_or_404
from .models import User, UserMail
from .serializers import UserSerializer, MailSerializer
class UserViewSet(viewsets.ModelViewSet):
queryset = User.objects.all()
serializer_class = UserSerializer
class UserMailViewSet(viewsets.ViewSet):
queryset = UserMail.objects.all()
serializer_class = UserMailSerializer
def list(self, request, user_pk=None):
mails = self.queryset.filter(user=user_pk)
serializer = self.serializer_class(mails, many=True,
context={'request': request}
)
return Response(serializer.data)
def retrieve(self, request, pk=None, user_pk=None):
queryset = self.queryset.filter(pk=pk, user=user_pk)
mail = get_object_or_404(queryset, pk=pk)
serializer = self.serializer_class(mail,
context={'request': request}
)
return Response(serializer.data)
urls.py
from rest_framework.routers import DefaultRouter
from rest_framework_nested import routers
from django.conf.urls import include, url
import views
router = DefaultRouter()
router.register(r'users', views.UserViewSet, base_name='user')
user_router = routers.NestedSimpleRouter(router, r'users',
lookup='user'
)
user_router.register(r'mails', views.UserMailViewSet,
base_name='user-mail'
)
urlpatterns = [
url(r'^', include(router.urls)),
url(r'^', include(user_router.urls)),
]
Now, after doing this when i run a project and ping /users/ api endpoint, i got this error:
AttributeError : 'UserMail' object has no attribute 'url'
I couldn't understand why this error came, because in UserMailSerializer i added url field as a attribute of this serializer, so when it has to serialize why it takes url field as a attribute of UserMail model.
Please help me out to get away from this problem.
P.S: Please don't suggest any refactoring in models. As, here i just disguised my project real idea with user & mail thing. So, take this as test case and suggest me a solution.

I just needed to do something similar lately. My solution ended up making a custom relations field. To save space, Ill simply (and shamelessly) will point to the source code. The most important part is adding lookup_fields and lookup_url_kwargs class attributes which are used internally to both lookup objects and construct the URIs:
class MultiplePKsHyperlinkedIdentityField(HyperlinkedIdentityField):
lookup_fields = ['pk']
def __init__(self, view_name=None, **kwargs):
self.lookup_fields = kwargs.pop('lookup_fields', self.lookup_fields)
self.lookup_url_kwargs = kwargs.pop('lookup_url_kwargs', self.lookup_fields)
...
That in turn allows the usage like:
class MySerializer(serializers.ModelSerializer):
url = MultiplePKsHyperlinkedIdentityField(
view_name='api:my-resource-detail',
lookup_fields=['form_id', 'pk'],
lookup_url_kwargs=['form_pk', 'pk']
)
Here is also how I use it source code.
Hopefully that can get you started.

Django Rest Framework File Upload

I am using Django Rest Framework and AngularJs to upload a file. My view file looks like this:
class ProductList(APIView):
authentication_classes = (authentication.TokenAuthentication,)
def get(self,request):
if request.user.is_authenticated():
userCompanyId = request.user.get_profile().companyId
products = Product.objects.filter(company = userCompanyId)
serializer = ProductSerializer(products,many=True)
return Response(serializer.data)
def post(self,request):
serializer = ProductSerializer(data=request.DATA, files=request.FILES)
if serializer.is_valid():
serializer.save()
return Response(data=request.DATA)
As the last line of post method should return all the data, I have several questions:
how to check if there is anything in request.FILES?
how to serialize file field?
how should I use parser?

