From 62ee83b1d45ae4304f0cefb7c4336edcbd07cb55 Mon Sep 17 00:00:00 2001 From: Anatoly Date: Fri, 30 Aug 2019 11:53:19 +0300 Subject: [PATCH] refactored authorization --- apps/account/models.py | 24 +++++--- apps/account/serializers/common.py | 42 ++++++++++++- apps/account/tasks.py | 12 ---- apps/account/urls/common.py | 2 +- apps/account/urls/web.py | 4 -- apps/account/views/common.py | 19 ++++++ apps/account/views/web.py | 40 ------------- apps/authorization/serializers/common.py | 59 +++---------------- apps/authorization/tasks.py | 12 ++++ apps/authorization/urls/common.py | 5 +- apps/authorization/views/common.py | 45 ++++++++------ apps/utils/exceptions.py | 7 +++ apps/utils/views.py | 6 +- project/settings/base.py | 5 +- .../confirm_email.html | 2 +- 15 files changed, 140 insertions(+), 144 deletions(-) rename project/templates/{account => authorization}/confirm_email.html (77%) diff --git a/apps/account/models.py b/apps/account/models.py index a7910165..1b654e7c 100644 --- a/apps/account/models.py +++ b/apps/account/models.py @@ -23,13 +23,14 @@ class UserManager(BaseUserManager): use_in_migrations = False - def make(self, username: str, email: str, - password: str, newsletter: bool) -> object: + def make(self, username: str, email: str, password: str, + newsletter: bool, is_active: bool = False) -> object: """Register new user""" obj = self.model( username=username, email=email, - newsletter=newsletter + newsletter=newsletter, + is_active=is_active ) obj.set_password(password) obj.save() @@ -100,6 +101,11 @@ class User(ImageMixin, AbstractUser): self.email_confirmed = True self.save() + def approve(self): + """Set user is_active status to True""" + self.is_active = True + self.save() + def remove_access_tokens(self, source: Union[int, Union[tuple, list]]): """Method to remove user access tokens""" source = source if isinstance(source, list) else [source, ] @@ -118,12 +124,12 @@ class User(ImageMixin, AbstractUser): token.revoke() @property - def get_confirm_email_token(self): + def confirm_email_token(self): """Make a token for finish signup.""" return gm_token_generator.make_token(self) @property - def get_reset_password_token(self): + def reset_password_token(self): """Make a token for finish signup.""" return password_token_generator.make_token(self) @@ -136,9 +142,10 @@ class User(ImageMixin, AbstractUser): """Get confirm email template""" return render_to_string( template_name=settings.CONFIRM_EMAIL_TEMPLATE, - context={'token': self.get_confirm_email_token, + context={'token': self.confirm_email_token, 'uid': self.get_user_uidb64, - 'domain_uri': settings.DOMAIN_URI}) + 'domain_uri': settings.DOMAIN_URI, + 'site_name': settings.SITE_NAME}) def get_body_email_message(self, subject: str, message: str): """Prepare the body of the email message""" @@ -241,5 +248,6 @@ class ResetPasswordToken(PlatformMixin, ProjectBaseMixin): template_name=settings.RESETTING_TOKEN_TEMPLATE, context={'token': self.key, 'uidb64': self.user.get_user_uidb64, - 'domain_uri': settings.DOMAIN_URI}) + 'domain_uri': settings.DOMAIN_URI, + 'site_name': settings.SITE_NAME}) diff --git a/apps/account/serializers/common.py b/apps/account/serializers/common.py index 7626dbb7..1bc4d201 100644 --- a/apps/account/serializers/common.py +++ b/apps/account/serializers/common.py @@ -3,6 +3,9 @@ from fcm_django.models import FCMDevice from rest_framework import serializers, exceptions from account import models +from utils import exceptions as utils_exceptions +from rest_framework_simplejwt import tokens +from django.conf import settings # User serializers @@ -57,4 +60,41 @@ class FCMDeviceSerializer(serializers.ModelSerializer): else: instance.user = None instance.save() - return instance \ No newline at end of file + return instance + + +class RefreshTokenSerializer(serializers.Serializer): + """Serializer for refresh token view""" + refresh_token = serializers.CharField(read_only=True) + access_token = serializers.CharField(read_only=True) + + def get_request(self): + """Return request""" + return self.context.get('request') + + def validate(self, attrs): + """Override validate method""" + refresh_token = self.get_request().COOKIES.get('refresh_token') + if not refresh_token: + raise utils_exceptions.NotValidRefreshTokenError() + + token = tokens.RefreshToken(token=refresh_token) + + data = {'access_token': str(token.access_token)} + + if settings.SIMPLE_JWT.get('ROTATE_REFRESH_TOKENS'): + if settings.SIMPLE_JWT.get('BLACKLIST_AFTER_ROTATION'): + try: + # Attempt to blacklist the given refresh token + token.blacklist() + except AttributeError: + # If blacklist app not installed, `blacklist` method will + # not be present + pass + + token.set_jti() + token.set_exp() + + data['refresh_token'] = str(token) + + return data diff --git a/apps/account/tasks.py b/apps/account/tasks.py index e7414d87..b2ce5657 100644 --- a/apps/account/tasks.py +++ b/apps/account/tasks.py @@ -22,15 +22,3 @@ def send_reset_password_email(request_id): logger.error(f'METHOD_NAME: {send_reset_password_email.__name__}\n' f'DETAIL: Exception occurred for ResetPasswordToken instance: ' f'{request_id}') - - -@shared_task -def send_confirm_email(user_id): - """Send verification email to user.""" - try: - obj = models.User.objects.get(id=user_id) - obj.send_email(subject=_('Email confirmation'), - message=obj.get_confirm_email_template()) - except: - logger.error(f'METHOD_NAME: {send_confirm_email.__name__}\n' - f'DETAIL: Exception occurred for user: {user_id}') diff --git a/apps/account/urls/common.py b/apps/account/urls/common.py index 4d55f2fa..f903ccb0 100644 --- a/apps/account/urls/common.py +++ b/apps/account/urls/common.py @@ -7,5 +7,5 @@ app_name = 'account' urlpatterns = [ path('user/', views.UserView.as_view(), name='user-get-update'), - + path('refresh-token/', views.RefreshTokenView.as_view(), name="refresh-token"), ] diff --git a/apps/account/urls/web.py b/apps/account/urls/web.py index 033a702b..1b6d97a2 100644 --- a/apps/account/urls/web.py +++ b/apps/account/urls/web.py @@ -7,10 +7,6 @@ from account.views import web as views app_name = 'account' urlpatterns_api = [ - path('verify/email/', views.VerifyEmailView.as_view(), - name='verify-email'), - path('verify/email/confirm///', views.VerifyEmailConfirmView.as_view(), - name='verify-email-confirm'), path('reset-password/', views.PasswordResetView.as_view(), name='password-reset'), path('form/reset-password///', views.FormPasswordResetConfirmView.as_view(), diff --git a/apps/account/views/common.py b/apps/account/views/common.py index d7a422a2..218267f6 100644 --- a/apps/account/views/common.py +++ b/apps/account/views/common.py @@ -6,6 +6,7 @@ from rest_framework.response import Response from account import models from account.serializers import common as serializers +from utils.views import JWTGenericViewMixin # User views @@ -53,3 +54,21 @@ class FCMDeviceViewSet(generics.GenericAPIView): obj = queryset.filter(**filter).first() obj and self.check_object_permissions(self.request, obj) return obj + + +# Refresh access_token +class RefreshTokenView(JWTGenericViewMixin): + """Refresh access_token""" + permission_classes = (permissions.IsAuthenticated,) + serializer_class = serializers.RefreshTokenSerializer + + def post(self, request, *args, **kwargs): + serializer = self.get_serializer(data=request.data) + serializer.is_valid(raise_exception=True) + response = Response(serializer.data, status=status.HTTP_201_CREATED) + access_token = serializer.data.get('access_token') + refresh_token = serializer.data.get('refresh_token') + return self._put_cookies_in_response( + cookies=self._put_data_in_cookies(access_token=access_token, + refresh_token=refresh_token), + response=response) diff --git a/apps/account/views/web.py b/apps/account/views/web.py index 75ab66c4..ec13b057 100644 --- a/apps/account/views/web.py +++ b/apps/account/views/web.py @@ -18,7 +18,6 @@ from rest_framework import views from rest_framework.response import Response from account import models -from account import tasks from account.forms import SetPasswordForm from account.serializers import web as serializers from utils import exceptions as utils_exceptions @@ -27,45 +26,6 @@ from utils.views import (JWTCreateAPIView, JWTGenericViewMixin) -# Email confirmation -class VerifyEmailView(JWTGenericViewMixin): - """View for confirmation email""" - - def post(self, request, *args, **kwargs): - """Implement POST method""" - user = request.user - if user.email_confirmed: - raise utils_exceptions.EmailConfirmedError() - # Send verification link on user email - if settings.USE_CELERY: - tasks.send_confirm_email.delay(user.id) - else: - tasks.send_confirm_email(user.id) - return Response(status=status.HTTP_200_OK) - - -class VerifyEmailConfirmView(JWTGenericViewMixin): - """View for confirmation email""" - - permission_classes = (permissions.AllowAny, ) - - def get(self, request, *args, **kwargs): - """Implement GET-method""" - uidb64 = kwargs.get('uidb64') - token = kwargs.get('token') - uid = force_text(urlsafe_base64_decode(uidb64)) - user_qs = models.User.objects.filter(pk=uid) - if user_qs.exists(): - user = user_qs.first() - if not gm_token_generator.check_token(user, token): - raise utils_exceptions.NotValidAccessTokenError() - # Change email status - user.confirm_email() - return Response(status=status.HTTP_200_OK) - else: - raise utils_exceptions.UserNotFoundError() - - # Password reset class PasswordResetView(JWTCreateAPIView): """View for resetting user password""" diff --git a/apps/authorization/serializers/common.py b/apps/authorization/serializers/common.py index baeac5d0..1371e26b 100644 --- a/apps/authorization/serializers/common.py +++ b/apps/authorization/serializers/common.py @@ -5,6 +5,7 @@ from django.contrib.auth import password_validation as password_validators from django.db.models import Q from rest_framework import serializers from rest_framework import validators as rest_validators +from authorization import tasks # JWT from rest_framework_simplejwt import tokens @@ -13,8 +14,6 @@ from authorization.models import Application, BlacklistedAccessToken from utils import exceptions as utils_exceptions from utils import methods as utils_methods -JWT_SETTINGS = settings.SIMPLE_JWT - # Mixins class BaseAuthSerializerMixin(serializers.Serializer): @@ -46,17 +45,6 @@ class JWTBaseSerializerMixin(serializers.Serializer): return super().to_representation(instance) -class LoginSerializerMixin(BaseAuthSerializerMixin): - """Mixin for login serializers""" - password = serializers.CharField(write_only=True) - - -class ClassicAuthSerializerMixin(BaseAuthSerializerMixin): - """Classic authorization serializer mixin""" - password = serializers.CharField(write_only=True) - newsletter = serializers.BooleanField() - - # Serializers class SignupSerializer(serializers.ModelSerializer): """Signup serializer serializer mixin""" @@ -102,8 +90,12 @@ class SignupSerializer(serializers.ModelSerializer): username=validated_data.get('username'), password=validated_data.get('password'), email=validated_data.get('email'), - newsletter=validated_data.get('newsletter') - ) + newsletter=validated_data.get('newsletter')) + # Send verification link on user email + if settings.USE_CELERY: + tasks.send_confirm_email.delay(obj.id) + else: + tasks.send_confirm_email(obj.id) return obj @@ -152,43 +144,6 @@ class LoginByUsernameOrEmailSerializer(JWTBaseSerializerMixin, serializers.Model return super().to_representation(instance) -class RefreshTokenSerializer(serializers.Serializer): - """Serializer for refresh token view""" - refresh_token = serializers.CharField(read_only=True) - access_token = serializers.CharField(read_only=True) - - def get_request(self): - """Return request""" - return