feat(API): change to jwt authentication.

tienda_ilusion/users/admin.py

@@ -0,0 +1,3 @@
+from django.contrib import admin
+
+# Register your models here.

tienda_ilusion/users/apps.py

@@ -0,0 +1,5 @@
+from django.apps import AppConfig
+
+
+class UsersConfig(AppConfig):
+    name = 'users'

tienda_ilusion/users/models.py

@@ -0,0 +1,3 @@
+from django.db import models
+
+# Create your models here.

tienda_ilusion/users/serializers.py

@@ -0,0 +1,8 @@
+from django.contrib.auth.models import User
+from rest_framework import serializers
+
+
+class UserSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = User
+        fields = ('id', 'username', 'email', 'first_name', 'last_name')

tienda_ilusion/users/tests.py

@@ -0,0 +1,51 @@
+from django.test import TestCase
+from django.urls import reverse
+from django.contrib.auth.models import User
+from rest_framework.test import APIClient
+from rest_framework_simplejwt.tokens import RefreshToken
+
+
+class MeEndpointTests(TestCase):
+    def setUp(self):
+        self.user = User.objects.create_superuser(
+            username='admin',
+            email='admin@example.com',
+            password='adminpass'
+        )
+
+        refresh = RefreshToken.for_user(self.user)
+        self.access_token = str(refresh.access_token)
+
+        self.client = APIClient()
+        self.client.credentials(
+            HTTP_AUTHORIZATION=f'Bearer {self.access_token}')
+
+    def test_me_endpoint_returns_correct_user_data(self):
+        """
+        Verifica que GET /api/users/me/ devuelve los datos del usuario
+        autenticado.
+        """
+        url = reverse('current-user')
+        response = self.client.get(url)
+
+        self.assertEqual(response.status_code, 200)
+
+        expected_fields = {'id', 'username', 'email',
+                           'first_name', 'last_name'}
+        self.assertTrue(expected_fields.issubset(response.json().keys()))
+
+        data = response.json()
+        self.assertEqual(data['username'], self.user.username)
+        self.assertEqual(data['email'], self.user.email)
+        self.assertEqual(data['first_name'], self.user.first_name)
+        self.assertEqual(data['last_name'], self.user.last_name)
+
+    def test_me_endpoint_requires_authentication(self):
+        """
+        Sin token el endpoint debe devolver 401 Unauthorized.
+        """
+        client_no_auth = APIClient()
+        url = reverse('current-user')
+        response = client_no_auth.get(url)
+
+        self.assertEqual(response.status_code, 401)

tienda_ilusion/users/urls.py

@@ -0,0 +1,6 @@
+from django.urls import path
+from .views import CurrentUserView
+
+urlpatterns = [
+    path('me/', CurrentUserView.as_view(), name='current-user'),
+]

tienda_ilusion/users/views.py

@@ -0,0 +1,12 @@
+from rest_framework.views import APIView
+from rest_framework.response import Response
+from rest_framework.permissions import IsAuthenticated
+from .serializers import UserSerializer
+
+
+class CurrentUserView(APIView):
+    permission_classes = [IsAuthenticated]
+
+    def get(self, request):
+        serializer = UserSerializer(request.user)
+        return Response(serializer.data)