Skip to content

Dev #28

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
yakser merged 4 commits into from
Nov 15, 2022
Merged

Dev #28

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
30c8549
Merge pull request #25 from PROCOLLAB-github/feature/auth
yakser Nov 13, 2022
565f63c
Merge pull request #26 from PROCOLLAB-github/feature/auth
yakser Nov 14, 2022
f076a42
made a path to DELETE /files/
VeryBigSad Nov 15, 2022
ab8d75e
Merge branch 'master' into dev
yakser Nov 15, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions files/serializers.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
from rest_framework.serializers import ModelSerializer

from files.models import UserFile


class UserFileSerializer(ModelSerializer):
class Meta:
model = UserFile
fields = ["user", "link", "datetime_uploaded"]
31 changes: 28 additions & 3 deletions files/views.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,17 +1,22 @@
from django.db import transaction
from rest_framework import generics
from rest_framework import permissions, status
from rest_framework.generics import get_object_or_404
from rest_framework.response import Response
from rest_framework.views import APIView

from files.helpers import FileAPI
from files.models import UserFile
from files.serializers import UserFileSerializer


class FileView(APIView):
permission_classes = [permissions.AllowAny]
class FileView(generics.RetrieveDestroyAPIView):
permission_classes = [permissions.IsAuthenticatedOrReadOnly]
serializer_class = UserFileSerializer
queryset = UserFile.objects.all()

@transaction.atomic
def post(self, request):
"""creates a UserFile object and uploads the file to selectel"""
file_api = FileAPI(request.FILES["file"], request.user)
status_code, url = file_api.upload()

Expand All @@ -20,3 +25,23 @@ def post(self, request):
return Response({"url": url}, status=status.HTTP_201_CREATED)

return Response("Failed to upload file", status=status.HTTP_409_CONFLICT)

def delete(self, request, *args, **kwargs):
"""deletes the file (only if the request is sent by the user who owns it!)
The link has to be specified in the JSON body, not in the URL arguments.
"""
if request.data and (request.data.get("link") is not None):
link = request.data.get("link")
else:
return Response(
{
"error": "you have to pass the link of the object you want to delete as JSON"
},
status=status.HTTP_400_BAD_REQUEST,
)
instance = get_object_or_404(self.get_queryset(), link=link)
if instance.user != request.user:
return Response(status=status.HTTP_403_FORBIDDEN)
FileAPI.delete(instance.link) # delete the file via api
self.perform_destroy(instance)
return Response(status=status.HTTP_204_NO_CONTENT)
57 changes: 41 additions & 16 deletions users/views.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
from rest_framework.permissions import AllowAny, IsAuthenticated
from rest_framework.response import Response
from rest_framework.views import APIView
from rest_framework_simplejwt.tokens import RefreshToken
from rest_framework_simplejwt.tokens import RefreshToken, TokenError

from core.permissions import IsOwnerOrReadOnly
from core.utils import Email
Expand Down Expand Up @@ -145,13 +145,13 @@ def get(self, request):
except jwt.ExpiredSignatureError:
return redirect(
REDIRECT_URL,
status=status.HTTP_200_OK,
status=status.HTTP_400_BAD_REQUEST,
message="Activate Expired",
)
except jwt.DecodeError:
return redirect(
REDIRECT_URL,
status=status.HTTP_200_OK,
status=status.HTTP_400_BAD_REQUEST,
message="Decode error",
)

Expand All @@ -166,20 +166,26 @@ def post(self, request, *args, **kwargs):

user = User.objects.get(email=serializer.data["email"])

token = RefreshToken.for_user(user).access_token
access_token = RefreshToken.for_user(user).access_token
refresh_token = RefreshToken.for_user(user)

relative_link = reverse("users:password_reset_sent")

current_site = get_current_site(request).domain
absolute_url = "http://" + current_site + relative_link + "?token=" + str(token)
absolute_url = (
"http://"
+ current_site
+ relative_link
+ f"?access_token={access_token}&refresh_token={refresh_token}"
)

email_body = "Hi, {} {}! Use link below verify your email {}".format(
email_body = "Hi, {} {}! Use link below for reset password {}".format(
user.first_name, user.last_name, absolute_url
)

data = {
"email_body": email_body,
"email_subject": "Verify your email",
"email_subject": "Reset password",
"to_email": user.email,
}

Expand All @@ -192,24 +198,43 @@ class ResetPassword(UpdateAPIView):
serializer_class = PasswordSerializer
permission_classes = [AllowAny]

def get(self, request, *args, **kwargs):
refresh_token = request.GET.get("refresh_token")
try:
RefreshToken(refresh_token).check_blacklist()
except TokenError:
return redirect(
"https://procollab.ru/auth/reset_password/",
status=status.HTTP_400_BAD_REQUEST,
message="Used token",
)

return Response({"message": "Enter new password"})

def update(self, request, *args, **kwargs):
serializer = self.get_serializer(data=request.data)
serializer.is_valid()

try:
token = request.GET.get("token")
payload = jwt.decode(jwt=token, key=settings.SECRET_KEY, algorithms=["HS256"])
refresh_token = request.GET.get("refresh_token")
access_token = request.GET.get("access_token")
payload = jwt.decode(
jwt=access_token, key=settings.SECRET_KEY, algorithms=["HS256"]
)
user = User.objects.get(id=payload["user_id"])
last_update = user.datatime_updated
if (datetime.now().minute - last_update.minute) <= 10:
return Response(
{"response": "You can't change your password so often"},
status=status.HTTP_200_OK,
last_update = user.datetime_updated
frequency_update = datetime.utcnow().minute - last_update.minute
if frequency_update <= 10:
return redirect(
"https://procollab.ru/auth/reset_password/",
status=status.HTTP_400_BAD_REQUEST,
message="You can't change your password so often",
)

user.set_password(serializer.data["new_password"])
user.save()

RefreshToken(refresh_token).blacklist()
return redirect(
"https://procollab.ru/auth/reset_password/",
status=status.HTTP_200_OK,
Expand All @@ -219,12 +244,12 @@ def update(self, request, *args, **kwargs):
except jwt.ExpiredSignatureError:
return redirect(
"https://procollab.ru/auth/reset_password/",
status=status.HTTP_200_OK,
status=status.HTTP_400_BAD_REQUEST,
message="Activate Expired",
)
except jwt.DecodeError:
return redirect(
"https://procollab.ru/auth/reset_password/",
status=status.HTTP_200_OK,
status=status.HTTP_400_BAD_REQUEST,
message="Decode error",
)