Merge branch 'feature/rework-email-tokens' of github.com:caravancoop/rest-framework-auth-toolkit into feature/rework-email-tokens

JulienLabonte · JulienLabonte · commit cf071572eb23 · 2018-11-06T10:47:00.000-05:00
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -26,7 +26,6 @@ jobs:
       - restore_cache:
           keys:
             - rest-auth-toolkit-py37-v6-{{ arch }}-{{ checksum "requirements-test.txt" }}-{{ checksum "demo/requirements.txt" }}
-            - rest-auth-toolkit-py37-v5-{{ arch }}-{{ checksum "requirements-test.txt" }}-{{ checksum "demo/requirements.txt" }}
             - rest-auth-toolkit-py37-v6-{{ arch }}-{{ checksum "requirements-test.txt" }}
             - rest-auth-toolkit-py37-v6-{{ arch }}-
       - run:
diff --git a/demo/demo/accounts/templates/rest_auth_toolkit/email_confirmation.html b/demo/demo/accounts/templates/rest_auth_toolkit/email_confirmation.html
@@ -0,0 +1,24 @@
+{% load i18n %}
+<!doctype html>
+<html>
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+</head>
+<body style="background-color: #F7F8FA;">
+<div>
+
+<p>
+  {% trans "Follow this link to validate your email:" %}<br>
+  {% url "pages:confirm-email" token=confirmation.external_id as confirmation_url %}
+  <a href="{{ base_url }}{{ confirmation_url }}">{{ base_url }}{{ confirmation_url }}</a>
+</p>
+
+<p>
+  {% trans "Or send an API request to simulate a front-end application:" %}<br>
+  <code>HTTP POST {% url "auth:confirm" %} token="{{ confirmation.external_id }}"</code>
+</p>
+
+</div>
+</body>
+</html>
diff --git a/demo/demo/accounts/templates/rest_auth_toolkit/email_confirmation.txt b/demo/demo/accounts/templates/rest_auth_toolkit/email_confirmation.txt
@@ -0,0 +1,10 @@
+{% autoescape off %}
+{% load i18n %}
+
+{% trans "Follow this link to validate your email:" %}
+{{ base_url }}{% url "pages:confirm-email" token=confirmation.external_id %}
+
+{% trans "Or send an API request to simulate a front-end application:" %}
+  HTTP POST {% url "auth:confirm" %} token="{{ confirmation.external_id }}"
+
+{% endautoescape %}
diff --git a/demo/demo/pages/auth_urls.py b/demo/demo/pages/auth_urls.py
diff --git a/demo/demo/pages/templates/base.html b/demo/demo/pages/templates/base.html
@@ -0,0 +1,13 @@
+{% load i18n %}
+{% get_current_language as LANGUAGE_CODE %}
+<!doctype html>
+<html lang="{{ LANGUAGE_CODE }}">
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <title>{% block title %}{% endblock %}</title>
+</head>
+<body>
+  {% block body %}{% endblock %}
+</body>
+</html>
diff --git a/demo/demo/pages/templates/error.html b/demo/demo/pages/templates/error.html
@@ -1,18 +1,10 @@
+{% extends "base.html" %}
 {% load i18n %}
-{% get_current_language as LANGUAGE_CODE %}
-<!doctype html>
-<html lang="{{ LANGUAGE_CODE }}">
-<head>
-  <meta charset="utf-8">
-  <meta name="viewport" content="width=device-width, initial-scale=1">
-  <title>{{ site_name }}</title>
-</head>
-<body>
+{% block title %}Error! {{ site_name }}{% endblock %}
 
