110swag / flashy-backend

Download as
Browse Code ยป

Commit fca017a2b496c64c755b5e6c3aae4ded02d5398d

Authored by Rachel Lee
1 parent f8a100b8dc
Exists in master

Tests and code for sections/{pk}/flashcards

Showing 2 changed files with 13 additions and 5 deletions Inline Diff

flashcards/tests/test_api.py View file @ fca017a
from django.core import mail 1 1 from django.core import mail
from flashcards.models import User, Section, Flashcard, WhitelistedAddress 2 2 from flashcards.models import *
from rest_framework.status import HTTP_204_NO_CONTENT, HTTP_201_CREATED, HTTP_200_OK, HTTP_403_FORBIDDEN 3 3 from rest_framework.status import HTTP_204_NO_CONTENT, HTTP_201_CREATED, HTTP_200_OK, HTTP_403_FORBIDDEN
from rest_framework.test import APITestCase 4 4 from rest_framework.test import APITestCase
from re import search 5 5 from re import search
from django.utils.timezone import now 6 6 from django.utils.timezone import now
7 7
8 8
class LoginTests(APITestCase): 9 9 class LoginTests(APITestCase):
fixtures = ['testusers'] 10 10 fixtures = ['testusers']
11 11
def test_login(self): 12 12 def test_login(self):
url = '/api/login' 13 13 url = '/api/login'
data = {'email': 'none@none.com', 'password': '1234'} 14 14 data = {'email': 'none@none.com', 'password': '1234'}
response = self.client.post(url, data, format='json') 15 15 response = self.client.post(url, data, format='json')
self.assertEqual(response.status_code, HTTP_200_OK) 16 16 self.assertEqual(response.status_code, HTTP_200_OK)
17 17
data = {'email': 'none@none.com', 'password': '4321'} 18 18 data = {'email': 'none@none.com', 'password': '4321'}
response = self.client.post(url, data, format='json') 19 19 response = self.client.post(url, data, format='json')
self.assertContains(response, 'Invalid email or password', status_code=403) 20 20 self.assertContains(response, 'Invalid email or password', status_code=403)
21 21
data = {'email': 'bad@none.com', 'password': '1234'} 22 22 data = {'email': 'bad@none.com', 'password': '1234'}
response = self.client.post(url, data, format='json') 23 23 response = self.client.post(url, data, format='json')
self.assertContains(response, 'Invalid email or password', status_code=403) 24 24 self.assertContains(response, 'Invalid email or password', status_code=403)
25 25
data = {'password': '4321'} 26 26 data = {'password': '4321'}
response = self.client.post(url, data, format='json') 27 27 response = self.client.post(url, data, format='json')
self.assertContains(response, 'email', status_code=400) 28 28 self.assertContains(response, 'email', status_code=400)
29 29
data = {'email': 'none@none.com'} 30 30 data = {'email': 'none@none.com'}
response = self.client.post(url, data, format='json') 31 31 response = self.client.post(url, data, format='json')
self.assertContains(response, 'password', status_code=400) 32 32 self.assertContains(response, 'password', status_code=400)
33 33
user = User.objects.get(email="none@none.com") 34 34 user = User.objects.get(email="none@none.com")
user.is_active = False 35 35 user.is_active = False
user.save() 36 36 user.save()
37 37
data = {'email': 'none@none.com', 'password': '1234'} 38 38 data = {'email': 'none@none.com', 'password': '1234'}
response = self.client.post(url, data, format='json') 39 39 response = self.client.post(url, data, format='json')
self.assertContains(response, 'Account is disabled', status_code=403) 40 40 self.assertContains(response, 'Account is disabled', status_code=403)
41 41
def test_logout(self): 42 42 def test_logout(self):
self.client.login(email='none@none.com', password='1234') 43 43 self.client.login(email='none@none.com', password='1234')
response = self.client.post('/api/logout') 44 44 response = self.client.post('/api/logout')
self.assertEqual(response.status_code, HTTP_204_NO_CONTENT) 45 45 self.assertEqual(response.status_code, HTTP_204_NO_CONTENT)
46 46
# since we're not logged in, we should get a 403 response 47 47 # since we're not logged in, we should get a 403 response
response = self.client.get('/api/me', format='json') 48 48 response = self.client.get('/api/me', format='json')
self.assertEqual(response.status_code, HTTP_403_FORBIDDEN) 49 49 self.assertEqual(response.status_code, HTTP_403_FORBIDDEN)
50 50
51 51
class PasswordResetTest(APITestCase): 52 52 class PasswordResetTest(APITestCase):
