From 2fdd009ca52ef9a6c1420122f74bfd0ecdf7ce3f Mon Sep 17 00:00:00 2001
From: phzhik <phzhitnikov@gmail.com>
Date: Wed, 12 Jul 2023 23:18:31 +0400
Subject: [PATCH] + djoser routes for user API

---
 poizonstore/settings.py | 17 +++++++++++++----
 poizonstore/urls.py     |  2 ++
 requirements.txt        |  1 +
 store/serializers.py    | 24 ------------------------
 store/urls.py           |  4 ----
 store/views.py          | 37 ++-----------------------------------
 utils/permissions.py    |  8 --------
 7 files changed, 18 insertions(+), 75 deletions(-)

diff --git a/poizonstore/settings.py b/poizonstore/settings.py
index cb423c6..4a72893 100644
--- a/poizonstore/settings.py
+++ b/poizonstore/settings.py
@@ -47,7 +47,6 @@ CORS_ALLOWED_ORIGINS = [
 
 if DISABLE_CORS:
     CORS_ALLOW_ALL_ORIGINS = True
-    CORS_ALLOW_CREDENTIALS = True
 
 AUTH_USER_MODEL = 'store.User'
 
@@ -65,6 +64,8 @@ INSTALLED_APPS = [
     'corsheaders',
     'django_cleanup.apps.CleanupSelectedConfig',
     'rest_framework',
+    'rest_framework.authtoken',
+    'djoser',
     'debug_toolbar',
     'django_filters',
 
@@ -146,14 +147,22 @@ REST_FRAMEWORK = {
         'rest_framework.permissions.AllowAny'
     ],
 
-    'DEFAULT_AUTHENTICATION_CLASSES': (
-        'utils.permissions.CsrfExemptSessionAuthentication',
-    ),
+    'DEFAULT_AUTHENTICATION_CLASSES': ['rest_framework.authentication.TokenAuthentication'],
 
     'DEFAULT_FILTER_BACKENDS': ['django_filters.rest_framework.DjangoFilterBackend'],
     'DEFAULT_PAGINATION_CLASS': 'utils.drf.StandardResultsSetPagination'
 }
 
+DJOSER = {
+    'LOGIN_FIELD': 'email',
+    'TOKEN_MODEL': 'rest_framework.authtoken.models.Token',
+
+    'SERIALIZERS': {
+        'user': 'store.serializers.UserSerializer',
+        'current_user': 'store.serializers.UserSerializer',
+    },
+}
+
 
 # Internationalization
 # https://docs.djangoproject.com/en/4.2/topics/i18n/
diff --git a/poizonstore/urls.py b/poizonstore/urls.py
index 5124927..500551e 100644
--- a/poizonstore/urls.py
+++ b/poizonstore/urls.py
@@ -24,6 +24,8 @@ urlpatterns = [
     path('admin/', admin.site.urls),
     path('__debug__/', include('debug_toolbar.urls')),
     path('', include('store.urls')),
+    path('', include('djoser.urls')),
+    path('auth/', include('djoser.urls.authtoken')),
 ] + static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT) \
   + static(settings.STATIC_URL)
 
diff --git a/requirements.txt b/requirements.txt
index 2f6c8b0..3b3c25c 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -4,6 +4,7 @@ django-cleanup==8.0.0
 django-filter==23.2
 djangorestframework==3.14.0
 django-cors-headers==4.1.0
+djoser==2.2.0
 drf-extra-fields==3.5.0
 Pillow==9.5.0
 
diff --git a/store/serializers.py b/store/serializers.py
index 8af4a60..60afa05 100644
--- a/store/serializers.py
+++ b/store/serializers.py
@@ -6,30 +6,6 @@ from store.exceptions import CRMException, InvalidCredentialsException
 from store.models import User, Checklist, GlobalSettings, Category, PaymentMethod, Promocode, Image
 