+{% block body %}
 <div>
   <h1>{% trans "Error!" %}</h1>
   <p>{{ error }}</p>
 </div>
-
-</body>
-</html>
+{% endblock %}
diff --git a/demo/demo/pages/templates/index.html b/demo/demo/pages/templates/index.html
@@ -1,13 +1,7 @@
-{% load i18n %}
-{% get_current_language as LANGUAGE_CODE %}
-<!doctype html>
-<html lang="{{ LANGUAGE_CODE }}">
-<head>
-  <meta charset="utf-8">
-  <meta name="viewport" content="width=device-width, initial-scale=1">
-  <title>{{ site_name }}</title>
-</head>
-<body>
+{% extends "base.html" %}
+{% block title %}{{ site_name }}{% endblock %}
+
+{% block body %}
 <script>
   window.fbAsyncInit = function() {
     FB.init({appId: "{{ fb_app_id }}", xfbml: true, version: "v2.9"});
@@ -34,12 +28,11 @@
 <div id="fb-root"></div>
 
 <div>
-  <h1>Hello!</h1>
+  <h1>Hello world!</h1>
   <button onclick="fb_login()">Login with Facebook</button>
 </div>
 
 <script src="https://code.jquery.com/jquery-3.2.1.min.js"
   integrity="sha256-hwg4gsxgFZhOsEEamdOYGBf13FyQuiTwlAQgxVSNgt4="
   crossorigin="anonymous"></script>
-</body>
-</html>
+{% endblock %}
diff --git a/demo/demo/pages/templates/welcome.html b/demo/demo/pages/templates/welcome.html
@@ -0,0 +1,10 @@
+{% extends "base.html" %}
+{% load i18n %}
+{% block title %}Success! {{ site_name }}{% endblock %}
+
+{% block body %}
+<div>
+  <h1>{% trans "Success!" %}</h1>
+  <p>Your address {{ email }} is now confirmed.</p>
+</div>
+{% endblock %}
diff --git a/demo/demo/pages/urls.py b/demo/demo/pages/urls.py
@@ -8,4 +8,5 @@
 
 urlpatterns = [
     url(r'^$', views.index, name='root'),
+    url(r'^welcome/(?P<token>[^/.]+)$', views.confirm_email, name='confirm-email'),
 ]
diff --git a/demo/demo/pages/views.py b/demo/demo/pages/views.py
@@ -14,12 +14,12 @@ def index(request):
     return render(request, 'index.html', context=ctx)
 
 
-def email_view(request, external_id):
+def confirm_email(request, token):
     """Landing page for links in confirmation emails."""
     error = None
 
     try:
-        confirmation = EmailConfirmation.objects.get(external_id=external_id)
+        confirmation = EmailConfirmation.objects.get(external_id=token)
         confirmation.confirm()
     except EmailConfirmation.DoesNotExist:
         error = _('Invalid link')
@@ -33,4 +33,8 @@ def email_view(request, external_id):
         }
         return render(request, 'error.html', context=ctx)
     else:
-        return index(request)
+        ctx = {
+            'site_name': 'Demo',
+            'email': confirmation.user.email,
+        }
+        return render(request, 'welcome.html', context=ctx)
diff --git a/demo/demo/settings.py b/demo/demo/settings.py
@@ -102,7 +102,6 @@
 
 
 STATIC_URL = '/static/'
-# STATIC_ROOT = os.path.join(BASE_DIR, 'static')
 
 
 REST_FRAMEWORK = {
@@ -121,6 +120,5 @@
 REST_AUTH_TOOLKIT = {
     'email_confirmation_class': 'demo.accounts.models.EmailConfirmation',
     'email_confirmation_from': 'auth-demo@localhost',
-    'email_confirmation_lookup_field': 'external_id',
     'api_token_class': 'demo.accounts.models.APIToken',
 }
diff --git a/demo/demo/urls.py b/demo/demo/urls.py
@@ -3,13 +3,24 @@
 from django.urls import include, path
 from django.contrib import admin
 