fixtures = ['testusers'] 53 53 fixtures = ['testusers']
54 54
def test_reset_password(self): 55 55 def test_reset_password(self):
# submit the request to reset the password 56 56 # submit the request to reset the password
url = '/api/request_password_reset' 57 57 url = '/api/request_password_reset'
post_data = {'email': 'none@none.com'} 58 58 post_data = {'email': 'none@none.com'}
self.client.post(url, post_data, format='json') 59 59 self.client.post(url, post_data, format='json')
self.assertEqual(len(mail.outbox), 1) 60 60 self.assertEqual(len(mail.outbox), 1)
self.assertIn('reset your password', mail.outbox[0].body) 61 61 self.assertIn('reset your password', mail.outbox[0].body)
62 62
# capture the reset token from the email 63 63 # capture the reset token from the email
capture = search('https://flashy.cards/app/reset_password/(\d+)/(.*)', 64 64 capture = search('https://flashy.cards/app/reset_password/(\d+)/(.*)',
mail.outbox[0].body) 65 65 mail.outbox[0].body)
patch_data = {'new_password': '4321'} 66 66 patch_data = {'new_password': '4321'}
patch_data['uid'] = capture.group(1) 67 67 patch_data['uid'] = capture.group(1)
reset_token = capture.group(2) 68 68 reset_token = capture.group(2)
69 69
# try to reset the password with the wrong reset token 70 70 # try to reset the password with the wrong reset token
patch_data['token'] = 'wrong_token' 71 71 patch_data['token'] = 'wrong_token'
url = '/api/reset_password' 72 72 url = '/api/reset_password'
response = self.client.post(url, patch_data, format='json') 73 73 response = self.client.post(url, patch_data, format='json')
self.assertContains(response, 'Could not verify reset token', status_code=400) 74 74 self.assertContains(response, 'Could not verify reset token', status_code=400)
75 75
# try to reset the password with the correct token 76 76 # try to reset the password with the correct token
patch_data['token'] = reset_token 77 77 patch_data['token'] = reset_token
response = self.client.post(url, patch_data, format='json') 78 78 response = self.client.post(url, patch_data, format='json')
self.assertEqual(response.status_code, HTTP_204_NO_CONTENT) 79 79 self.assertEqual(response.status_code, HTTP_204_NO_CONTENT)
user = User.objects.get(id=patch_data['uid']) 80 80 user = User.objects.get(id=patch_data['uid'])
assert user.check_password(patch_data['new_password']) 81 81 assert user.check_password(patch_data['new_password'])
82 82
83 83
class RegistrationTest(APITestCase): 84 84 class RegistrationTest(APITestCase):
def test_create_account(self): 85 85 def test_create_account(self):
url = '/api/register' 86 86 url = '/api/register'
87 87
# missing password 88 88 # missing password
data = {'email': 'none@none.com'} 89 89 data = {'email': 'none@none.com'}
response = self.client.post(url, data, format='json') 90 90 response = self.client.post(url, data, format='json')
self.assertContains(response, 'password', status_code=400) 91 91 self.assertContains(response, 'password', status_code=400)
92 92
# missing email 93 93 # missing email
data = {'password': '1234'} 94 94 data = {'password': '1234'}
response = self.client.post(url, data, format='json') 95 95 response = self.client.post(url, data, format='json')
self.assertContains(response, 'email', status_code=400) 96 96 self.assertContains(response, 'email', status_code=400)
97 97
# create a user 98 98 # create a user
data = {'email': 'none@none.com', 'password': '1234'} 99 99 data = {'email': 'none@none.com', 'password': '1234'}
response = self.client.post(url, data, format='json') 100 100 response = self.client.post(url, data, format='json')
self.assertEqual(response.status_code, HTTP_201_CREATED) 101 101 self.assertEqual(response.status_code, HTTP_201_CREATED)
102 102
# user should not be confirmed 103 103 # user should not be confirmed
user = User.objects.get(email="none@none.com") 104 104 user = User.objects.get(email="none@none.com")
self.assertFalse(user.is_confirmed) 105 105 self.assertFalse(user.is_confirmed)
106 106
# check that the confirmation key was sent 107 107 # check that the confirmation key was sent
self.assertEqual(len(mail.outbox), 1) 108 108 self.assertEqual(len(mail.outbox), 1)
self.assertIn(user.confirmation_key, mail.outbox[0].body) 109 109 self.assertIn(user.confirmation_key, mail.outbox[0].body)
