From eb30251362b043db289049f81267a2ca819d4f91 Mon Sep 17 00:00:00 2001
From: Mohammad Sajad Pourajam <prj.sajad85@gmail.com>
Date: Wed, 25 Mar 2026 01:54:01 +0330
Subject: [PATCH] UPDATE

---
 account/backends.py |  4 +++-
 account/views.py    |  2 +-
 auth/views.py       | 25 +++++++++----------------
 config/settings.py  |  3 ++-
 dashboard/views.py  |  6 ------
 5 files changed, 15 insertions(+), 25 deletions(-)

diff --git a/account/backends.py b/account/backends.py
index d8510f8..4ec204f 100644
--- a/account/backends.py
+++ b/account/backends.py
@@ -19,10 +19,12 @@ class MultiFieldBackend(ModelBackend):
             user = User.objects.get(
                 Q(username=username) | Q(email=username) | Q(phone_number=username)
             )
+            print(user)
         except (User.DoesNotExist, User.MultipleObjectsReturned):
             User().set_password(password)
             return None
-
+        print(user.check_password(password) , self.user_can_authenticate(user))
+        
         if user.check_password(password) and self.user_can_authenticate(user):
             return user
         return None
diff --git a/account/views.py b/account/views.py
index d23ce0f..e8aa686 100644
--- a/account/views.py
+++ b/account/views.py
@@ -109,7 +109,7 @@ class AccountView(APIView):
     - DELETE "<uuid>/"  → Delete: uuid (path). Returns status "success". No data field.
     """
 
-    # permission_classes = [IsAuthenticated]
+    permission_classes = [IsAuthenticated]
 
     def get(self, request, *args, **kwargs):
         """
diff --git a/auth/views.py b/auth/views.py
index e766ffc..97cb4ef 100644
--- a/auth/views.py
+++ b/auth/views.py
@@ -1,13 +1,13 @@
 import secrets
 
-from django.contrib.auth import authenticate, get_user_model
-from django.db.models import Q
+from django.contrib.auth import authenticate
 from django.conf import settings
 from django.core.cache import cache
 from django.core.signing import BadSignature, SignatureExpired, TimestampSigner
 from django.db import IntegrityError
 from rest_framework import serializers
 from rest_framework import status
+from rest_framework.permissions import AllowAny
 from rest_framework.response import Response
 from rest_framework.views import APIView
 from drf_spectacular.utils import extend_schema, extend_schema_view
@@ -61,6 +61,8 @@ class RegisterView(APIView):
     Returns JWT tokens and user data on success.
     """
 
+    permission_classes = [AllowAny]
+
     def post(self, request):
         serializer = RegisterSerializer(data=request.data)
         serializer.is_valid(raise_exception=True)
@@ -124,6 +126,8 @@ class LoginView(APIView):
     Returns JWT tokens and user data on success.
     """
 
+    permission_classes = [AllowAny]
+
     def post(self, request):
         serializer = LoginSerializer(data=request.data)
         serializer.is_valid(raise_exception=True)
@@ -131,21 +135,8 @@ class LoginView(APIView):
         identifier = serializer.validated_data["identifier"]
         password = serializer.validated_data["password"]
 
-        User = get_user_model()
+        user = authenticate(request, username=identifier, password=password)
 
-        identifier = serializer.validated_data["identifier"]
-        password = serializer.validated_data["password"]
-
-        user_obj = User.objects.filter(
-            Q(username=identifier) | Q(email=identifier) | Q(phone_number=identifier)
-        ).first()
-
-        
-
-        if user_obj:
-            user = authenticate(request, username=user_obj.username, password=password)
-        else:
-            user = None
         if user is None:
             return Response(
                 {"code": 401, "msg": "Invalid credentials."},
@@ -193,6 +184,8 @@ class AuthenticationView(APIView):
     Response format: RequestOTPResponse / VerifyOTPResponse (code, msg, token, data when applicable).
     """
 
+    permission_classes = [AllowAny]
+
     def post(self, request):
         if "verify-otp" in request.path:
             return self._verify_otp(request)
diff --git a/config/settings.py b/config/settings.py
index e1a82f5..5656519 100644
--- a/config/settings.py
+++ b/config/settings.py
@@ -111,7 +111,7 @@ CACHES = {
 
 REST_FRAMEWORK = {
     "DEFAULT_PERMISSION_CLASSES": [
-        "rest_framework.permissions.AllowAny",
+        "rest_framework.permissions.IsAuthenticated",
     ],
     "DEFAULT_AUTHENTICATION_CLASSES": [
         "rest_framework_simplejwt.authentication.JWTAuthentication",
@@ -128,6 +128,7 @@ SPECTACULAR_SETTINGS = {
     "SWAGGER_UI_FAVICON_HREF": "SIDECAR",
     "REDOC_DIST": "SIDECAR",
     "SCHEMA_PATH_PREFIX": r"/api/",
+    "SERVE_PERMISSIONS": ["rest_framework.permissions.AllowAny"],
 }
 
 
diff --git a/dashboard/views.py b/dashboard/views.py
index 0954b57..fd28683 100644
--- a/dashboard/views.py
+++ b/dashboard/views.py
@@ -33,9 +33,6 @@ class FarmDashboardConfigView(APIView):
     PATCH accepts body but returns same static config; no processing or validation.
     No database. No input values used in response.
     """
-    authentication_classes = []  # No authentication
-    permission_classes = []
-
     def get(self, request):
         return Response({"code": 200, "msg": "OK", "data": CONFIG}, status=status.HTTP_200_OK)
 
@@ -55,9 +52,6 @@ class FarmDashboardCardsView(APIView):
     Returns unified response with all 15 card payloads.
     No database. Static mock data only.
     """
-    authentication_classes = []  # No authentication
-    permission_classes = []
-
     def get(self, request):
         adapter_response = external_api_request("ai", "/dashboard-data/status", method="GET")
         return Response(adapter_response.data, status=adapter_response.status_code)