added endpoint to account app; added "email_confirmed" field to User model; refactored auth app;

2019-08-20 15:43:59 +03:00 · 2019-08-20 15:43:59 +03:00 · 047803bf43
commit 047803bf43
parent 3c00dd3d1d
16 changed files with 334 additions and 84 deletions
--- a/apps/account/forms.py
+++ b/apps/account/forms.py
@ -0,0 +1,60 @@
+from django import forms
+from django.contrib.auth import (
+    password_validation,
+)
+from django.utils.translation import gettext_lazy as _
+from utils import exceptions
+
+
+class SetPasswordForm(forms.Form):
+    """
+    A form that lets a user change set their password without entering the old
+    password
+    """
+    error_messages = {
+        'password_mismatch': _("The two password fields didn't match."),
+        'password_equal': _("Password already in use."),
+    }
+    new_password1 = forms.CharField(
+        label=_("New password"),
+        widget=forms.PasswordInput,
+        strip=False,
+        help_text=password_validation.password_validators_help_text_html(),
+    )
+    new_password2 = forms.CharField(
+        label=_("New password confirmation"),
+        strip=False,
+        widget=forms.PasswordInput,
+    )
+
+    def __init__(self, user, *args, **kwargs):
+        self.user = user
+        super().__init__(*args, **kwargs)
+
+    def clean_new_password1(self):
+        password1 = self.cleaned_data.get('new_password1')
+        if self.user.check_password(password1):
+            raise forms.ValidationError(
+                self.error_messages['password_equal'],
+                code='password_equal',
+            )
+        return password1
+
+    def clean_new_password2(self):
+        password1 = self.cleaned_data.get('new_password1')
+        password2 = self.cleaned_data.get('new_password2')
+        if password1 and password2:
+            if password1 != password2:
+                raise forms.ValidationError(
+                    self.error_messages['password_mismatch'],
+                    code='password_mismatch',
+                )
+        password_validation.validate_password(password2, self.user)
+        return password2
+
+    def save(self, commit=True):
+        password = self.cleaned_data["new_password1"]
+        self.user.set_password(password)
+        if commit:
+            self.user.save()
+        return self.user
--- a/apps/account/migrations/0004_user_email_confirmed.py
+++ b/apps/account/migrations/0004_user_email_confirmed.py
@ -0,0 +1,18 @@
+# Generated by Django 2.2.4 on 2019-08-20 12:14
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('account', '0003_resetpasswordtoken'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='user',
+            name='email_confirmed',
+            field=models.BooleanField(default=False, verbose_name='email status'),
+        ),
+    ]
--- a/apps/account/models.py
+++ b/apps/account/models.py
@ -3,18 +3,19 @@ from typing import Union

 from django.conf import settings
 from django.contrib.auth.models import AbstractUser, UserManager as BaseUserManager
+from django.contrib.auth.tokens import default_token_generator as password_token_generator
 from django.core.mail import send_mail
 from django.db import models
 from django.template.loader import render_to_string
 from django.utils import timezone
+from django.utils.encoding import force_bytes
+from django.utils.http import urlsafe_base64_encode
 from django.utils.translation import ugettext_lazy as _
 from rest_framework.authtoken.models import Token
-from django.utils.encoding import force_bytes, force_text
-from django.utils.http import urlsafe_base64_encode, urlsafe_base64_decode
-from utils.models import gm_token_generator

 from authorization.models import Application
 from utils.models import ImageMixin, ProjectBaseMixin, PlatformMixin
+from utils.models import gm_token_generator


 class UserManager(BaseUserManager):
@ -57,6 +58,7 @@ class User(ImageMixin, AbstractUser):
    """Base user model."""
    email = models.EmailField(_('email address'), blank=True,
                              null=True, default=None)
+    email_confirmed = models.BooleanField(_('email status'), default=False)
    newsletter = models.NullBooleanField(default=True)

    EMAIL_FIELD = 'email'
@ -93,6 +95,11 @@ class User(ImageMixin, AbstractUser):
    def remove_token(self):
        Token.objects.filter(user=self).delete()