Editor's note:
This answer uses pre_save, which no longer exists in Django REST framework 3.0.
In a sufficiently new version of Django REST framework, MultiPartParser should be available by default, which allows uploading file with no special handling. See an answer below for an example.
I'm using the same stack and was also looking for an example of file upload, but my case is simpler since I use the ModelViewSet instead of APIView. The key turned out to be the pre_save hook. I ended up using it together with the angular-file-upload module like so:
# Django
class ExperimentViewSet(ModelViewSet):
queryset = Experiment.objects.all()
serializer_class = ExperimentSerializer
def pre_save(self, obj):
obj.samplesheet = self.request.FILES.get('file')
class Experiment(Model):
notes = TextField(blank=True)
samplesheet = FileField(blank=True, default='')
user = ForeignKey(User, related_name='experiments')
class ExperimentSerializer(ModelSerializer):
class Meta:
model = Experiment
fields = ('id', 'notes', 'samplesheet', 'user')
// AngularJS
controller('UploadExperimentCtrl', function($scope, $upload) {
$scope.submit = function(files, exp) {
$upload.upload({
url: '/api/experiments/' + exp.id + '/',
method: 'PUT',
data: {user: exp.user.id},
file: files[0]
});
};
});

Use the FileUploadParser, it's all in the request.
Use a put method instead, you'll find an example in the docs :)
class FileUploadView(views.APIView):
parser_classes = (FileUploadParser,)
def put(self, request, filename, format=None):
file_obj = request.FILES['file']
# do some stuff with uploaded file
return Response(status=204)

Finally I am able to upload image using Django. Here is my working code
views.py
class FileUploadView(APIView):
parser_classes = (FileUploadParser, )
def post(self, request, format='jpg'):
up_file = request.FILES['file']
destination = open('/Users/Username/' + up_file.name, 'wb+')
for chunk in up_file.chunks():
destination.write(chunk)
destination.close() # File should be closed only after all chuns are added
# ...
# do some stuff with uploaded file
# ...
return Response(up_file.name, status.HTTP_201_CREATED)
urls.py
urlpatterns = patterns('',
url(r'^imageUpload', views.FileUploadView.as_view())
curl request to upload
curl -X POST -S -H -u "admin:password" -F "file=#img.jpg;type=image/jpg" 127.0.0.1:8000/resourceurl/imageUpload

From my experience, you don't need to do anything particular about file fields, you just tell it to make use of the file field:
from rest_framework import routers, serializers, viewsets
class Photo(django.db.models.Model):
file = django.db.models.ImageField()
def __str__(self):
return self.file.name
class PhotoSerializer(serializers.ModelSerializer):
class Meta:
model = models.Photo
fields = ('id', 'file') # <-- HERE
class PhotoViewSet(viewsets.ModelViewSet):
queryset = models.Photo.objects.all()
serializer_class = PhotoSerializer
router = routers.DefaultRouter()
router.register(r'photos', PhotoViewSet)
api_urlpatterns = ([
url('', include(router.urls)),
], 'api')
urlpatterns += [
url(r'^api/', include(api_urlpatterns)),
]
and you're ready to upload files:
curl -sS http://example.com/api/photos/ -F 'file=#/path/to/file'
Add -F field=value for each extra field your model has. And don't forget to add authentication.

After spending 1 day on this, I figured out that ...
For someone who needs to upload a file and send some data, there is no straight fwd way you can get it to work. There is an open issue in JSON API specs for this. One possibility I have seen is to use multipart/related as shown here, but I think it's very hard to implement in DRF.
Finally what I implemented was to send the request as FormData. You would send each file as file and all other data as text.
Now for sending the data as text you have two choices. case 1) you can send each data as a key-value pair or case 2) you can have a single key called data and send the whole JSON as a string in value.
The first method would work out of the box if you have simple fields but it will be an issue if you have nested serializes. The multipart parser won't be able to parse the nested fields.
Below I am providing the implementation for both the cases
models.py
class Posts(models.Model):
id = models.UUIDField(default=uuid.uuid4, primary_key=True, editable=False)
caption = models.TextField(max_length=1000)
media = models.ImageField(blank=True, default="", upload_to="posts/")
tags = models.ManyToManyField('Tags', related_name='posts')
serializers.py -> no special changes needed, not showing my serializer here as it's too lengthy because of the writable ManyToMany Field implementation.
views.py
class PostsViewset(viewsets.ModelViewSet):
serializer_class = PostsSerializer
#parser_classes = (MultipartJsonParser, parsers.JSONParser) use this if you have simple key value pair as data with no nested serializers
#parser_classes = (parsers.MultipartParser, parsers.JSONParser) use this if you want to parse json in the key value pair data sent
queryset = Posts.objects.all()
lookup_field = 'id'
Now, if you are following the first method and are only sending non-Json data as key-value pairs, you don't need a custom parser class. DRF'd MultipartParser will do the job. But for the second case or if you have nested serializers (like I have shown) you will need a custom parser as shown below.
utils.py
from django.http import QueryDict
import json
from rest_framework import parsers
class MultipartJsonParser(parsers.MultiPartParser):
def parse(self, stream, media_type=None, parser_context=None):
result = super().parse(
stream,
media_type=media_type,
parser_context=parser_context
)
data = {}
# for case1 with nested serializers
# parse each field with json
for key, value in result.data.items():
if type(value) != str:
data[key] = value
continue
if '{' in value or "[" in value:
try:
data[key] = json.loads(value)
except ValueError:
data[key] = value
else:
data[key] = value
# for case 2
# find the data field and parse it
data = json.loads(result.data["data"])
qdict = QueryDict('', mutable=True)
qdict.update(data)
return parsers.DataAndFiles(qdict, result.files)
This serializer would basically parse any JSON content in the values.
The request example in postman for both cases:
Case 1
Case 2