self.context.get('request') - - def validate(self, attrs): - """Override validate method""" - refresh_token = self.get_request().COOKIES.get('refresh_token') - if not refresh_token: - raise utils_exceptions.NotValidRefreshTokenError() - - token = tokens.RefreshToken(token=refresh_token) - - data = {'access_token': str(token.access_token)} - - if JWT_SETTINGS.get('ROTATE_REFRESH_TOKENS'): - if JWT_SETTINGS.get('BLACKLIST_AFTER_ROTATION'): - try: - # Attempt to blacklist the given refresh token - token.blacklist() - except AttributeError: - # If blacklist app not installed, `blacklist` method will - # not be present - pass - - token.set_jti() - token.set_exp() - - data['refresh_token'] = str(token) - - return data - - class LogoutSerializer(serializers.ModelSerializer): """Serializer class for model Logout""" diff --git a/apps/authorization/tasks.py b/apps/authorization/tasks.py index e30ad914..76830ae0 100644 --- a/apps/authorization/tasks.py +++ b/apps/authorization/tasks.py @@ -7,3 +7,15 @@ from account import models as account_models logging.basicConfig(format='[%(levelname)s] %(message)s', level=logging.INFO) logger = logging.getLogger(__name__) + + +@shared_task +def send_confirm_email(user_id): + """Send verification email to user.""" + try: + obj = account_models.User.objects.get(id=user_id) + obj.send_email(subject=_('Email confirmation'), + message=obj.get_confirm_email_template()) + except: + logger.error(f'METHOD_NAME: {send_confirm_email.__name__}\n' + f'DETAIL: Exception occurred for user: {user_id}') diff --git a/apps/authorization/urls/common.py b/apps/authorization/urls/common.py index 9567088a..dd0fb54f 100644 --- a/apps/authorization/urls/common.py +++ b/apps/authorization/urls/common.py @@ -29,9 +29,10 @@ urlpatterns_oauth2 = [ urlpatterns_jwt = [ path('signup/', views.SignUpView.as_view(), name='signup'), + path('signup/confirm///', views.VerifyEmailConfirmView.as_view(), + name='signup-confirm'), path('login/', views.LoginByUsernameOrEmailView.as_view(), name='login'), - path('refresh-token/', views.RefreshTokenView.as_view(), name="refresh-token"), - path('logout/', views.LogoutView.as_view(), name="logout"), + path('logout/', views.LogoutView.as_view(), name="logout") ] diff --git a/apps/authorization/views/common.py b/apps/authorization/views/common.py index a587c66c..8d9e0d36 100644 --- a/apps/authorization/views/common.py +++ b/apps/authorization/views/common.py @@ -3,6 +3,8 @@ import json from braces.views import CsrfExemptMixin from django.conf import settings +from django.utils.encoding import force_text +from django.utils.http import urlsafe_base64_decode from django.utils.translation import gettext_lazy as _ from oauth2_provider.oauth2_backends import OAuthLibCore from oauth2_provider.settings import oauth2_settings @@ -14,6 +16,7 @@ from rest_framework.response import Response from rest_framework_simplejwt import tokens as jwt_tokens from rest_framework_social_oauth2.oauth2_backends import KeepRequestCore from rest_framework_social_oauth2.oauth2_endpoints import SocialTokenServer +from utils.models import gm_token_generator from account.models import User from authorization.models import Application @@ -166,6 +169,30 @@ class SignUpView(JWTCreateAPIView): return Response(status=status.HTTP_201_CREATED) +class VerifyEmailConfirmView(JWTGenericViewMixin): + """View for confirmation email""" + + permission_classes = (permissions.AllowAny, ) + + def get(self, request, *args, **kwargs): + """Implement GET-method""" + uidb64 = kwargs.get('uidb64') + token = kwargs.get('token') + uid = force_text(urlsafe_base64_decode(uidb64)) + user_qs = User.objects.filter(pk=uid) + if user_qs.exists(): + user = user_qs.first() + if not gm_token_generator.check_token(user, token): + raise utils_exceptions.NotValidTokenError() + # Approve email status + user.confirm_email() + # Set user status as active + user.approve() + return