+    def confirm_email(self):
+        """Method to confirm user email address"""
+        self.email_confirmed = True
+        self.save()
+
    def remove_access_tokens(self, source: Union[int, Union[tuple, list]]):
        """Method to remove user access tokens"""
        source = source if isinstance(source, list) else [source, ]
@ -111,21 +118,26 @@ class User(ImageMixin, AbstractUser):
                token.revoke()

    @property
-    def get_signup_finish_token(self):
+    def get_confirm_email_token(self):
        """Make a token for finish signup."""
        return gm_token_generator.make_token(self)

    @property
-    def get_user_uid(self):
+    def get_reset_password_token(self):
+        """Make a token for finish signup."""
+        return password_token_generator.make_token(self)
+
+    @property
+    def get_user_uidb64(self):
        """Get base64 value for user by primary key identifier"""
        return urlsafe_base64_encode(force_bytes(self.pk))

-    def get_confirm_signup_template(self):
-        """Get confirm signup email template"""
+    def get_confirm_email_template(self):
+        """Get confirm email template"""
        return render_to_string(
-            template_name=settings.CONFIRM_SIGNUP_TEMPLATE,
-            context={'token': self.get_signup_finish_token,
-                     'uid': self.get_user_uid,
+            template_name=settings.CONFIRM_EMAIL_TEMPLATE,
+            context={'token': self.get_confirm_email_token,
+                     'uid': self.get_user_uidb64,
                     'domain_uri': settings.DOMAIN_URI})

    def get_body_email_message(self, subject: str, message: str):
@ -200,7 +212,7 @@ class ResetPasswordToken(PlatformMixin, ProjectBaseMixin):
    @property
    def generate_token(self):
        """Generates a pseudo random code"""
-        return gm_token_generator.make_token(self.user)
+        return password_token_generator.make_token(self.user)

    @staticmethod
    def token_is_valid(user, token):
@ -226,8 +238,8 @@ class ResetPasswordToken(PlatformMixin, ProjectBaseMixin):
    def get_reset_password_template(self):
        """Get reset password template"""
        return render_to_string(
-            template_name=settings.RESETTING_TOKEN_TEMPLATE_NAME,
+            template_name=settings.RESETTING_TOKEN_TEMPLATE,
            context={'token': self.key,
-                     'uid': self.user.get_user_uid,
+                     'uidb64': self.user.get_user_uidb64,
                     'domain_uri': settings.DOMAIN_URI})

--- a/apps/account/tasks.py
+++ b/apps/account/tasks.py
@ -4,7 +4,7 @@ import logging
 from celery import shared_task
 from django.utils.translation import gettext_lazy as _

-from . import models as account_models
+from . import models

 logging.basicConfig(format='[%(levelname)s] %(message)s', level=logging.INFO)
 logger = logging.getLogger(__name__)
@ -14,7 +14,7 @@ logger = logging.getLogger(__name__)
 def send_reset_password_email(request_id):
    """Send email to user for reset password."""
    try:
-        obj = account_models.ResetPasswordToken.objects.get(id=request_id)
+        obj = models.ResetPasswordToken.objects.get(id=request_id)
        user = obj.user
        user.send_email(subject=_('Password resetting'),
                        message=obj.get_reset_password_template())
@ -22,3 +22,15 @@ def send_reset_password_email(request_id):
        logger.error(f'METHOD_NAME: {send_reset_password_email.__name__}\n'
                     f'DETAIL: Exception occurred for ResetPasswordToken instance: '
                     f'{request_id}')
+
+
+@shared_task
+def send_confirm_email(user_id):
+    """Send verification email to user."""
+    try:
+        obj = models.User.objects.get(id=user_id)
+        obj.send_email(subject=_('Email confirmation'),
+                       message=obj.get_confirm_email_template())
+    except:
+        logger.error(f'METHOD_NAME: {send_confirm_email.__name__}\n'
+                     f'DETAIL: Exception occurred for user: {user_id}')
--- a/apps/account/urls/web.py
+++ b/apps/account/urls/web.py
@ -7,11 +7,17 @@ from account.views import web as views
 app_name = 'account'