110 110
# log the user out 111 111 # log the user out
self.client.logout() 112 112 self.client.logout()
113 113
# log the user in with their registered credentials 114 114 # log the user in with their registered credentials
self.client.login(email='none@none.com', password='1234') 115 115 self.client.login(email='none@none.com', password='1234')
116 116
# try activating with an invalid key 117 117 # try activating with an invalid key
118 118
url = '/api/me' 119 119 url = '/api/me'
response = self.client.patch(url, {'confirmation_key': 'NOT A KEY'}) 120 120 response = self.client.patch(url, {'confirmation_key': 'NOT A KEY'})
self.assertContains(response, 'confirmation_key is invalid', status_code=400) 121 121 self.assertContains(response, 'confirmation_key is invalid', status_code=400)
122 122
# try activating with the valid key 123 123 # try activating with the valid key
response = self.client.patch(url, {'confirmation_key': user.confirmation_key}) 124 124 response = self.client.patch(url, {'confirmation_key': user.confirmation_key})
self.assertTrue(response.data['is_confirmed']) 125 125 self.assertTrue(response.data['is_confirmed'])
126 126
127 127
class ProfileViewTest(APITestCase): 128 128 class ProfileViewTest(APITestCase):
fixtures = ['testusers'] 129 129 fixtures = ['testusers']
130 130
def test_get_me(self): 131 131 def test_get_me(self):
url = '/api/me' 132 132 url = '/api/me'
response = self.client.get(url, format='json') 133 133 response = self.client.get(url, format='json')
# since we're not logged in, we shouldn't be able to see this 134 134 # since we're not logged in, we shouldn't be able to see this
self.assertEqual(response.status_code, 403) 135 135 self.assertEqual(response.status_code, 403)
136 136
self.client.login(email='none@none.com', password='1234') 137 137 self.client.login(email='none@none.com', password='1234')
response = self.client.get(url, format='json') 138 138 response = self.client.get(url, format='json')
self.assertEqual(response.status_code, HTTP_200_OK) 139 139 self.assertEqual(response.status_code, HTTP_200_OK)
140 140
141 141
class PasswordChangeTest(APITestCase): 142 142 class PasswordChangeTest(APITestCase):
fixtures = ['testusers'] 143 143 fixtures = ['testusers']
144 144
def test_change_password(self): 145 145 def test_change_password(self):
url = '/api/me' 146 146 url = '/api/me'
user = User.objects.get(email='none@none.com') 147 147 user = User.objects.get(email='none@none.com')
self.assertTrue(user.check_password('1234')) 148 148 self.assertTrue(user.check_password('1234'))
149 149
response = self.client.patch(url, {'new_password': '4321', 'old_password': '1234'}, format='json') 150 150 response = self.client.patch(url, {'new_password': '4321', 'old_password': '1234'}, format='json')
self.assertEqual(response.status_code, HTTP_403_FORBIDDEN) 151 151 self.assertEqual(response.status_code, HTTP_403_FORBIDDEN)
152 152
self.client.login(email='none@none.com', password='1234') 153 153 self.client.login(email='none@none.com', password='1234')
response = self.client.patch(url, {'new_password': '4321'}, format='json') 154 154 response = self.client.patch(url, {'new_password': '4321'}, format='json')
self.assertContains(response, 'old_password is required', status_code=400) 155 155 self.assertContains(response, 'old_password is required', status_code=400)
156 156
response = self.client.patch(url, {'new_password': '4321', 'old_password': '4321'}, format='json') 157 157 response = self.client.patch(url, {'new_password': '4321', 'old_password': '4321'}, format='json')
self.assertContains(response, 'old_password is incorrect', status_code=400) 158 158 self.assertContains(response, 'old_password is incorrect', status_code=400)
159 159
response = self.client.patch(url, {'new_password': '4321', 'old_password': '1234'}, format='json') 160 160 response = self.client.patch(url, {'new_password': '4321', 'old_password': '1234'}, format='json')
self.assertEqual(response.status_code, 200) 161 161 self.assertEqual(response.status_code, 200)
user = User.objects.get(email='none@none.com') 162 162 user = User.objects.get(email='none@none.com')
163 163
self.assertFalse(user.check_password('1234')) 164 164 self.assertFalse(user.check_password('1234'))
self.assertTrue(user.check_password('4321')) 165 165 self.assertTrue(user.check_password('4321'))
