feat: limit to post

backend/accounts/urls.py

@@ -1,8 +1,8 @@
 from django.urls import path
-from .views import CreateAccountView, RetrieveUpdateLoggedInAccountView,activateAccountView
+from .views import CreateAccountView, RetrieveUpdateLoggedInAccountView,ActivateAccountView
 
 urlpatterns = [
     path('', CreateAccountView.as_view()),
     path('me/', RetrieveUpdateLoggedInAccountView.as_view()),
-    path('activate/<uidb64>/<token>', activateAccountView, name='activate'),
+    path('activate/<uidb64>/<token>', ActivateAccountView.as_view(), name='activate'),
 ]

backend/accounts/views.py

@@ -1,7 +1,6 @@
 import logging
 
-from django.contrib.sites.shortcuts import get_current_site
-from django.http import HttpResponse,HttpResponseBadRequest
+from django.conf import settings
 from django.shortcuts import get_object_or_404
 from django.template.loader import render_to_string
 from django.utils.encoding import force_bytes, force_str
@@ -14,7 +13,6 @@
 from .models import Account
 from .serializers import AccountSerializer
 from .token import account_activation_token
-from django.conf import settings
 
 logger = logging.getLogger(__name__)
 
@@ -25,7 +23,7 @@ def activateEmail(request, user, to_email):
     mail_subject = 'Activate your user account.'
     message = render_to_string('activation_mail.html', {
         'user': user.first_name,
-        'domain': "localhost:3000" if settings.DEBUG else settings.PRODUCTION_URL,
+        'domain': "localhost:3000" if settings.DEBUG else settings.FRONTEND_URL,
         'uuid': urlsafe_base64_encode(force_bytes(user.email)),
         'token': account_activation_token.make_token(user),
         'protocol': 'https' if request.is_secure() else 'http'
@@ -62,13 +60,16 @@ def put(self, request):
 def get_account(email) :
     return get_object_or_404(Account, email=email)
 
-def activateAccountView(request, uidb64, token):
-    uid = force_str(urlsafe_base64_decode(uidb64))
-    account = get_account(uid)
-    if account and account_activation_token.check_token(account, token):
-        account.is_active = True
-        account.save()
-        return HttpResponse('Account activated successfully')
-    else:
-        return HttpResponseBadRequest('Error while activating')
+
+
+class ActivateAccountView(APIView):
+    def post(self, request, uidb64, token):
+        uid = force_str(urlsafe_base64_decode(uidb64))
+        account = get_account(uid)
+        if account and account_activation_token.check_token(account, token):
+            account.is_active = True
+            account.save()
+            return Response('Account activated successfully',status=200)
+        else:
+            return Response('Error while activating',status=400)
 

backend/core/settings/base.py

@@ -13,7 +13,7 @@
 
 DEBUG = os.environ.get('DEBUG') != 'False'
 
-PRODUCTION_URL = os.environ.get('FRONTEND_URL')
+FRONTEND_URL = os.environ.get('FRONTEND_URL')
 
 ALLOWED_HOSTS = ['*']
 

frontend/pages/activate.vue

@@ -19,14 +19,19 @@ async function activateUser() {
     const token = urlParams.get('token');
     let status = '';
     try {
-        const response = await $fetch(`${config.public.API_BASE_URL}/api/accounts/activate/${uuid}/${token}`);
-        status = await response.text();
-        if (response.type === '200') {
-            router.push({ path: '/signin', query: { msg: 'account activated' } });
-        }
-    } catch (error) {
-        console.error(error);
+      const response = await fetch(
+        `${config.public.API_BASE_URL}/api/accounts/activate/${uuid}/${token}`,
+        { method: "POST" }
+      );
+      status = await response.text();
+      if (response.status === 200) { 
+        router.push({ path: '/signin', query: { msg: 'account activated' } });
+      } else {
         status = 'Activation failed';
+      }
+    } catch (error) {
+      console.error(error);
+      status = 'Activation failed';
     }
 
     return status;