Response(status=status.HTTP_200_OK) + else: + raise utils_exceptions.UserNotFoundError() + + # Login by username|email + password class LoginByUsernameOrEmailView(JWTAuthViewMixin): """Login by email and password""" @@ -187,24 +214,6 @@ class LoginByUsernameOrEmailView(JWTAuthViewMixin): response=response) -# Refresh access_token -class RefreshTokenView(JWTGenericViewMixin): - """Refresh access_token""" - permission_classes = (permissions.IsAuthenticated,) - serializer_class = serializers.RefreshTokenSerializer - - def post(self, request, *args, **kwargs): - serializer = self.get_serializer(data=request.data) - serializer.is_valid(raise_exception=True) - response = Response(serializer.data, status=status.HTTP_201_CREATED) - access_token = serializer.data.get('access_token') - refresh_token = serializer.data.get('refresh_token') - return self._put_cookies_in_response( - cookies=self._put_data_in_cookies(access_token=access_token, - refresh_token=refresh_token), - response=response) - - # Logout class LogoutView(JWTGenericViewMixin): """Logout user""" diff --git a/apps/utils/exceptions.py b/apps/utils/exceptions.py index 5d2c973d..7a7bc94e 100644 --- a/apps/utils/exceptions.py +++ b/apps/utils/exceptions.py @@ -70,6 +70,13 @@ class NotValidUsernameError(exceptions.APIException): default_detail = _('Wrong username') +class NotValidTokenError(exceptions.APIException): + """The exception should be thrown when token in url is not valid + """ + status_code = status.HTTP_400_BAD_REQUEST + default_detail = _('Not valid token') + + class NotValidAccessTokenError(exceptions.APIException): """The exception should be thrown when access token in url is not valid """ diff --git a/apps/utils/views.py b/apps/utils/views.py index b222a4d7..3aebe590 100644 --- a/apps/utils/views.py +++ b/apps/utils/views.py @@ -12,8 +12,6 @@ from rest_framework_simplejwt import tokens class JWTGenericViewMixin(generics.GenericAPIView): """JWT view mixin""" - JWT_SETTINGS = settings.SIMPLE_JWT - ACCESS_TOKEN_HTTP_ONLY = False ACCESS_TOKEN_SECURE = False @@ -42,8 +40,8 @@ class JWTGenericViewMixin(generics.GenericAPIView): # Set max_age for tokens if permanent: - access_token_max_age = self.JWT_SETTINGS.get('ACCESS_TOKEN_LIFETIME_SECONDS') - refresh_token_max_age = self.JWT_SETTINGS.get('REFRESH_TOKEN_LIFETIME_SECONDS') + access_token_max_age = settings.SIMPLE_JWT.get('ACCESS_TOKEN_LIFETIME_SECONDS') + refresh_token_max_age = settings.SIMPLE_JWT.get('REFRESH_TOKEN_LIFETIME_SECONDS') else: access_token_max_age = settings.COOKIES_MAX_AGE refresh_token_max_age = settings.COOKIES_MAX_AGE diff --git a/project/settings/base.py b/project/settings/base.py index ef721f80..29e34caa 100644 --- a/project/settings/base.py +++ b/project/settings/base.py @@ -369,7 +369,7 @@ PASSWORD_RESET_TIMEOUT_DAYS = 1 # TEMPLATES CONFIRMATION_PASSWORD_RESET_TEMPLATE = 'account/password_reset_confirm.html' RESETTING_TOKEN_TEMPLATE = 'account/password_reset_email.html' -CONFIRM_EMAIL_TEMPLATE = 'account/confirm_email.html' +CONFIRM_EMAIL_TEMPLATE = 'authorization/confirm_email.html' # COOKIES @@ -386,3 +386,6 @@ FILE_UPLOAD_PERMISSIONS = 0o644 SOLO_CACHE_TIMEOUT = 300 + + +SITE_NAME = 'Gault & Millau' diff --git a/project/templates/account/confirm_email.html b/project/templates/authorization/confirm_email.html similarity index 77% rename from project/templates/account/confirm_email.html rename to project/templates/authorization/confirm_email.html index 93329538..f3b00c4a 100644 --- a/project/templates/account/confirm_email.html +++ b/project/templates/authorization/confirm_email.html @@ -3,7 +3,7 @@ {% trans "Please confirm your email address to complete the registration:" %} {% block signup_confirm %} -http://{{ domain_uri }}{% url 'web:account:verify-email-confirm' uidb64=uid token=token %} +http://{{ domain_uri }}{% url 'auth:signup-confirm' uidb64=uid token=token %} {% endblock %} {% trans "Thanks for using our site!" %}