166 166
167 167
class DeleteUserTest(APITestCase): 168 168 class DeleteUserTest(APITestCase):
fixtures = ['testusers'] 169 169 fixtures = ['testusers']
170 170
def test_delete_user(self): 171 171 def test_delete_user(self):
url = '/api/me' 172 172 url = '/api/me'
user = User.objects.get(email='none@none.com') 173 173 user = User.objects.get(email='none@none.com')
174 174
self.client.login(email='none@none.com', password='1234') 175 175 self.client.login(email='none@none.com', password='1234')
self.client.delete(url) 176 176 self.client.delete(url)
self.assertFalse(User.objects.filter(email='none@none.com').exists()) 177 177 self.assertFalse(User.objects.filter(email='none@none.com').exists())
178 178
179 179
class FlashcardDetailTest(APITestCase): 180 180 class FlashcardDetailTest(APITestCase):
fixtures = ['testusers', 'testsections'] 181 181 fixtures = ['testusers', 'testsections']
182 182
def setUp(self): 183 183 def setUp(self):
section = Section.objects.get(pk=1) 184 184 section = Section.objects.get(pk=1)
user = User.objects.get(email='none@none.com') 185 185 user = User.objects.get(email='none@none.com')
186 186
self.flashcard = Flashcard(text="jason", section=section, material_date=now(), author=user) 187 187 self.flashcard = Flashcard(text="jason", section=section, material_date=now(), author=user)
self.flashcard.save() 188 188 self.flashcard.save()
189 189
def test_get_flashcard(self): 190 190 def test_get_flashcard(self):
self.client.login(email='none@none.com', password='1234') 191 191 self.client.login(email='none@none.com', password='1234')
response = self.client.get("/api/flashcards/%d/" % self.flashcard.id, format="json") 192 192 response = self.client.get("/api/flashcards/%d/" % self.flashcard.id, format="json")
self.assertEqual(response.status_code, HTTP_200_OK) 193 193 self.assertEqual(response.status_code, HTTP_200_OK)
self.assertEqual(response.data["text"], "jason") 194 194 self.assertEqual(response.data["text"], "jason")
195 195
196 196
class SectionViewSetTest(APITestCase): 197 197 class SectionViewSetTest(APITestCase):
fixtures = ['testusers', 'testsections'] 198 198 fixtures = ['testusers', 'testsections']
199 199
def setUp(self): 200 200 def setUp(self):
self.client.login(email='none@none.com', password='1234') 201 201 self.client.login(email='none@none.com', password='1234')
self.user = User.objects.get(email='none@none.com') 202 202 self.user = User.objects.get(email='none@none.com')
flashcard = Flashcard(text="jason", section=Section.objects.get(pk=1), material_date=now(), author=self.user) 203 203 self.flashcard = Flashcard(text="jason", section=Section.objects.get(pk=1), material_date=now(), author=self.user)
flashcards/views.py View file @ fca017a
from django.contrib import auth 1 1 from django.contrib import auth
from flashcards.api import StandardResultsSetPagination 2 2 from flashcards.api import StandardResultsSetPagination
from flashcards.models import Section, User, Flashcard, FlashcardHide, UserFlashcard 3 3 from flashcards.models import Section, User, Flashcard, FlashcardHide, UserFlashcard
from flashcards.serializers import SectionSerializer, UserUpdateSerializer, RegistrationSerializer, UserSerializer, \ 4 4 from flashcards.serializers import SectionSerializer, UserUpdateSerializer, RegistrationSerializer, UserSerializer, \
PasswordResetSerializer, PasswordResetRequestSerializer, EmailPasswordSerializer, FlashcardSerializer, \ 5 5 PasswordResetSerializer, PasswordResetRequestSerializer, EmailPasswordSerializer, FlashcardSerializer, \
FlashcardUpdateSerializer 6 6 FlashcardUpdateSerializer
from rest_framework.decorators import detail_route, permission_classes, api_view, list_route 7 7 from rest_framework.decorators import detail_route, permission_classes, api_view, list_route
from rest_framework.generics import ListAPIView, GenericAPIView 8 8 from rest_framework.generics import ListAPIView, GenericAPIView
from rest_framework.mixins import CreateModelMixin, RetrieveModelMixin 9 9 from rest_framework.mixins import CreateModelMixin, RetrieveModelMixin
from rest_framework.permissions import IsAuthenticated 10 10 from rest_framework.permissions import IsAuthenticated
from rest_framework.viewsets import ReadOnlyModelViewSet, GenericViewSet 11 11 from rest_framework.viewsets import ReadOnlyModelViewSet, GenericViewSet