 urlpatterns_api = [
+    path('verify/email/', views.VerifyEmailView.as_view(),
+         name='verify-email'),
+    path('verify/email/confirm/<uidb64>/<token>/', views.VerifyEmailConfirmView.as_view(),
+         name='verify-email-confirm'),
    path('reset-password/', views.PasswordResetView.as_view(),
         name='password-reset'),
-    path('reset-password/confirm/<str:uid>/<str:token>/',
-         views.PasswordResetConfirmView.as_view(),
-         name='password-reset-confirm'),
+    path('form/reset-password/<uidb64>/<token>/', views.FormPasswordResetConfirmView.as_view(),
+         name='form-password-reset-confirm'),
+    # Redirect endpoint after success
+    path('form/reset-password/success/', views.FormPasswordResetSuccessView.as_view(),
+         name='form-password-reset-success'),
 ]

 urlpatterns = urlpatterns_api + \
--- a/apps/account/views/web.py
+++ b/apps/account/views/web.py
@ -1,17 +1,70 @@
 """Web account views"""
+from django.conf import settings
+from django.contrib.auth.tokens import default_token_generator
+from django.core.exceptions import ValidationError
+from django.http import HttpResponseRedirect
+from django.shortcuts import get_object_or_404
+from django.urls import reverse_lazy
+from django.utils.decorators import method_decorator
 from django.utils.encoding import force_text
 from django.utils.http import urlsafe_base64_decode
+from django.utils.translation import gettext_lazy as _
+from django.views.decorators.cache import never_cache
+from django.views.decorators.debug import sensitive_post_parameters
+from django.views.generic.edit import FormView
 from rest_framework import permissions
 from rest_framework import status
-from django.shortcuts import get_object_or_404
+from rest_framework import views
 from rest_framework.response import Response
+from account import tasks

 from account import models
+from account.forms import SetPasswordForm
 from account.serializers import web as serializers
 from utils import exceptions as utils_exceptions
 from utils.models import gm_token_generator
 from utils.views import (JWTCreateAPIView,
-                         JWTGenericViewMixin)
+                         JWTGenericViewMixin,
+                         JWTUpdateAPIView)
+
+
+# Email confirmation
+class VerifyEmailView(JWTGenericViewMixin):
+    """View for confirmation email"""
+
+    def post(self, request, *args, **kwargs):
+        """Implement POST method"""
+        user = request.user
+        if user.email_confirmed:
+            raise utils_exceptions.EmailConfirmedError()
+        # Send verification link on user email
+        if settings.USE_CELERY:
+            tasks.send_confirm_email.delay(user.id)
+        else:
+            tasks.send_confirm_email(user.id)
+        return Response(status=status.HTTP_200_OK)
+
+
+class VerifyEmailConfirmView(JWTGenericViewMixin):
+    """View for confirmation email"""
+
+    permission_classes = (permissions.AllowAny, )
+
+    def get(self, request, *args, **kwargs):
+        """Implement GET-method"""
+        uidb64 = kwargs.get('uidb64')
+        token = kwargs.get('token')
+        uid = force_text(urlsafe_base64_decode(uidb64))
+        user_qs = models.User.objects.filter(pk=uid)
+        if user_qs.exists():
+            user = user_qs.first()
+            if not gm_token_generator.check_token(user, token):
+                raise utils_exceptions.NotValidTokenError()
+            # Change email status
+            user.confirm_email()
+            return Response(status=status.HTTP_200_OK)
+        else:
+            raise utils_exceptions.UserNotFoundError()


 # Password reset
@ -34,12 +87,12 @@ class PasswordResetConfirmView(JWTGenericViewMixin):
        """Override get_object method
        """
        queryset = self.filter_queryset(self.get_queryset())
-        uidb64 = self.kwargs.get('uid')
+        uidb64 = self.kwargs.get('uidb64')

-        uid = force_text(urlsafe_base64_decode(uidb64))
+        user_id = force_text(urlsafe_base64_decode(uidb64))
        token = self.kwargs.get('token')