 
-class LoginSerializer(serializers.Serializer):
-    login = serializers.CharField(write_only=True, required=False)
-    password = serializers.CharField(trim_whitespace=False, write_only=True, required=False)
-
-    def validate(self, attrs):
-        email = attrs.get('login')
-        password = attrs.get('password')
-
-        if not email or not password:
-            raise CRMException('login and password is required')
-
-        user = authenticate(request=self.context.get('request'),
-                            email=email,
-                            password=password)
-
-        # The authenticate call simply returns None for is_active=False
-        # users. (Assuming the default ModelBackend authentication backend.)
-        if not user:
-            raise InvalidCredentialsException()
-
-        attrs['user'] = user
-        return attrs
-
-
 class UserSerializer(serializers.ModelSerializer):
     login = serializers.CharField(source='email', required=False)
     job = serializers.CharField(source='job_title', required=False)
diff --git a/store/urls.py b/store/urls.py
index 81052ed..f2b0883 100644
--- a/store/urls.py
+++ b/store/urls.py
@@ -10,10 +10,6 @@ router.register(r'statistics', views.StatisticsAPI, basename='statistics')
 router.register(r'cdek', views.CDEKAPI, basename='cdek')
 
 urlpatterns = [
-    path("login/", views.LoginAPI.as_view()),
-    path("users/", views.UserAPI.as_view()),
-    path("users/<int:pk>", views.UserAPI.as_view()),
-
     path("checklist/", views.ChecklistAPI.as_view()),
     path("checklist/<str:id>", views.ChecklistAPI.as_view()),
 
diff --git a/store/views.py b/store/views.py
index 67194ea..7a8c369 100644
--- a/store/views.py
+++ b/store/views.py
@@ -14,8 +14,8 @@ from rest_framework.response import Response
 
 from cdek.api import CDEKClient
 from store.exceptions import CRMException
-from store.models import User, Checklist, GlobalSettings, Category, PaymentMethod, Promocode
-from store.serializers import (UserSerializer, LoginSerializer, ChecklistSerializer, GlobalSettingsYuanRateSerializer,
+from store.models import Checklist, GlobalSettings, Category, PaymentMethod, Promocode
+from store.serializers import (ChecklistSerializer, GlobalSettingsYuanRateSerializer,
                                CategorySerializer, GlobalSettingsPriceSerializer, PaymentMethodSerializer,
                                PromocodeSerializer, GlobalSettingsPickupSerializer, AnonymousUserChecklistSerializer)
 from utils.permissions import ReadOnly
@@ -29,39 +29,6 @@ class DisablePermissionsMixin(generics.GenericAPIView):
         return super().get_permissions()
 
 
-class UserAPI(mixins.ListModelMixin, mixins.RetrieveModelMixin, generics.GenericAPIView):
-    serializer_class = UserSerializer
-
-    def get_queryset(self):
-        return User.objects.all()
-
-    def get(self, request, *args, **kwargs):
-        if 'pk' in kwargs:
-            return self.retrieve(request, *args, **kwargs)
-        return self.list(request, *args, **kwargs)
-
-    # Update some data on current user
-    def patch(self, request, *args, **kwargs):
-        instance = self.request.user
-        serializer = self.get_serializer(instance, data=request.data, partial=True)
-        serializer.is_valid(raise_exception=True)
-        serializer.save()
-
-        return Response(serializer.data)
-
-
-class LoginAPI(generics.GenericAPIView):
-    serializer_class = LoginSerializer
-    permission_classes = (permissions.AllowAny,)
-
-    def post(self, request, *args, **kwargs):
-        serializer = self.get_serializer(data=request.data)
-        serializer.is_valid(raise_exception=True)
-        user = serializer.validated_data['user']
-        login(request, user)
-        return Response(UserSerializer(user).data)
-
-
 class ChecklistAPI(mixins.ListModelMixin,
                    mixins.CreateModelMixin,
                    mixins.RetrieveModelMixin,
diff --git a/utils/permissions.py b/utils/permissions.py
index af1ce47..95bf53f 100644
--- a/utils/permissions.py
+++ b/utils/permissions.py
@@ -1,14 +1,6 @@
-from rest_framework import permissions
-from rest_framework.authentication import SessionAuthentication
 from rest_framework.permissions import BasePermission, SAFE_METHODS
 
 
-class CsrfExemptSessionAuthentication(SessionAuthentication):
-    def enforce_csrf(self, request):
-        # To not perform the csrf check previously happening
-        return
-
-
 class ReadOnly(BasePermission):
     def has_permission(self, request, view):
         return request.method in SAFE_METHODS