+<<<<<<< HEAD
 from rest_framework.documentation import include_docs_urls
 
 from rest_auth_toolkit.views import FacebookLoginView, LoginView, LogoutView, SignupView
+=======
+from rest_auth_toolkit.views import (
+    EmailConfirmationView,
+    FacebookLoginView,
+    LoginView,
+    LogoutView,
+    SignupView,
+)
+>>>>>>> 4eced4707f4c7b07cbbacd242e095ed010784349
 
 
 auth_urlpatterns = [
     path('signup/', SignupView.as_view(), name='signup'),
+    path('confirm/', EmailConfirmationView.as_view(), name='confirm'),
     path('login/', LoginView.as_view(), name='login'),
     path('logout/', LogoutView.as_view(), name='logout'),
     path('fb-login/', FacebookLoginView.as_view(), name='fb-login'),
@@ -25,5 +36,4 @@
     path('admin/', admin.site.urls),
     path('api/', include(api_urlpatterns)),
     path('', include('demo.pages.urls')),
-    path('', include('demo.pages.auth_urls')),
 ]
diff --git a/demo/requirements.txt b/demo/requirements.txt
@@ -4,20 +4,24 @@
 #
 #    pip-compile requirements.in
 #
-certifi==2018.8.24        # via requests
+certifi==2018.10.15       # via requests
 chardet==3.0.4            # via requests
+<<<<<<< HEAD
 click==6.7                # via pip-tools
 coreapi==2.3.3
 coreschema==0.0.4         # via coreapi
+=======
+click==7.0                # via pip-tools
+>>>>>>> 4eced4707f4c7b07cbbacd242e095ed010784349
 dj-database-url==0.5.0
 django-debug-toolbar==1.10.1
 django-model-utils==3.1.2
 django-shortuuidfield==0.1.3
-django==2.0.8
-djangorestframework==3.8.2
+django==2.0.9
+djangorestframework==3.9.0
 facepy==1.0.9
-first==2.0.1              # via pip-tools
 idna==2.7                 # via requests
+<<<<<<< HEAD
 itypes==1.1.0             # via coreapi
 jinja2==2.10              # via coreschema
 markdown==2.6.11
@@ -32,3 +36,15 @@ six==1.11.0               # via django-shortuuidfield, facepy, pip-tools
 sqlparse==0.2.4           # via django-debug-toolbar
 uritemplate==3.0.0        # via coreapi
 urllib3==1.23             # via requests
+=======
+markdown==3.0.1
+pip-tools==3.1.0
+psycopg2==2.7.5
+pygments==2.2.0
+pytz==2018.7              # via django
+requests==2.20.0          # via facepy
+shortuuid==0.5.0          # via django-shortuuidfield
+six==1.11.0               # via django-shortuuidfield, facepy, pip-tools
+sqlparse==0.2.4           # via django-debug-toolbar
+urllib3==1.24             # via requests
+>>>>>>> 4eced4707f4c7b07cbbacd242e095ed010784349
diff --git a/rest_auth_toolkit/app.py b/rest_auth_toolkit/app.py
@@ -5,7 +5,7 @@ class RestAuthToolkitConfig(AppConfig):
     """Default app config for RATK.
 
     This installs a signal handler to set user.is_active when
-    email_confirmed is emitted.
+    email_confirmed is emitted by EmailConfirmationView.
     """
     name = 'rest_auth_toolkit'
 
diff --git a/rest_auth_toolkit/templates/rest_auth_toolkit/email_confirmation.html b/rest_auth_toolkit/templates/rest_auth_toolkit/email_confirmation.html
diff --git a/rest_auth_toolkit/templates/rest_auth_toolkit/email_confirmation.txt b/rest_auth_toolkit/templates/rest_auth_toolkit/email_confirmation.txt
diff --git a/rest_auth_toolkit/views.py b/rest_auth_toolkit/views.py
@@ -1,7 +1,6 @@
 from django.contrib.auth import get_user_model
 from django.core.mail import send_mail
 from django.template.loader import render_to_string
-from django.urls import reverse
 from django.utils.translation import gettext as _
 
 from rest_framework import generics, status, views
@@ -38,27 +37,59 @@ def post(self, request):
 