-        filter_kwargs = {'key': token, 'user_id': uid}
+        filter_kwargs = {'key': token, 'user_id': user_id}
        obj = get_object_or_404(queryset, **filter_kwargs)

        if not gm_token_generator.check_token(user=obj.user, token=token):
@ -58,3 +111,100 @@ class PasswordResetConfirmView(JWTGenericViewMixin):
        serializer.is_valid(raise_exception=True)
        serializer.save()
        return Response(status=status.HTTP_200_OK)
+
+
+# Form view
+class PasswordContextMixin:
+    extra_context = None
+
+    def get_context_data(self, **kwargs):
+        context = super().get_context_data(**kwargs)
+        context.update({
+            'title': self.title,
+            **(self.extra_context or {})
+        })
+        return context
+
+
+class FormPasswordResetSuccessView(views.APIView):
+    """View for successful reset password"""
+
+    def get(self, request, *args, **kwargs):
+        """Implement GET-method"""
+        return Response(status=status.HTTP_200_OK)
+
+
+class FormPasswordResetConfirmView(PasswordContextMixin, FormView):
+
+    INTERNAL_RESET_URL_TOKEN = 'set-password'
+    INTERNAL_RESET_SESSION_TOKEN = '_password_reset_token'
+
+    form_class = SetPasswordForm
+    post_reset_login = False
+    post_reset_login_backend = None
+    success_url = reverse_lazy('web:account:form-password-reset-success')
+    template_name = settings.CONFIRMATION_PASSWORD_RESET_TEMPLATE
+    title = _('Enter new password')
+    token_generator = default_token_generator
+
+    @method_decorator(sensitive_post_parameters())
+    @method_decorator(never_cache)
+    def dispatch(self, *args, **kwargs):
+        assert 'uidb64' in kwargs and 'token' in kwargs
+
+        self.validlink = False
+        self.user = self.get_user(kwargs['uidb64'])
+
+        if self.user is not None:
+            token = kwargs['token']
+            if token == self.INTERNAL_RESET_URL_TOKEN:
+                session_token = self.request.session.get(self.INTERNAL_RESET_SESSION_TOKEN)
+                if self.token_generator.check_token(self.user, session_token):
+                    # If the token is valid, display the password reset form.
+                    self.validlink = True
+                    return super().dispatch(*args, **kwargs)
+            else:
+                if self.token_generator.check_token(self.user, token):
+                    # Store the token in the session and redirect to the
+                    # password reset form at a URL without the token. That
+                    # avoids the possibility of leaking the token in the
+                    # HTTP Referer header.
+                    self.request.session[self.INTERNAL_RESET_SESSION_TOKEN] = token
+                    redirect_url = self.request.path.replace(token, self.INTERNAL_RESET_URL_TOKEN)
+                    return HttpResponseRedirect(redirect_url)
+
+        # Display the "Password reset unsuccessful" page.
+        return self.render_to_response(self.get_context_data())
+
+    def get_user(self, uidb64):
+        try:
+            # urlsafe_base64_decode() decodes to bytestring
+            uid = urlsafe_base64_decode(uidb64).decode()
+            user = models.User.objects.get(pk=uid)
+        except (TypeError, ValueError, OverflowError, models.User.DoesNotExist, ValidationError):
+            user = None
+        return user
+
+    def get_form_kwargs(self):
+        kwargs = super().get_form_kwargs()
+        kwargs['user'] = self.user
+        return kwargs
+
+    def form_valid(self, form):
+        # Saving form
+        form.save()
+        # Pop token
+        del self.request.session[self.INTERNAL_RESET_SESSION_TOKEN]
+        return super().form_valid(form)
+
+    def get_context_data(self, **kwargs):
+        context = super().get_context_data(**kwargs)
+        if self.validlink:
+            context['validlink'] = True
+        else:
+            context.update({
+                'form': None,
+                'title': _('Password reset unsuccessful'),
+                'validlink': False,
+            })
+        return context
--- a/apps/authorization/serializers/common.py
+++ b/apps/authorization/serializers/common.py
@ -134,7 +134,7 @@ class LoginByUsernameOrEmailSerializer(JWTBaseSerializerMixin, serializers.Model
            authentication = authenticate(username=user.get_username(),
                                          password=password)
            if not authentication:
-                raise utils_exceptions.UserNotFoundError()
+                raise utils_exceptions.WrongAuthCredentials()
            self.instance = user
            return attrs