from django.core.mail import send_mail 12 12 from django.core.mail import send_mail
from django.contrib.auth import authenticate 13 13 from django.contrib.auth import authenticate
from django.contrib.auth.tokens import default_token_generator 14 14 from django.contrib.auth.tokens import default_token_generator
from rest_framework.status import HTTP_204_NO_CONTENT, HTTP_201_CREATED 15 15 from rest_framework.status import HTTP_204_NO_CONTENT, HTTP_201_CREATED
from rest_framework.response import Response 16 16 from rest_framework.response import Response
from rest_framework.exceptions import AuthenticationFailed, NotAuthenticated, ValidationError, PermissionDenied 17 17 from rest_framework.exceptions import AuthenticationFailed, NotAuthenticated, ValidationError, PermissionDenied
from simple_email_confirmation import EmailAddress 18 18 from simple_email_confirmation import EmailAddress
from datetime import datetime 19 19 from datetime import datetime
20 20
21 21
class SectionViewSet(ReadOnlyModelViewSet): 22 22 class SectionViewSet(ReadOnlyModelViewSet):
queryset = Section.objects.all() 23 23 queryset = Section.objects.all()
serializer_class = SectionSerializer 24 24 serializer_class = SectionSerializer
pagination_class = StandardResultsSetPagination 25 25 pagination_class = StandardResultsSetPagination
permission_classes = [IsAuthenticated] 26 26 permission_classes = [IsAuthenticated]
27 27
@detail_route(methods=['get'], permission_classes=[IsAuthenticated]) 28 28 @detail_route(methods=['get'], permission_classes=[IsAuthenticated])
def flashcards(self, request, pk): 29 29 def flashcards(self, request, pk):
""" 30 30 """
Gets flashcards for a section, excluding hidden cards. 31 31 Gets flashcards for a section, excluding hidden cards.
Returned in strictly chronological order (material date). 32 32 Returned in strictly chronological order (material date).
""" 33 33 """
flashcards = Flashcard.cards_visible_to(request.user).filter( \ 34 34 flashcards = Flashcard.cards_visible_to(request.user).filter( \
section=self.get_object(), is_hidden=False).all() 35 35 section=self.get_object()).all()
36 36
return Response(FlashcardSerializer(flashcards, many=True).data) 37 37 return Response(FlashcardSerializer(flashcards, many=True).data)
38 38
@detail_route(methods=['post'], permission_classes=[IsAuthenticated]) 39 39 @detail_route(methods=['post'], permission_classes=[IsAuthenticated])
def enroll(self, request, pk): 40 40 def enroll(self, request, pk):
""" 41 41 """
Add the current user to a specified section 42 42 Add the current user to a specified section
If the class has a whitelist, but the user is not on the whitelist, the request will fail. 43 43 If the class has a whitelist, but the user is not on the whitelist, the request will fail.
--- 44 44 ---
omit_serializer: true 45 45 omit_serializer: true
parameters: 46 46 parameters:
- fake: None 47 47 - fake: None
parameters_strategy: 48 48 parameters_strategy:
form: replace 49 49 form: replace
""" 50 50 """
section = self.get_object() 51 51 section = self.get_object()
if request.user.sections.filter(pk=section.pk).exists(): 52 52 if request.user.sections.filter(pk=section.pk).exists():
raise ValidationError("You are already in this section.") 53 53 raise ValidationError("You are already in this section.")
if section.is_whitelisted and not section.is_user_on_whitelist(request.user): 54 54 if section.is_whitelisted and not section.is_user_on_whitelist(request.user):
raise PermissionDenied("You must be on the whitelist to add this section.") 55 55 raise PermissionDenied("You must be on the whitelist to add this section.")
request.user.sections.add(section) 56 56 request.user.sections.add(section)
return Response(status=HTTP_204_NO_CONTENT) 57 57 return Response(status=HTTP_204_NO_CONTENT)
58 58
@detail_route(methods=['post'], permission_classes=[IsAuthenticated]) 59 59 @detail_route(methods=['post'], permission_classes=[IsAuthenticated])
def drop(self, request, pk): 60 60 def drop(self, request, pk):
""" 61 61 """
Remove the current user from a specified section 62 62 Remove the current user from a specified section
If the user is not in the class, the request will fail. 63 63 If the user is not in the class, the request will fail.
