diff --git a/CHANGELOG.md b/CHANGELOG.md index 9b4fb4ad17ac..67a162bc8c11 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,7 +7,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## \[2.0.0] - Unreleased ### Added - - Add additional environment variables for Nuclio configuration () - Add KITTI segmentation and detection format () - Add LFW format () @@ -55,6 +54,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Email in org invitations is case sensitive () - Bug: canvas is busy when start playing, start resizing a shape and do not release the mouse cursor () - Fixed tus upload error over https () +- Auth token key is not returned when registering without email verification () ### Security - Updated ELK to 6.8.22 which uses log4j 2.17.0 () diff --git a/cvat/apps/iam/tests/__init__.py b/cvat/apps/iam/tests/__init__.py new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/cvat/apps/iam/tests/test_rest_api.py b/cvat/apps/iam/tests/test_rest_api.py new file mode 100644 index 000000000000..5e872ed03582 --- /dev/null +++ b/cvat/apps/iam/tests/test_rest_api.py @@ -0,0 +1,72 @@ +# Copyright (C) 2021 Intel Corporation +# +# SPDX-License-Identifier: MIT + +from django.urls import reverse +from rest_framework import status +from rest_framework.test import APITestCase +from rest_framework.authtoken.models import Token +from django.test import override_settings +from cvat.apps.iam.urls import urlpatterns as iam_url_patterns +from django.urls import path, re_path +from allauth.account.views import ConfirmEmailView, EmailVerificationSentView + + +urlpatterns = iam_url_patterns + [ + re_path(r'^account-confirm-email/(?P[-:\w]+)/$', ConfirmEmailView.as_view(), + name='account_confirm_email'), + path('register/account-email-verification-sent', EmailVerificationSentView.as_view(), + name='account_email_verification_sent'), +] + + +class UserRegisterAPITestCase(APITestCase): + + user_data = {'first_name': 'test_first', 'last_name': 'test_last', 'username': 'test_username', + 'email': 'test_email@test.com', 'password1': '$Test357Test%', 'password2': '$Test357Test%', + 'confirmations': []} + + def _run_api_v1_user_register(self, data): + url = reverse('rest_register') + response = self.client.post(url, data, format='json') + return response + + def _check_response(self, response, data): + self.assertEqual(response.status_code, status.HTTP_201_CREATED) + self.assertEqual(response.data, data) + + @override_settings(ACCOUNT_EMAIL_VERIFICATION='none') + def test_api_v1_user_register_with_email_verification_none(self): + """ + Ensure we can register a user and get auth token key when email verification is none + """ + response = self._run_api_v1_user_register(self.user_data) + user_token = Token.objects.get(user__username=response.data['username']) + self._check_response(response, {'first_name': 'test_first', 'last_name': 'test_last', + 'username': 'test_username', 'email': 'test_email@test.com', + 'email_verification_required': False, 'key': user_token.key}) + + # Since URLConf is executed before running the tests, so we have to manually configure the url patterns for + # the tests and pass it using ROOT_URLCONF in the override settings decorator + + @override_settings(ACCOUNT_EMAIL_VERIFICATION='optional', ROOT_URLCONF=__name__) + def test_api_v1_user_register_with_email_verification_optional(self): + """ + Ensure we can register a user and get auth token key when email verification is optional + """ + response = self._run_api_v1_user_register(self.user_data) + user_token = Token.objects.get(user__username=response.data['username']) + self._check_response(response, {'first_name': 'test_first', 'last_name': 'test_last', + 'username': 'test_username', 'email': 'test_email@test.com', + 'email_verification_required': False, 'key': user_token.key}) + + @override_settings(ACCOUNT_EMAIL_REQUIRED=True, ACCOUNT_EMAIL_VERIFICATION='mandatory', + EMAIL_BACKEND='django.core.mail.backends.console.EmailBackend', ROOT_URLCONF=__name__) + def test_register_account_with_email_verification_mandatory(self): + """ + Ensure we can register a user and it does not return auth token key when email verification is mandatory + """ + response = self._run_api_v1_user_register(self.user_data) + self._check_response(response, {'first_name': 'test_first', 'last_name': 'test_last', + 'username': 'test_username', 'email': 'test_email@test.com', + 'email_verification_required': True, 'key': None}) diff --git a/cvat/apps/iam/views.py b/cvat/apps/iam/views.py index df986457207f..752843e47520 100644 --- a/cvat/apps/iam/views.py +++ b/cvat/apps/iam/views.py @@ -108,7 +108,10 @@ def post(self, request): class RegisterViewEx(RegisterView): def get_response_data(self, user): data = self.get_serializer(user).data - data['email_verification_required'] = allauth_settings.EMAIL_VERIFICATION == \ - allauth_settings.EmailVerificationMethod.MANDATORY - + data['email_verification_required'] = True + data['key'] = None + if allauth_settings.EMAIL_VERIFICATION != \ + allauth_settings.EmailVerificationMethod.MANDATORY: + data['email_verification_required'] = False + data['key'] = user.auth_token.key return data