Issue #40 - add option to auto log in users after verifying.

apragacz · Mar 26, 2019 · 4dd4171 · 4dd4171
1 parent 1813eeb
commit 4dd4171
Show file tree

Hide file tree

Showing 4 changed files with 58 additions and 20 deletions.
diff --git a/rest_registration/api/views/login.py b/rest_registration/api/views/login.py
@@ -34,14 +34,7 @@ def login(request):
     if not user:
         raise BadRequest('Login or password invalid.')
 
-    if should_authenticate_session():
-        auth.login(request, user)
-
-    extra_data = {}
-
-    if should_retrieve_token():
-        token, _ = Token.objects.get_or_create(user=user)
-        extra_data['token'] = token.key
+    extra_data = perform_login(request, user)
 
     return get_ok_response('Login successful', extra_data=extra_data)
 
@@ -90,3 +83,16 @@ def should_retrieve_token():
 
 def rest_auth_has_class(cls):
     return cls in api_settings.DEFAULT_AUTHENTICATION_CLASSES
+
+
+def perform_login(request, user):
+    if should_authenticate_session():
+        auth.login(request, user)
+
+    extra_data = {}
+
+    if should_retrieve_token():
+        token, _ = Token.objects.get_or_create(user=user)
+        extra_data['token'] = token.key
+
+    return extra_data
diff --git a/rest_registration/api/views/register.py b/rest_registration/api/views/register.py
@@ -4,6 +4,7 @@
 from rest_framework.permissions import AllowAny
 from rest_framework.response import Response
 
+from rest_registration.api.views.login import perform_login
 from rest_registration.decorators import (
     api_view_serializer_class,
     api_view_serializer_class_getter
@@ -77,11 +78,14 @@ class VerifyRegistrationSerializer(serializers.Serializer):
 @api_view(['POST'])
 @permission_classes([AllowAny])
 def verify_registration(request):
-    '''
+    """
     Verify registration via signature.
-    '''
-    process_verify_registration_data(request.data)
-    return get_ok_response('User verified successfully')
+    """
+    user = process_verify_registration_data(request.data)
+    extra_data = None
+    if registration_settings.REGISTER_VERIFICATION_AUTO_LOGIN:
+        extra_data = perform_login(request, user)
+    return get_ok_response('User verified successfully', extra_data=extra_data)
 
 
 def process_verify_registration_data(input_data):
@@ -98,3 +102,5 @@ def process_verify_registration_data(input_data):
     user = get_user_by_id(data['user_id'], require_verified=False)
     setattr(user, verification_flag_field, True)
     user.save()
+
+    return user
diff --git a/rest_registration/settings_fields.py b/rest_registration/settings_fields.py
@@ -126,6 +126,14 @@ def __new__(cls, name, *, default=None, help=None, import_string=False):
             :ref:`html-email`.
             """),
     ),
+    Field(
+        'REGISTER_VERIFICATION_AUTO_LOGIN',
+        default=False,
+        help=dedent("""\
+        Specifies whether a user will be logged in automatically when they
+        verify their registration.
+        """),
+    ),
 ]
 
 LOGIN_SETTINGS_FIELDS = [

diff --git a/tests/api/test_register.py b/tests/api/test_register.py
@@ -18,6 +18,13 @@
     'VERIFICATION_FROM_EMAIL': VERIFICATION_FROM_EMAIL,
 }
 
+REST_REGISTRATION_WITH_VERIFICATION_AUTO_LOGIN = {
+    'REGISTER_VERIFICATION_ENABLED': True,
+    'REGISTER_VERIFICATION_URL': REGISTER_VERIFICATION_URL,
+    'VERIFICATION_FROM_EMAIL': VERIFICATION_FROM_EMAIL,
+    'REGISTER_VERIFICATION_AUTO_LOGIN': True,
+}
+
 REST_REGISTRATION_WITH_VERIFICATION_NO_PASSWORD = {
     'REGISTER_VERIFICATION_ENABLED': True,
     'REGISTER_VERIFICATION_URL': REGISTER_VERIFICATION_URL,
@@ -264,14 +271,29 @@ def _get_register_user_data(
 class VerifyRegistrationViewTestCase(APIViewTestCase):
     VIEW_NAME = 'verify-registration'
 
-    @override_settings(REST_REGISTRATION=REST_REGISTRATION_WITH_VERIFICATION)
-    def test_verify_ok(self):
+    def create_verify_and_user(self, session=False):
         user = self.create_test_user(is_active=False)
         self.assertFalse(user.is_active)
         signer = RegisterSigner({'user_id': user.pk})
         data = signer.get_signed_data()
         request = self.create_post_request(data)
+        if session:
+            self.add_session_to_request(request)
         response = self.view_func(request)
+        return user, response
+
+    @override_settings(REST_REGISTRATION=REST_REGISTRATION_WITH_VERIFICATION)
+    def test_verify_ok(self):
+        user, response = self.create_verify_and_user()
+        self.assert_valid_response(response, status.HTTP_200_OK)
+        user.refresh_from_db()
+        self.assertTrue(user.is_active)
+
+    @override_settings(REST_REGISTRATION=REST_REGISTRATION_WITH_VERIFICATION_AUTO_LOGIN)
+    def test_verify_ok_login(self):
+        with patch('django.contrib.auth.login') as mock:
+            user, response = self.create_verify_and_user()
+            mock.assert_called()
         self.assert_valid_response(response, status.HTTP_200_OK)
         user.refresh_from_db()
         self.assertTrue(user.is_active)
@@ -313,12 +335,8 @@ def test_verify_expired(self):
         }
     )
     def test_verify_disabled(self):
-        user = self.create_test_user(is_active=False)
-        self.assertFalse(user.is_active)
-        signer = RegisterSigner({'user_id': user.pk})
-        data = signer.get_signed_data()
-        request = self.create_post_request(data)
-        response = self.view_func(request)
+        user, response = self.create_verify_and_user()
+
         self.assert_invalid_response(response, status.HTTP_404_NOT_FOUND)
         user.refresh_from_db()
         self.assertFalse(user.is_active)