--- 64 64 ---
omit_serializer: true 65 65 omit_serializer: true
parameters: 66 66 parameters:
- fake: None 67 67 - fake: None
parameters_strategy: 68 68 parameters_strategy:
form: replace 69 69 form: replace
""" 70 70 """
section = self.get_object() 71 71 section = self.get_object()
if not section.user_set.filter(pk=request.user.pk).exists(): 72 72 if not section.user_set.filter(pk=request.user.pk).exists():
raise ValidationError("You are not in the section.") 73 73 raise ValidationError("You are not in the section.")
section.user_set.remove(request.user) 74 74 section.user_set.remove(request.user)
return Response(status=HTTP_204_NO_CONTENT) 75 75 return Response(status=HTTP_204_NO_CONTENT)
76 76
@list_route(methods=['get'], permission_classes=[IsAuthenticated]) 77 77 @list_route(methods=['get'], permission_classes=[IsAuthenticated])
def search(self, request): 78 78 def search(self, request):
query = request.GET.get('q', None) 79 79 query = request.GET.get('q', None)
if not query: return Response('[]') 80 80 if not query: return Response('[]')
qs = Section.search(query.split(' '))[:20] 81 81 qs = Section.search(query.split(' '))[:20]
serializer = SectionSerializer(qs, many=True) 82 82 serializer = SectionSerializer(qs, many=True)
return Response(serializer.data) 83 83 return Response(serializer.data)
84 84
@detail_route(methods=['get'], permission_classes=[IsAuthenticated]) 85 85 @detail_route(methods=['get'], permission_classes=[IsAuthenticated])
def deck(self, request, pk): 86 86 def deck(self, request, pk):
""" 87 87 """
Gets the contents of a user's deck for a given section. 88 88 Gets the contents of a user's deck for a given section.
""" 89 89 """
qs = Flashcard.objects.all() 90 90 qs = Flashcard.objects.all()
qs = qs.filter(userflashcard__user=request.user) 91 91 qs = qs.filter(userflashcard__user=request.user)
qs = qs.filter(section = self.get_object()) 92 92 qs = qs.filter(section = self.get_object())
serializer = FlashcardSerializer(qs, many=True) 93 93 serializer = FlashcardSerializer(qs, many=True)
return Response(serializer.data) 94 94 return Response(serializer.data)
95 95
96 96
class UserSectionListView(ListAPIView): 97 97 class UserSectionListView(ListAPIView):
serializer_class = SectionSerializer 98 98 serializer_class = SectionSerializer
permission_classes = [IsAuthenticated] 99 99 permission_classes = [IsAuthenticated]
100 100
def get_queryset(self): 101 101 def get_queryset(self):
return self.request.user.sections.all() 102 102 return self.request.user.sections.all()
103 103
def paginate_queryset(self, queryset): return None 104 104 def paginate_queryset(self, queryset): return None
105 105
106 106
class UserDetail(GenericAPIView): 107 107 class UserDetail(GenericAPIView):
serializer_class = UserSerializer 108 108 serializer_class = UserSerializer
permission_classes = [IsAuthenticated] 109 109 permission_classes = [IsAuthenticated]
110 110
def get_queryset(self): 111 111 def get_queryset(self):
return User.objects.all() 112 112 return User.objects.all()
113 113
def patch(self, request, format=None): 114 114 def patch(self, request, format=None):
""" 115 115 """
Updates the user's password, or verifies their email address 116 116 Updates the user's password, or verifies their email address
--- 117 117 ---
request_serializer: UserUpdateSerializer 118 118 request_serializer: UserUpdateSerializer
response_serializer: UserSerializer 119 119 response_serializer: UserSerializer
""" 120 120 """
data = UserUpdateSerializer(data=request.data, context={'user': request.user}) 121 121 data = UserUpdateSerializer(data=request.data, context={'user': request.user})
data.is_valid(raise_exception=True) 122 122 data.is_valid(raise_exception=True)
data = data.validated_data 123 123 data = data.validated_data
124 124
if 'new_password' in data: 125 125 if 'new_password' in data:
if not request.user.check_password(data['old_password']): 126 126 if not request.user.check_password(data['old_password']):
raise ValidationError('old_password is incorrect') 127 127 raise ValidationError('old_password is incorrect')
request.user.set_password(data['new_password']) 128 128 request.user.set_password(data['new_password'])
request.user.save() 129 129 request.user.save()
130 130
if 'confirmation_key' in data: 131 131 if 'confirmation_key' in data:
try: 132 132 try:
request.user.confirm_email(data['confirmation_key']) 133 133 request.user.confirm_email(data['confirmation_key'])