If anyone interested in the easiest example with ModelViewset for Django Rest Framework.
The Model is,
class MyModel(models.Model):
name = models.CharField(db_column='name', max_length=200, blank=False, null=False, unique=True)
imageUrl = models.FileField(db_column='image_url', blank=True, null=True, upload_to='images/')
class Meta:
managed = True
db_table = 'MyModel'
The Serializer,
class MyModelSerializer(serializers.ModelSerializer):
class Meta:
model = MyModel
fields = "__all__"
And the View is,
class MyModelView(viewsets.ModelViewSet):
queryset = MyModel.objects.all()
serializer_class = MyModelSerializer
Test in Postman,

models.py
from django.db import models
import uuid
class File(models.Model):
id = models.UUIDField(primary_key=True, default=uuid.uuid4, editable=False)
file = models.FileField(blank=False, null=False)
def __str__(self):
return self.file.name
serializers.py
from rest_framework import serializers
from .models import File
class FileSerializer(serializers.ModelSerializer):
class Meta:
model = File
fields = "__all__"
views.py
from django.shortcuts import render
from rest_framework.parsers import FileUploadParser
from rest_framework.response import Response
from rest_framework.views import APIView
from rest_framework import status
from .serializers import FileSerializer
class FileUploadView(APIView):
permission_classes = []
parser_class = (FileUploadParser,)
def post(self, request, *args, **kwargs):
file_serializer = FileSerializer(data=request.data)
if file_serializer.is_valid():
file_serializer.save()
return Response(file_serializer.data, status=status.HTTP_201_CREATED)
else:
return Response(file_serializer.errors, status=status.HTTP_400_BAD_REQUEST)
urls.py
from apps.files import views as FileViews
urlpatterns = [
path('api/files', FileViews.FileUploadView.as_view()),
]
settings.py
# file uload parameters
MEDIA_URL = '/media/'
MEDIA_ROOT = os.path.join(BASE_DIR, 'media')
Send a post request to api/files with a your file attached to a form-data field file. The file will be uploaded to /media folder and a db record will be added with id and file name.