--- a/apps/authorization/tasks.py
+++ b/apps/authorization/tasks.py
@ -7,15 +7,3 @@ from account import models as account_models

 logging.basicConfig(format='[%(levelname)s] %(message)s', level=logging.INFO)
 logger = logging.getLogger(__name__)
-
-
-@shared_task
-def send_confirm_signup_email(user_id):
-    """Send verification email to user."""
-    try:
-        obj = account_models.User.objects.get(id=user_id)
-        obj.send_email(subject=_('Confirm signup'),
-                       message=obj.get_confirm_signup_template())
-    except:
-        logger.error(f'METHOD_NAME: {send_confirm_signup_email.__name__}\n'
-                     f'DETAIL: Exception occurred for user: {user_id}')
--- a/apps/authorization/urls/common.py
+++ b/apps/authorization/urls/common.py
@ -31,8 +31,6 @@ urlpatterns_oauth2 = [
 urlpatterns_jwt = [
    path('signup/', views.SignUpView.as_view(),
         name='signup'),
-    path('signup/finish/<str:uid>/<str:token>/', views.SignupFinishView.as_view(),
-         name='signup-finish'),
    # sign in
    path('login/', views.LoginByUsernameOrEmailView.as_view(),
         name='login'),
--- a/apps/authorization/views/common.py
+++ b/apps/authorization/views/common.py
@ -195,11 +195,7 @@ class SignUpView(JWTCreateAPIView):
            serializer = self.get_serializer(data=request.data)
            serializer.is_valid(raise_exception=True)
            serializer.save()
-            response = Response(serializer.data, status=status.HTTP_201_CREATED)
-            if settings.USE_CELERY:
-                tasks.send_confirm_signup_email.delay(serializer.instance.id)
-            else:
-                tasks.send_confirm_signup_email(serializer.instance.id)
+            response = Response(status=status.HTTP_201_CREATED)
        except utils_exceptions.LocaleNotExisted:
            raise utils_exceptions.LocaleNotExisted(locale=_locale)
        else:
@ -208,43 +204,6 @@ class SignUpView(JWTCreateAPIView):
                response=response)


-class SignupFinishView(JWTGenericViewMixin):
-    """View for confirmation signup"""
-
-    permission_classes = (permissions.AllowAny, )
-
-    def get(self, request, *args, **kwargs):
-        """Implement GET-method"""
-        _locale = self._get_locale(request)
-        try:
-            locale = self._check_locale(locale=_locale)
-            uidb64 = kwargs.get('uid')
-            token = kwargs.get('token')
-
-            uid = force_text(urlsafe_base64_decode(uidb64))
-            user = User.objects.filter(pk=uid)
-            if user.exists():
-                if not gm_token_generator.check_token(user.first(), token):
-                    raise utils_exceptions.NotValidTokenError()
-                response = Response(status=status.HTTP_200_OK)
-            else:
-                raise utils_exceptions.UserNotFoundError()
-        except utils_exceptions.LocaleNotExisted:
-            raise utils_exceptions.LocaleNotExisted(locale=_locale)
-        else:
-            return self._put_cookies_in_response(
-                cookies=self._put_data_in_cookies(locale=locale),
-                response=response)
-
-    def get_success_url(self):
-        """Return url to success page considering Mobile component."""
-        return reverse('mobile:transaction-mobile:success')
-
-    def get_fail_url(self, **kwargs):
-        """Return url to fail page considering Mobile component."""
-        return reverse('mobile:transaction-mobile:fail')
-
-
 # Login by username|email + password
 class LoginByUsernameOrEmailView(JWTAuthViewMixin):
    """Login by email and password"""
--- a/apps/utils/exceptions.py
+++ b/apps/utils/exceptions.py
@ -82,3 +82,17 @@ class PasswordsAreEqual(exceptions.APIException):
    """
    status_code = status.HTTP_400_BAD_REQUEST
    default_detail = _('Password is already in use')
+
+
+class EmailConfirmedError(exceptions.APIException):
+    """The exception should be raised when user email status is already confirmed
+    """
+    status_code = status.HTTP_400_BAD_REQUEST
+    default_detail = _('Email address is already confirmed')
+
+
+class WrongAuthCredentials(exceptions.APIException):
+    """The exception should be raised when credentials is not valid for this user
+    """
+    status_code = status.HTTP_400_BAD_REQUEST
+    default_detail = _('Wrong authorization credentials')
--- a/apps/utils/models.py
+++ b/apps/utils/models.py
@ -133,6 +133,7 @@ class GMTokenGenerator(PasswordResetTokenGenerator):
    def _make_hash_value(self, user, timestamp):
        return (
                str(user.pk) +
+                str(user.email_confirmed) +
                str(timestamp) +
                str(user.is_active)
        )
--- a/project/settings/base.py
+++ b/project/settings/base.py
@ -356,5 +356,6 @@ PASSWORD_RESET_TIMEOUT_DAYS = 1