except EmailAddress.DoesNotExist: 134 134 except EmailAddress.DoesNotExist:
raise ValidationError('confirmation_key is invalid') 135 135 raise ValidationError('confirmation_key is invalid')
136 136
return Response(UserSerializer(request.user).data) 137 137 return Response(UserSerializer(request.user).data)
138 138
def get(self, request, format=None): 139 139 def get(self, request, format=None):
""" 140 140 """
Return data about the user 141 141 Return data about the user
--- 142 142 ---
response_serializer: UserSerializer 143 143 response_serializer: UserSerializer
""" 144 144 """
serializer = UserSerializer(request.user, context={'request': request}) 145 145 serializer = UserSerializer(request.user, context={'request': request})
return Response(serializer.data) 146 146 return Response(serializer.data)
147 147
def delete(self, request): 148 148 def delete(self, request):
""" 149 149 """
Irrevocably delete the user and their data 150 150 Irrevocably delete the user and their data
151 151
Yes, really 152 152 Yes, really
""" 153 153 """
request.user.delete() 154 154 request.user.delete()
return Response(status=HTTP_204_NO_CONTENT) 155 155 return Response(status=HTTP_204_NO_CONTENT)
156 156
157 157
@api_view(['POST']) 158 158 @api_view(['POST'])
def register(request, format=None): 159 159 def register(request, format=None):
""" 160 160 """
Register a new user 161 161 Register a new user
--- 162 162 ---
request_serializer: EmailPasswordSerializer 163 163 request_serializer: EmailPasswordSerializer
response_serializer: UserSerializer 164 164 response_serializer: UserSerializer
""" 165 165 """
data = RegistrationSerializer(data=request.data) 166 166 data = RegistrationSerializer(data=request.data)
data.is_valid(raise_exception=True) 167 167 data.is_valid(raise_exception=True)
168 168
User.objects.create_user(**data.validated_data) 169 169 User.objects.create_user(**data.validated_data)
user = authenticate(**data.validated_data) 170 170 user = authenticate(**data.validated_data)
auth.login(request, user) 171 171 auth.login(request, user)
172 172
body = ''' 173 173 body = '''
Visit the following link to confirm your email address: 174 174 Visit the following link to confirm your email address:
https://flashy.cards/app/verify_email/%s 175 175 https://flashy.cards/app/verify_email/%s
176 176
If you did not register for Flashy, no action is required. 177 177 If you did not register for Flashy, no action is required.
''' 178 178 '''
179 179
assert send_mail("Flashy email verification", 180 180 assert send_mail("Flashy email verification",
body % user.confirmation_key, 181 181 body % user.confirmation_key,
"noreply@flashy.cards", 182 182 "noreply@flashy.cards",
[user.email]) 183 183 [user.email])
184 184
return Response(UserSerializer(request.user).data, status=HTTP_201_CREATED) 185 185 return Response(UserSerializer(request.user).data, status=HTTP_201_CREATED)
186 186
187 187
@api_view(['POST']) 188 188 @api_view(['POST'])
def login(request): 189 189 def login(request):
""" 190 190 """
Authenticates user and returns user data if valid. 191 191 Authenticates user and returns user data if valid.
--- 192 192 ---
request_serializer: EmailPasswordSerializer 193 193 request_serializer: EmailPasswordSerializer
response_serializer: UserSerializer 194 194 response_serializer: UserSerializer
""" 195 195 """
196 196
data = EmailPasswordSerializer(data=request.data) 197 197 data = EmailPasswordSerializer(data=request.data)
data.is_valid(raise_exception=True) 198 198 data.is_valid(raise_exception=True)
user = authenticate(**data.validated_data) 199 199 user = authenticate(**data.validated_data)
200 200
if user is None: 201 201 if user is None:
raise AuthenticationFailed('Invalid email or password') 202 202 raise AuthenticationFailed('Invalid email or password')
if not user.is_active: 203 203 if not user.is_active:
raise NotAuthenticated('Account is disabled') 204 204 raise NotAuthenticated('Account is disabled')
auth.login(request, user) 205 205 auth.login(request, user)
return Response(UserSerializer(request.user).data) 206 206 return Response(UserSerializer(request.user).data)
207 207
208 208
@api_view(['POST']) 209 209 @api_view(['POST'])
@permission_classes((IsAuthenticated, )) 210 210 @permission_classes((IsAuthenticated, ))
def logout(request, format=None): 211 211 def logout(request, format=None):
""" 212 212 """
Logs the authenticated user out. 213 213 Logs the authenticated user out.