I solved this problem with ModelViewSet and ModelSerializer. Hope this will help community.
I also preffer to have validation and Object->JSON (and vice-versa) login in serializer itself rather than in views.
Lets understand it by example.
Say, I want to create FileUploader API. Where it will be storing fields like id, file_path, file_name, size, owner etc in database. See sample model below:
class FileUploader(models.Model):
file = models.FileField()
name = models.CharField(max_length=100) #name is filename without extension
version = models.IntegerField(default=0)
upload_date = models.DateTimeField(auto_now=True, db_index=True)
owner = models.ForeignKey('auth.User', related_name='uploaded_files')
size = models.IntegerField(default=0)
Now, For APIs this is what I want:
GET:
When I fire the GET endpoint, I want all above fields for every uploaded file.
POST:
But for user to create/upload file, why she has to worry about passing all these fields. She can just upload the file and then, I suppose, serializer can get rest of the fields from uploaded FILE.
Searilizer:
Question: I created below serializer to serve my purpose. But not sure if its the right way to implement it.
class FileUploaderSerializer(serializers.ModelSerializer):
# overwrite = serializers.BooleanField()
class Meta:
model = FileUploader
fields = ('file','name','version','upload_date', 'size')
read_only_fields = ('name','version','owner','upload_date', 'size')
def validate(self, validated_data):
validated_data['owner'] = self.context['request'].user
validated_data['name'] = os.path.splitext(validated_data['file'].name)[0]
validated_data['size'] = validated_data['file'].size
#other validation logic
return validated_data
def create(self, validated_data):
return FileUploader.objects.create(**validated_data)
Viewset for reference:
class FileUploaderViewSet(viewsets.ModelViewSet):
serializer_class = FileUploaderSerializer
parser_classes = (MultiPartParser, FormParser,)
# overriding default query set
queryset = LayerFile.objects.all()
def get_queryset(self, *args, **kwargs):
qs = super(FileUploaderViewSet, self).get_queryset(*args, **kwargs)
qs = qs.filter(owner=self.request.user)
return qs

I'd like to write another option that I feel is cleaner and easier to maintain. We'll be using the defaultRouter to add CRUD urls for our viewset and we'll add one more fixed url specifying the uploader view within the same viewset.
**** views.py
from rest_framework import viewsets, serializers
from rest_framework.decorators import action, parser_classes
from rest_framework.parsers import JSONParser, MultiPartParser
from rest_framework.response import Response
from rest_framework_csv.parsers import CSVParser
from posts.models import Post
from posts.serializers import PostSerializer
class PostsViewSet(viewsets.ModelViewSet):
queryset = Post.objects.all()
serializer_class = PostSerializer
parser_classes = (JSONParser, MultiPartParser, CSVParser)
#action(detail=False, methods=['put'], name='Uploader View', parser_classes=[CSVParser],)
def uploader(self, request, filename, format=None):
# Parsed data will be returned within the request object by accessing 'data' attr
_data = request.data
return Response(status=204)
Project's main urls.py
**** urls.py
from rest_framework import routers
from posts.views import PostsViewSet
router = routers.DefaultRouter()
router.register(r'posts', PostsViewSet)
urlpatterns = [
url(r'^posts/uploader/(?P<filename>[^/]+)$', PostsViewSet.as_view({'put': 'uploader'}), name='posts_uploader')
url(r'^', include(router.urls), name='root-api'),
url('admin/', admin.site.urls),
]
.- README.
The magic happens when we add #action decorator to our class method 'uploader'. By specifying "methods=['put']" argument, we are only allowing PUT requests; perfect for file uploading.
I also added the argument "parser_classes" to show you can select the parser that will parse your content. I added CSVParser from the rest_framework_csv package, to demonstrate how we can accept only certain type of files if this functionality is required, in my case I'm only accepting "Content-Type: text/csv".
Note: If you're adding custom Parsers, you'll need to specify them in parsers_classes in the ViewSet due the request will compare the allowed media_type with main (class) parsers before accessing the uploader method parsers.
Now we need to tell Django how to go to this method and where can be implemented in our urls. That's when we add the fixed url (Simple purposes). This Url will take a "filename" argument that will be passed in the method later on. We need to pass this method "uploader", specifying the http protocol ('PUT') in a list to the PostsViewSet.as_view method.
When we land in the following url
http://example.com/posts/uploader/
it will expect a PUT request with headers specifying "Content-Type" and Content-Disposition: attachment; filename="something.csv".
curl -v -u user:pass http://example.com/posts/uploader/ --upload-file ./something.csv --header "Content-type:text/csv"