 # TEMPLATES
-RESETTING_TOKEN_TEMPLATE_NAME = 'account/password_reset_email.html'
-CONFIRM_SIGNUP_TEMPLATE = 'account/confirm_signup.html'
+CONFIRMATION_PASSWORD_RESET_TEMPLATE = 'account/password_reset_confirm.html'
+RESETTING_TOKEN_TEMPLATE = 'account/password_reset_email.html'
+CONFIRM_EMAIL_TEMPLATE = 'account/confirm_email.html'
--- a/project/templates/account/confirm_signup.html
+++ b/project/templates/account/confirm_signup.html
@ -3,7 +3,7 @@

 {% trans "Please confirm your email address to complete the registration:" %}
 {% block signup_confirm %}
-http://{{ domain_uri }}{% url 'auth:signup-finish' uid=uid token=token %}
+http://{{ domain_uri }}{% url 'web:account:verify-email-confirm' uidb64=uid token=token %}
 {% endblock %}

 {% trans "Thanks for using our site!" %}
--- a/project/templates/account/password_reset_confirm.html
+++ b/project/templates/account/password_reset_confirm.html
@ -0,0 +1,31 @@
+{% load i18n static %}
+
+{% block content %}
+
+{% if validlink %}
+
+<p>{% trans "Please enter your new password twice so we can verify you typed it in correctly." %}</p>
+
+<form method="post">{% csrf_token %}
+<fieldset class="module aligned">
+    <div class="form-row field-password1">
+        {{ form.new_password1.errors }}
+        <label for="id_new_password1">{% trans 'New password:' %}</label>
+        {{ form.new_password1 }}
+    </div>
+    <div class="form-row field-password2">
+        {{ form.new_password2.errors }}
+        <label for="id_new_password2">{% trans 'Confirm password:' %}</label>
+        {{ form.new_password2 }}
+    </div>
+    <input type="submit" value="{% trans 'Change my password' %}">
+</fieldset>
+</form>
+
+{% else %}
+
+<p>{% trans "The password reset link was invalid, possibly because it has already been used.  Please request a new password reset." %}</p>
+
+{% endif %}
+
+{% endblock %}
--- a/project/templates/account/password_reset_email.html
+++ b/project/templates/account/password_reset_email.html
@ -3,7 +3,7 @@

 {% trans "Please go to the following page and choose a new password:" %}
 {% block reset_link %}
-http://{{ domain_uri }}{% url 'web:account:password-reset-confirm' uid=uid token=token %}
+http://{{ domain_uri }}{% url 'web:account:form-password-reset-confirm' uidb64=uidb64 token=token %}
 {% endblock %}

 {% trans "Thanks for using our site!" %}