Merge pull request #30 from tsotetsi/tf-26-use-allauth-headless

tsotetsi · web-flow · commit acd031e124b0 · 2025-02-18T08:26:15.000+02:00
TF 26 use allauth headless
diff --git a/backend/user_service/config/settings/base.py b/backend/user_service/config/settings/base.py
@@ -18,6 +18,7 @@
 # TicketFlow Application definition.
 
 DJANGO_APPS = [
+    'django.contrib.sites', # Required for allauth
     'django.contrib.admin',
     'django.contrib.auth',
     'django.contrib.contenttypes',
@@ -29,6 +30,8 @@
 THIRD_PARTY_APPS = [
     "rest_framework",
     "rest_framework.authtoken",
+    "allauth",
+    "allauth.account",
     "corsheaders",
     "django_prometheus",
     "drf_spectacular",
@@ -47,6 +50,7 @@
     'django.middleware.security.SecurityMiddleware',
     'corsheaders.middleware.CorsMiddleware',
     'whitenoise.middleware.WhiteNoiseMiddleware', # servers static files directly from Django in production.
+    'allauth.account.middleware.AccountMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',
     'django.middleware.common.CommonMiddleware',
     'django.middleware.csrf.CsrfViewMiddleware',
@@ -87,6 +91,8 @@
 AUTHENTICATION_BACKENDS = [
     # Needed to log in by username in Django admin, regardless of `allauth`
     "django.contrib.auth.backends.ModelBackend",
+    # `allauth` specific authentication methods, such as login by e-mail
+    "allauth.account.auth_backends.AuthenticationBackend"
 ]
 # https://docs.djangoproject.com/en/dev/ref/settings/#auth-user-model
 AUTH_USER_MODEL = "users.User"
@@ -168,6 +174,20 @@
 
 DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField'
 
+# django-allauth
+# -------------------------------------------------------------------------------
+# django-allauth - https://docs.allauth.org/en/dev/headless/openapi-specification/
+SITE_ID = 1 # Required for allauth
+
+# Email/Account authentication settings for verification
+ACCOUNT_EMAIL_REQUIRED = True
+ACCOUNT_USERNAME_REQUIRED = False
+ACCOUNT_LOGIN_METHODS = {'email'}
+ACCOUNT_EMAIL_VERIFICATION = 'mandatory' # Ensures email verification
+LOGIN_ON_EMAIL_CONFIRMATION = False
+CONFIRM_EMAIL_ON_GET = True
+ACCOUNT_UNIQUE_EMAIL = True
+
 # django-rest-framework
 # -------------------------------------------------------------------------------
 # django-rest-framework - https://www.django-rest-framework.org/api-guide/settings/
@@ -182,6 +202,9 @@
 
 CORS_ORIGIN_ALLOW_ALL = True  # For development only; restrict in production.
 
+# Email backend (for development) TODO: Use mailpit
+EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'  # Use console for testing
+
 # By Default swagger ui is available only to admin user(s). You can change permission classes to change that
 # See more configuration options at https://drf-spectacular.readthedocs.io/en/latest/settings.html#settings
 SPECTACULAR_SETTINGS = {
diff --git a/backend/user_service/config/urls.py b/backend/user_service/config/urls.py
@@ -1,3 +1,4 @@
+from allauth.account.views import confirm_email, email_verification_sent
 from django.contrib import admin
 from django.urls import path, include, re_path
 from django.conf import settings
@@ -7,7 +8,7 @@
 from rest_framework_simplejwt.views import TokenObtainPairView, TokenRefreshView
 from drf_spectacular.views import SpectacularAPIView, SpectacularSwaggerView, SpectacularRedocView
 
-from users.api.views import RegisterView, UserProfileView
+from users.api.views import RegisterView, UserProfileView, CustomConfirmEmailView
 
 
 urlpatterns = [
@@ -18,7 +19,10 @@
 urlpatterns += [
     # API BASE URL For Authentication JWT.
     path('api/', include("config.api_router")),
+    path('api/login', RegisterView.as_view(), name='account_login'),
     path('api/register', RegisterView.as_view(), name='register'),
+    path('api/account-confirm-email/<str:key>/', CustomConfirmEmailView.as_view() , name='account_confirm_email'),
+    path('api/account-email-verification-sent', email_verification_sent, name='account_email_verification_sent'),
     path('api/profile', UserProfileView.as_view(), name='profile'),
     path('api/token/', TokenObtainPairView.as_view(), name='token_obtain_pair'),
     path('api/token/refresh/', TokenRefreshView.as_view(), name='token_refresh'),
diff --git a/backend/user_service/requirements/base.txt b/backend/user_service/requirements/base.txt
@@ -7,6 +7,7 @@ whitenoise==6.8.2 # serves static files from django(direct)
 pre_commit==4.1.0
 psycopg2-binary==2.9.10 # PostgreSQL Driver for Django
 python-dotenv==1.0.1 # Manages env variables
+django-allauth==65.4.1 # Email reistration and verification
 django-prometheus==2.3.1 # Exposes metrics from django app
 django-redis==5.4.0 # Integrates django with redis
 # Secondary dependencies.
diff --git a/backend/user_service/users/api/views.py b/backend/user_service/users/api/views.py
@@ -1,5 +1,14 @@
 import uuid
 
+from allauth.account.views import ConfirmEmailView
+from allauth.account.utils import complete_signup
+from allauth.account.internal import flows
+from allauth.account.models import (
+    get_emailconfirmation_model,
+)
+
+from django.http import Http404
+
 from django.utils.decorators import method_decorator
 from django.views.decorators.cache import cache_page
 from django.views.decorators.vary import vary_on_cookie
@@ -15,7 +24,7 @@
 
 from users.models import User
 from users.api.serializers import UserSerializer, RegisterSerializer
-
+from config.settings.base import CONFIRM_EMAIL_ON_GET
 
 class UserViewSet(RetrieveModelMixin, ListModelMixin, UpdateModelMixin, GenericViewSet):
     serializer_class = UserSerializer
@@ -44,6 +53,7 @@ def post(self, request):
         serializer = RegisterSerializer(data=request.data)
         if serializer.is_valid():
             user = serializer.save()
+            complete_signup(request, user, 'mandatory', None) # Trigger email verification
             refresh = RefreshToken.for_user(user)
             return Response({
                 'user': RegisterSerializer(user).data,
@@ -53,6 +63,38 @@ def post(self, request):
         return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
 
 
+class CustomConfirmEmailView(APIView):
+    permission_classes = [permissions.AllowAny]
+
+    def __init__(self, **kwargs):
+        super().__init__()
+        self.object = None
+
+    def get_object(self, queryset=None):
+        key = self.kwargs["key"]
+        model = get_emailconfirmation_model()
+        email_confirmation = model.from_key(key)
+        if not email_confirmation:
+            raise Http404()
+        return email_confirmation
+
+    def get(self, *args, **kwargs):
+        if CONFIRM_EMAIL_ON_GET:
+            self.object = verification = self.get_object()
+            response = flows.email_verification.verify_email_indirectly(
+                self.request,
+                verification.email_address.user,
+                verification.email_address.user.email
+            )
+            if response:
+                return  Response({
+                    "detail": "Email verified successfully.",
+                    "data": verification.email_address.user.email
+                },
+                    status=status.HTTP_200_OK)
+        return Response({"detail": "Not accepting GET request on the endpoint"}, status=status.HTTP_400_BAD_REQUEST)
+
+
 class UserProfileView(APIView):
     permission_classes = [permissions.IsAuthenticated]
 