Some of the solutions are deprecated (request.data should be used for Django 3.0+). Some of them do not validate the input. Also, I would appreciate a solution with swagger annotation. So I recommend using the following code:
from drf_yasg.utils import swagger_auto_schema
from rest_framework import serializers
from rest_framework.parsers import MultiPartParser
from rest_framework.response import Response
from rest_framework.views import APIView
class FileUploadAPI(APIView):
parser_classes = (MultiPartParser, )
class InputSerializer(serializers.Serializer):
image = serializers.ImageField()
#swagger_auto_schema(
request_body=InputSerializer
)
def put(self, request):
input_serializer = self.InputSerializer(data=request.data)
input_serializer.is_valid(raise_exception=True)
# process file
file = input_serializer.validated_data['image']
return Response(status=204)

I have used this view to upload file to aws. Here upload_file is a helper function while overall you can use this view to get upload the file in form-data.
class FileUploadView(GenericAPIView):
def post(self, request):
try:
file = request.data['file']
if file.content_type == 'image/png' or file.content_type == 'image/jpeg':
file_name = upload_file(file)
return Response({"name": file_name}, status=status.HTTP_202_ACCEPTED)
else:
raise UnsupportedMediaType(file.content_type)
except KeyError:
return Response("file missing.", status=status.HTTP_404_NOT_FOUND)

Best Straightforward Way to handle single upload file or multiple files in a single request is this
#api_view(['POST'])
def file_list(request): # use APIview or function based view or any view u want
# for single file
file = request.FILES["file"]
print(file)
# Do what ever you want with it
# for multiple file
files = request.FILES.getlist('file')
for file in files:
print(file)
# Do what ever you want with it

from rest_framework import status
from rest_framework.response import Response
class FileUpload(APIView):
def put(request):
try:
file = request.FILES['filename']
#now upload to s3 bucket or your media file
except Exception as e:
print e
return Response(status,
status.HTTP_500_INTERNAL_SERVER_ERROR)
return Response(status, status.HTTP_200_OK)

If you are using ModelViewSet, well actually you are done! It handles every things for you! You just need to put the field in your ModelSerializer and set content-type=multipart/form-data; in your client.
BUT as you know you can not send files in json format. (when content-type is set to application/json in your client). Unless you use Base64 format.
So you have two choices:
let ModelViewSet and ModelSerializer handle the job and send the request using content-type=multipart/form-data;
set the field in ModelSerializer as Base64ImageField (or) Base64FileField and tell your client to encode the file to Base64 and set the content-type=application/json

from rest_framework import status, generics
from rest_framework.response import Response
from rest_framework import serializers
import logging
logger = logging.getLogger(__name__)`enter code here`
class ImageUploadSerializer(serializers.Serializer):
file = serializers.FileField()
class UploadImages(generics.GenericAPIView):
serializer_class = ImageUploadSerializer
permission_classes = [IsAuthenticated, ]
def post(self, request):
try:
data = self.serializer_class(data=request.data)
if data.is_valid() is False:
return Response({'error': ERROR_MESSAGES.get('400')}, status=status.HTTP_400_BAD_REQUEST)
is_file_upload_success, file_item = save_aws_article_image(data.validated_data.get('file'),
request.user, upload_type)
if is_file_upload_success:
logger.info('{0} file uploaded {1}'.format(file_item['file_obj'].path, datetime.now()))
return Response({'path': file_item['file_obj'].path, 'id': file_item['file_obj'].uuid,
'name': file_item['file_obj'].name},
status=status.HTTP_201_CREATED)
except Exception as e:
logger.error(e, exc_info=True)
return Response({"error": e}, status=status.HTTP_500_INTERNAL_SERVER_ERROR)

In django-rest-framework request data is parsed by the Parsers.
http://www.django-rest-framework.org/api-guide/parsers/
By default django-rest-framework takes parser class JSONParser. It will parse the data into json. so, files will not be parsed with it.
If we want files to be parsed along with other data we should use one of the below parser classes.
FormParser
MultiPartParser
FileUploadParser

def post(self,request):
serializer = ProductSerializer(data=request.DATA, files=request.FILES)
if serializer.is_valid():
serializer.save()
return Response(serializer.data)