""" 214 214 """
auth.logout(request) 215 215 auth.logout(request)
return Response(status=HTTP_204_NO_CONTENT) 216 216 return Response(status=HTTP_204_NO_CONTENT)
217 217
218 218
@api_view(['POST']) 219 219 @api_view(['POST'])
def request_password_reset(request, format=None): 220 220 def request_password_reset(request, format=None):
""" 221 221 """
Send a password reset token/link to the provided email. 222 222 Send a password reset token/link to the provided email.
--- 223 223 ---
request_serializer: PasswordResetRequestSerializer 224 224 request_serializer: PasswordResetRequestSerializer
""" 225 225 """
data = PasswordResetRequestSerializer(data=request.data) 226 226 data = PasswordResetRequestSerializer(data=request.data)
data.is_valid(raise_exception=True) 227 227 data.is_valid(raise_exception=True)
user = User.objects.get(email=data['email'].value) 228 228 user = User.objects.get(email=data['email'].value)
token = default_token_generator.make_token(user) 229 229 token = default_token_generator.make_token(user)
230 230
body = ''' 231 231 body = '''
Visit the following link to reset your password: 232 232 Visit the following link to reset your password:
https://flashy.cards/app/reset_password/%d/%s 233 233 https://flashy.cards/app/reset_password/%d/%s
234 234
If you did not request a password reset, no action is required. 235 235 If you did not request a password reset, no action is required.
''' 236 236 '''
237 237
send_mail("Flashy password reset", 238 238 send_mail("Flashy password reset",
body % (user.pk, token), 239 239 body % (user.pk, token),
"noreply@flashy.cards", 240 240 "noreply@flashy.cards",
[user.email]) 241 241 [user.email])
242 242
return Response(status=HTTP_204_NO_CONTENT) 243 243 return Response(status=HTTP_204_NO_CONTENT)
244 244
245 245
@api_view(['POST']) 246 246 @api_view(['POST'])
def reset_password(request, format=None): 247 247 def reset_password(request, format=None):
""" 248 248 """
Updates user's password to new password if token is valid. 249 249 Updates user's password to new password if token is valid.
--- 250 250 ---
request_serializer: PasswordResetSerializer 251 251 request_serializer: PasswordResetSerializer
""" 252 252 """
data = PasswordResetSerializer(data=request.data) 253 253 data = PasswordResetSerializer(data=request.data)
data.is_valid(raise_exception=True) 254 254 data.is_valid(raise_exception=True)
255 255
user = User.objects.get(id=data['uid'].value) 256 256 user = User.objects.get(id=data['uid'].value)
# Check token validity. 257 257 # Check token validity.
258 258
if default_token_generator.check_token(user, data['token'].value): 259 259 if default_token_generator.check_token(user, data['token'].value):
user.set_password(data['new_password'].value) 260 260 user.set_password(data['new_password'].value)
user.save() 261 261 user.save()
else: 262 262 else:
raise ValidationError('Could not verify reset token') 263 263 raise ValidationError('Could not verify reset token')
return Response(status=HTTP_204_NO_CONTENT) 264 264 return Response(status=HTTP_204_NO_CONTENT)
265 265
266 266
class FlashcardViewSet(GenericViewSet, CreateModelMixin, RetrieveModelMixin): 267 267 class FlashcardViewSet(GenericViewSet, CreateModelMixin, RetrieveModelMixin):
queryset = Flashcard.objects.all() 268 268 queryset = Flashcard.objects.all()
serializer_class = FlashcardSerializer 269 269 serializer_class = FlashcardSerializer
permission_classes = [IsAuthenticated] 270 270 permission_classes = [IsAuthenticated]
271 271
# Override create in CreateModelMixin 272 272 # Override create in CreateModelMixin
def create(self, request, *args, **kwargs): 273 273 def create(self, request, *args, **kwargs):
serializer = self.get_serializer(data=request.data) 274 274 serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True) 275 275 serializer.is_valid(raise_exception=True)
serializer.validated_data['author'] = request.user 276 276 serializer.validated_data['author'] = request.user
self.perform_create(serializer) 277 277 self.perform_create(serializer)
headers = self.get_success_headers(serializer.data) 278 278 headers = self.get_success_headers(serializer.data)
return Response(serializer.data, status=HTTP_201_CREATED, headers=headers) 279 279 return Response(serializer.data, status=HTTP_201_CREATED, headers=headers)
280 280
@detail_route(methods=['post'], permission_classes=[IsAuthenticated]) 281 281 @detail_route(methods=['post'], permission_classes=[IsAuthenticated])
def report(self, request, pk): 282 282 def report(self, request, pk):