         If the setting email_confirmation_send_email is true (default),
         the function send_email will be called.  That function requires
-        that your app define a route named app-auth:email-confirmation
-        with an id parameter; the view for this route should get an
-        email confirmation instance using the ID and call the confirm
-        method.  To use a field that's not named 'id', define the setting
-        email_confirmation_lookup_param (this will change the URL pattern).
+        that your project defines defines two email templates:
+            - rest_auth_toolkit/email_confirmation.txt
+            - rest_auth_toolkit/email_confirmation.html
+
+        The templates will be passed the User and EmailConfirmation instances
+        (as variables *user* and *confirmation*).  To help generating links,
+        a variable *base_url* with a value like "https://domain" (scheme,
+        domain and optional port depending on the request, but no path), which
+        lets you write code like `{{ base_url }}{% url "my-route" %}`.
+
+        It is up to your project to define what the link is.  The demo app
+        demonstrates a simple Django view that validates the email validation
+        token in the URL; for a project with a front-end site (e.g. a JavaScript
+        app) on a different domain than the Django API, a custom template tag
+        could be used to generate the right URL for the front-end site.
+
+        If the setting is false, the user will be active immediately.
         """
         deserializer = self.get_serializer(data=request.data)
         deserializer.is_valid(raise_exception=True)
-        user = deserializer.save()
 
-        if self.email_confirmation_class is None:
-            raise MissingSetting('email_confirmation_string')
+        confirm_email = get_setting('email_confirmation_send_email', True)
 
-        confirmation = self.email_confirmation_class.objects.create(user=user)
-        if get_setting('email_confirmation_send_email', True):
+        if not confirm_email:
+            deserializer.save(is_active=True)
+        else:
+            user = deserializer.save()
+
+            if self.email_confirmation_class is None:
+                raise MissingSetting('email_confirmation_class')
+
+            confirmation = self.email_confirmation_class.objects.create(user=user)
             email_field = user.get_email_field_name()
             send_email(request, user, getattr(user, email_field), confirmation)
 
         return Response(status=status.HTTP_201_CREATED)
 
 
+class EmailConfirmationView(generics.GenericAPIView):
+    """Validate an email address after sign-up.
+
+    Response: 200 OK (no content)
+
+    Error response (code 400):
+
+    ```json
+    {"errors": {"token": "Error message"}}
+    ```
+    """
+    def post(self, request):
+        pass
+
+
 class LoginView(generics.GenericAPIView):
     """Authenticate a user, return an API auth token if valid.
 
@@ -146,14 +177,14 @@ def send_email(request, user, address, confirmation):
     subject = _('Confirm your email address')
     from_address = get_setting('email_confirmation_from')
 
-    lookup_field = get_setting('email_confirmation_lookup_field', 'id')
-    confirmation_url = request.build_absolute_uri(
-        reverse('app-auth:email-confirmation',
-                kwargs={lookup_field: getattr(confirmation, lookup_field)}))
     # The url template tag doesn't include scheme/domain/port, pass a helper
     base_url = request.build_absolute_uri('/')[:-1]
 
-    context = {'base_url': base_url, 'confirmation_url': confirmation_url}
+    context = {
+        'user': user,
+        'confirmation': confirmation,
+        'base_url': base_url,
+    }
     txt_content = render_to_string('rest_auth_toolkit/email_confirmation.txt', context)
     html_content = render_to_string('rest_auth_toolkit/email_confirmation.html', context)
 

Original file line number	Diff line number	Diff line change
`@@ -8,4 +8,5 @@`
`8`	`8`
`9`	`9`	`urlpatterns = [`
`10`	`10`	`url(r'^$', views.index, name='root'),`
	`11`	`+ url(r'^welcome/(?P<token>[^/.]+)$', views.confirm_email, name='confirm-email'),`
`11`	`12`	`]`