This is the one of the approach I've applied hopefully it'll help.
class Model_File_update(APIView):
parser_classes = (MultiPartParser, FormParser)
permission_classes = [IsAuthenticated] # it will check if the user is authenticated or not
authentication_classes = [JSONWebTokenAuthentication] # it will authenticate the person by JSON web token
def put(self, request):
id = request.GET.get('id')
obj = Model.objects.get(id=id)
serializer = Model_Upload_Serializer(obj, data=request.data)
if serializer.is_valid():
serializer.save()
return Response(serializer.data, status=200)
else:
return Response(serializer.errors, status=400)

You can generalize #Nithin's answer to work directly with DRF's existing serializer system by generating a parser class to parse specific fields which are then fed directly into the standard DRF serializers:
from django.http import QueryDict
import json
from rest_framework import parsers
def gen_MultipartJsonParser(json_fields):
class MultipartJsonParser(parsers.MultiPartParser):
def parse(self, stream, media_type=None, parser_context=None):
result = super().parse(
stream,
media_type=media_type,
parser_context=parser_context
)
data = {}
# find the data field and parse it
qdict = QueryDict('', mutable=True)
for json_field in json_fields:
json_data = result.data.get(json_field, None)
if not json_data:
continue
data = json.loads(json_data)
if type(data) == list:
for d in data:
qdict.update({json_field: d})
else:
qdict.update({json_field: data})
return parsers.DataAndFiles(qdict, result.files)
return MultipartJsonParser
This is used like:
class MyFileViewSet(ModelViewSet):
parser_classes = [gen_MultipartJsonParser(['tags', 'permissions'])]
# ^^^^^^^^^^^^^^^^^^^
# Fields that need to be further JSON parsed
....

A DRF viewset fileupload example with React(axios) to send an audioBlob:
class MyViewSet(viewsets.ModelViewSet):
parser_classes = (MultiPartParser, FormParser)
queryset = MyModel.objects.all().order_by('created_at')
serializer_class = MySerializer
serializer:
class MySerializer(serializers.ModelSerializer):
class Meta:
model = MyModel
fields = '__all__'
model:
class MyModel(models.Model):
sentence = models.ForeignKey(Sentence, related_name="voice_sentence", on_delete=models.CASCADE)
voice_record = models.FileField(blank=True, default='')
created_at = models.DateTimeField(auto_now_add=True)
axios:
export const sendSpeechText = async (audioBlob: any) => {
const headers = {
'Content-Type': 'application/json',
'Content-Disposition': 'attachment; filename=audiofile.webm'
}
const audiofile = new File([audioBlob], "audiofile.webm", { type: "audio/webm" })
const formData = new FormData();
formData.append("sentence", '1');
formData.append("voice_record", audiofile);
return await axios.post(
SEND_SPEECH_URL,
formData,
{
crossDomain: true,
headers: headers
},
)
}
NOTE: voice_record in formData should be the same in your model

There are majorly 3 ways for upload files in drf
suppose you have Tag model with title and logo fields and TagSerializer
class Tag(models.Model):
title = models.CharField(max_length=10, default='')
file = models.FileField(upload_to='tag/', blank=True, null=True, )
class TagSerializer(rest_serializers.ModelSerializer):
class Meta:
model = Tag
fields = '__all__'
you can choose one of them according to your situation.
1- using serializer:
class UploadFile(APIView):
parser_classes = (MultiPartParser, FormParser)
def post(self, request):
serializer = TagSerializer(data=request.data)
serializer.is_valid(raise_exception=True)
serializer.save()
return Response(serializer.data, status=status.HTTP_200_OK)
2- using write method :
def save_file(file: InMemoryUploadedFile, full_path):
with open(full_path, 'wb+') as f:
for chunk in file.chunks():
f.write(chunk)
class UploadFile(APIView):
parser_classes = (MultiPartParser, FormParser)
def post(self, request):
file: InMemoryUploadedFile = request.FILES['file']
# define file_save_path variable
full_path = file_save_path + file.name
save_file(file, full_path)
return Response(serializer.data, status=status.HTTP_200_OK)
3- using FileSystemStorage:
class UploadFile(APIView):
parser_classes = (MultiPartParser, FormParser)
def post(self, request):
file: InMemoryUploadedFile = request.FILES['file']
f = FileSystemStorage()
# this will save file in MEDIA_ROOT path
f.save(file.name, file)
return Response(serializer.data, status=status.HTTP_200_OK)

For the users who want to use or prefer a Function-Based Views for uploading files.
This is a Complete Guide from Creating Models > views > Serializers > URLs and Testing the endpoint with Postman. I have put the comments inside the code where required.
# models.py
# Imports
from django.db import models
import os
def document_path_and_name(instance, filename):
''' Change the filename to 'instance_id + document_name '''
ext = filename.split('.')[-1]
filename = "%s_%s.%s" % (instance.id, instance.document_name, ext)
''' if document_name is 'doucment one' in pdf and id is 1
then filname will be saved as = 1_document_one.pdf '''
return os.path.join('files/', filename)
class Document(models.Model):
# I'm using document_name and id to give the filename that would be save with
# this using document_path_and_name function.
# you can modify on your need.
document_name = models.CharField(max_length=100)
file = models.FileField(upload_to=document_path_and_name)
def __str__(self):
return self.document_name
We don't need a Serializer to validate the file upload here but would need one if we need to serialize the response. So let's go with a simple ReadOnly Serializer in this case.
# serializers.py
# imports
from rest_framework import serializers
class DocumentSerializer(serializers.Serializer):
id = serializers.IntegerField(read_only=True)
document_name = serializers.CharField(read_only=True)
file = serializers.URLField(read_only=True)
Now in the api_view, we will be using the MultiPartParser decorator to upload files via a POST request. We would need a document_name and a file for this function to upload the file correctly as we had set the Model.
# views.py
# imports
from rest_framework.decorators import api_view, parser_classes
from rest_framework.response import Response
from rest_framework.parsers import MultiPartParser
from .models import Document
from .serializers import DocumentSerializer
#api_view(['POST'])
#parser_classes([MultiPartParser])
def upload_document(request, filename, format=None):
"""
A view that can accept POST requests with .media_type: multipart/form-data content.
"""
file = request.FILES['file']
doc = Document.objects.create(document_name=filename, file=file)
# Do any thing else here
serializer = DocumentSerializer(doc, many=False)
return Response(serializer.data)
So, We will be passing document_name in the URL param, we can call it anything but I defined it as the filename.
and our API ENDPOINT or Url will be like;
# imports
from django.urls import path
from .views import upload_document
urlpatterns = [
path('upload_document/<str:filename>/', upload_document),
]
So to test this via Postman, go to your valid API endpoint like below
I'm passing the filename for the document_name you can pass anything. You would notice that the actual file name is something else in pdf format in the screenshot below. That will be replaced with the help of our document_path_and_name function to id_document_name. So here the save filename is 1_filename.pdf
Now just make a request and your file will be uploaded to your directed file storage path. And you will get the JSON Response from DocumentSerializer.
The main thing which was responsible for the file upload is the MultiPartParser decorator. Must visit the Docs for more details.

If you're using ViewSets, you can add a custom action to handle file uploads:
from rest_framework.decorators import action
from rest_framework.response import Response
from rest_framework.parsers import FileUploadParser
from rest_framework import viewsets
...
class SomeViewSet(viewsets.ModelViewSet):
serializer_class = ...
permission_classes = [...]
queryset = ...
#action(methods=['put'], detail=True, parser_classes=[FileUploadParser])
def upload_file(self, request, pk=None):
obj = self.get_object()
obj.file = request.data['file']
obj.save()
return Response(status=204)
This keeps everything within the ViewSet. You'll get an endpoint that looks something like this api/item/32/upload_file/.
The reason you'd use FileUploadParser as opposed to other options like multipart is if you're uploading from a native app for example and don't want to rely on a multi part encoder.