From 9733dc88e07fecc440115851778d36b6d53294d2 Mon Sep 17 00:00:00 2001 From: karthik Date: Sat, 25 Dec 2021 21:52:55 +0530 Subject: [PATCH 01/10] Return auth token key on register without email verification When email verification is turned off using all-auth settings, then on registration, return the auth token key. --- cvat/apps/iam/views.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/cvat/apps/iam/views.py b/cvat/apps/iam/views.py index df986457207f..752843e47520 100644 --- a/cvat/apps/iam/views.py +++ b/cvat/apps/iam/views.py @@ -108,7 +108,10 @@ def post(self, request): class RegisterViewEx(RegisterView): def get_response_data(self, user): data = self.get_serializer(user).data - data['email_verification_required'] = allauth_settings.EMAIL_VERIFICATION == \ - allauth_settings.EmailVerificationMethod.MANDATORY - + data['email_verification_required'] = True + data['key'] = None + if allauth_settings.EMAIL_VERIFICATION != \ + allauth_settings.EmailVerificationMethod.MANDATORY: + data['email_verification_required'] = False + data['key'] = user.auth_token.key return data From 4fa8977d1ef516a40fc84129733e5df6ffa99fcf Mon Sep 17 00:00:00 2001 From: karthik Date: Mon, 27 Dec 2021 21:49:43 +0530 Subject: [PATCH 02/10] Add tests for user registration without email verification --- CHANGELOG.md | 2 +- cvat/apps/iam/tests/__init__.py | 0 cvat/apps/iam/tests/test_rest_api.py | 37 ++++++++++++++++++++++++++++ 3 files changed, 38 insertions(+), 1 deletion(-) create mode 100644 cvat/apps/iam/tests/__init__.py create mode 100644 cvat/apps/iam/tests/test_rest_api.py diff --git a/CHANGELOG.md b/CHANGELOG.md index 65fa2ede1b35..30a6543217db 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,7 +7,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## \[2.0.0] - Unreleased ### Added - +- Fixed to return auth token key when registration without email verification - Add additional environment variables for Nuclio configuration () - Add KITTI segmentation and detection format () - Add LFW format () diff --git a/cvat/apps/iam/tests/__init__.py b/cvat/apps/iam/tests/__init__.py new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/cvat/apps/iam/tests/test_rest_api.py b/cvat/apps/iam/tests/test_rest_api.py new file mode 100644 index 000000000000..0247ed4b2f6a --- /dev/null +++ b/cvat/apps/iam/tests/test_rest_api.py @@ -0,0 +1,37 @@ +from django.urls import reverse +from rest_framework import status +from rest_framework.test import APITestCase +from rest_framework.authtoken.models import Token +from allauth.account import app_settings as allauth_settings +from django.test import override_settings + + +class AccountTests(APITestCase): + def test_register_account_without_email_verification(self): + """ + Ensure we can register a user and get auth token key when email verification is turned off + """ + url = reverse('rest_register') + data = {'first_name': 'test_first', 'last_name': 'test_last', 'username': 'test_username', + 'email': 'test_email@test.com', 'password1': '$Test357Test%', 'password2': '$Test357Test%', + 'confirmations': []} + response = self.client.post(url, data, format='json') + self.assertEqual(response.status_code, status.HTTP_201_CREATED) + user_token = Token.objects.get(user__username=response.data['username']) + self.assertEqual(response.data, {'first_name': 'test_first', 'last_name': 'test_last', + 'username': 'test_username', 'email': 'test_email@test.com', + 'email_verification_required': False, 'key': user_token.key}) + + # @override_settings(ACCOUNT_AUTHENTICATION_METHOD='username', ACCOUNT_CONFIRM_EMAIL_ON_GET=True, + # ACCOUNT_EMAIL_REQUIRED=True, ACCOUNT_EMAIL_VERIFICATION='mandatory', + # EMAIL_BACKEND='django.core.mail.backends.console.EmailBackend') + # def test_register_account_with_email_verification(self): + # url = reverse('rest_register') + # data = {'first_name': 'test_first', 'last_name': 'test_last', 'username': 'test_username', + # 'email': 'test_email@test.com', 'password1': '$Test357Test%', 'password2': '$Test357Test%', + # 'confirmations': []} + # response = self.client.post(url, data, format='json') + # self.assertEqual(response.status_code, status.HTTP_201_CREATED) + # self.assertEqual(response.data, {'first_name': 'test_first', 'last_name': 'test_last', + # 'username': 'test_username', 'email': 'test_email@test.com', + # 'email_verification_required': True, 'key': None}) From abcf3c64fd1ea7c8581c65b5182a29d83a78449e Mon Sep 17 00:00:00 2001 From: karthik Date: Wed, 29 Dec 2021 12:39:03 +0530 Subject: [PATCH 03/10] Add test case for user registration when email confirmation is manadatory --- cvat/apps/iam/tests/test_rest_api.py | 39 ++++++++++++++++++---------- 1 file changed, 25 insertions(+), 14 deletions(-) diff --git a/cvat/apps/iam/tests/test_rest_api.py b/cvat/apps/iam/tests/test_rest_api.py index 0247ed4b2f6a..6c0be3f7c448 100644 --- a/cvat/apps/iam/tests/test_rest_api.py +++ b/cvat/apps/iam/tests/test_rest_api.py @@ -2,8 +2,18 @@ from rest_framework import status from rest_framework.test import APITestCase from rest_framework.authtoken.models import Token -from allauth.account import app_settings as allauth_settings from django.test import override_settings +from cvat.apps.iam.urls import urlpatterns as iam_url_patterns +from django.urls import path, re_path +from allauth.account.views import ConfirmEmailView, EmailVerificationSentView + + +urlpatterns = iam_url_patterns + [ + re_path(r'^account-confirm-email/(?P[-:\w]+)/$', ConfirmEmailView.as_view(), + name='account_confirm_email'), + path('register/account-email-verification-sent', EmailVerificationSentView.as_view(), + name='account_email_verification_sent'), +] class AccountTests(APITestCase): @@ -22,16 +32,17 @@ def test_register_account_without_email_verification(self): 'username': 'test_username', 'email': 'test_email@test.com', 'email_verification_required': False, 'key': user_token.key}) - # @override_settings(ACCOUNT_AUTHENTICATION_METHOD='username', ACCOUNT_CONFIRM_EMAIL_ON_GET=True, - # ACCOUNT_EMAIL_REQUIRED=True, ACCOUNT_EMAIL_VERIFICATION='mandatory', - # EMAIL_BACKEND='django.core.mail.backends.console.EmailBackend') - # def test_register_account_with_email_verification(self): - # url = reverse('rest_register') - # data = {'first_name': 'test_first', 'last_name': 'test_last', 'username': 'test_username', - # 'email': 'test_email@test.com', 'password1': '$Test357Test%', 'password2': '$Test357Test%', - # 'confirmations': []} - # response = self.client.post(url, data, format='json') - # self.assertEqual(response.status_code, status.HTTP_201_CREATED) - # self.assertEqual(response.data, {'first_name': 'test_first', 'last_name': 'test_last', - # 'username': 'test_username', 'email': 'test_email@test.com', - # 'email_verification_required': True, 'key': None}) + @override_settings(ACCOUNT_AUTHENTICATION_METHOD='username', ACCOUNT_CONFIRM_EMAIL_ON_GET=True, + ACCOUNT_EMAIL_REQUIRED=True, ACCOUNT_EMAIL_VERIFICATION='mandatory', + EMAIL_BACKEND='django.core.mail.backends.console.EmailBackend', + ACCOUNT_EMAIL_CONFIRMATION_HMAC=True, ROOT_URLCONF=__name__) + def test_register_account_with_email_verification(self): + url = reverse('rest_register') + data = {'first_name': 'test_first', 'last_name': 'test_last', 'username': 'test_username', + 'email': 'test_email@test.com', 'password1': '$Test357Test%', 'password2': '$Test357Test%', + 'confirmations': []} + response = self.client.post(url, data, format='json') + self.assertEqual(response.status_code, status.HTTP_201_CREATED) + self.assertEqual(response.data, {'first_name': 'test_first', 'last_name': 'test_last', + 'username': 'test_username', 'email': 'test_email@test.com', + 'email_verification_required': True, 'key': None}) From 330c7645f193628b22b3774a7ec0b1f56a0ac507 Mon Sep 17 00:00:00 2001 From: karthik Date: Wed, 29 Dec 2021 12:59:01 +0530 Subject: [PATCH 04/10] Refactor register api tests and add its docstring --- cvat/apps/iam/tests/test_rest_api.py | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/cvat/apps/iam/tests/test_rest_api.py b/cvat/apps/iam/tests/test_rest_api.py index 6c0be3f7c448..9c170e75a91e 100644 --- a/cvat/apps/iam/tests/test_rest_api.py +++ b/cvat/apps/iam/tests/test_rest_api.py @@ -17,15 +17,21 @@ class AccountTests(APITestCase): + + user_data = {'first_name': 'test_first', 'last_name': 'test_last', 'username': 'test_username', + 'email': 'test_email@test.com', 'password1': '$Test357Test%', 'password2': '$Test357Test%', + 'confirmations': []} + + def get_register_response(self): + url = reverse('rest_register') + response = self.client.post(url, self.user_data, format='json') + return response + def test_register_account_without_email_verification(self): """ Ensure we can register a user and get auth token key when email verification is turned off """ - url = reverse('rest_register') - data = {'first_name': 'test_first', 'last_name': 'test_last', 'username': 'test_username', - 'email': 'test_email@test.com', 'password1': '$Test357Test%', 'password2': '$Test357Test%', - 'confirmations': []} - response = self.client.post(url, data, format='json') + response = self.get_register_response() self.assertEqual(response.status_code, status.HTTP_201_CREATED) user_token = Token.objects.get(user__username=response.data['username']) self.assertEqual(response.data, {'first_name': 'test_first', 'last_name': 'test_last', @@ -37,11 +43,10 @@ def test_register_account_without_email_verification(self): EMAIL_BACKEND='django.core.mail.backends.console.EmailBackend', ACCOUNT_EMAIL_CONFIRMATION_HMAC=True, ROOT_URLCONF=__name__) def test_register_account_with_email_verification(self): - url = reverse('rest_register') - data = {'first_name': 'test_first', 'last_name': 'test_last', 'username': 'test_username', - 'email': 'test_email@test.com', 'password1': '$Test357Test%', 'password2': '$Test357Test%', - 'confirmations': []} - response = self.client.post(url, data, format='json') + """ + Ensure we can register a user and it does not return auth token key when email verification is turned on + """ + response = self.get_register_response() self.assertEqual(response.status_code, status.HTTP_201_CREATED) self.assertEqual(response.data, {'first_name': 'test_first', 'last_name': 'test_last', 'username': 'test_username', 'email': 'test_email@test.com', From 648534b2be863c9e9a0c1280b977fdb07d098e4c Mon Sep 17 00:00:00 2001 From: karthik Date: Wed, 29 Dec 2021 13:34:20 +0530 Subject: [PATCH 05/10] updated the license header for iam tests --- cvat/apps/iam/tests/test_rest_api.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/cvat/apps/iam/tests/test_rest_api.py b/cvat/apps/iam/tests/test_rest_api.py index 9c170e75a91e..540a8027b4dc 100644 --- a/cvat/apps/iam/tests/test_rest_api.py +++ b/cvat/apps/iam/tests/test_rest_api.py @@ -1,3 +1,7 @@ +# Copyright (C) 2021 Intel Corporation +# +# SPDX-License-Identifier: MIT + from django.urls import reverse from rest_framework import status from rest_framework.test import APITestCase From 62e0db6d87bfad2fba7c71fe94e3f4e6164be2ab Mon Sep 17 00:00:00 2001 From: karthik Date: Wed, 29 Dec 2021 14:28:46 +0530 Subject: [PATCH 06/10] Add pull request link to changelog --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 30a6543217db..06dc0b40fd90 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,7 +7,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## \[2.0.0] - Unreleased ### Added -- Fixed to return auth token key when registration without email verification +- Fixed to return auth token key when registration without email verification () - Add additional environment variables for Nuclio configuration () - Add KITTI segmentation and detection format () - Add LFW format () From 8102cd7a2a7138e1d4cda624aa4da4f3d516db6a Mon Sep 17 00:00:00 2001 From: karthik Date: Wed, 29 Dec 2021 14:45:51 +0530 Subject: [PATCH 07/10] Add comment to explain overriding of ROOT_URLConf --- cvat/apps/iam/tests/test_rest_api.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/cvat/apps/iam/tests/test_rest_api.py b/cvat/apps/iam/tests/test_rest_api.py index 540a8027b4dc..440b931b6900 100644 --- a/cvat/apps/iam/tests/test_rest_api.py +++ b/cvat/apps/iam/tests/test_rest_api.py @@ -11,7 +11,6 @@ from django.urls import path, re_path from allauth.account.views import ConfirmEmailView, EmailVerificationSentView - urlpatterns = iam_url_patterns + [ re_path(r'^account-confirm-email/(?P[-:\w]+)/$', ConfirmEmailView.as_view(), name='account_confirm_email'), @@ -50,6 +49,8 @@ def test_register_account_with_email_verification(self): """ Ensure we can register a user and it does not return auth token key when email verification is turned on """ + # Since override settings is loaded after URLConf, 'account_confirm_email' url is not loaded, so we need to + # override ROOT_URLCONF to fix the issue response = self.get_register_response() self.assertEqual(response.status_code, status.HTTP_201_CREATED) self.assertEqual(response.data, {'first_name': 'test_first', 'last_name': 'test_last', From 3d785242b4b73308e67c48a3db4315a45719f71c Mon Sep 17 00:00:00 2001 From: karthik Date: Thu, 30 Dec 2021 18:59:17 +0530 Subject: [PATCH 08/10] Refactor tests for user registration Split the test case for user registration without email verification into two test cases by overriding ACCOUNT_EMAIL_VERIFICATION as 'none' and 'optional' --- cvat/apps/iam/tests/test_rest_api.py | 62 +++++++++++++++++----------- 1 file changed, 38 insertions(+), 24 deletions(-) diff --git a/cvat/apps/iam/tests/test_rest_api.py b/cvat/apps/iam/tests/test_rest_api.py index 440b931b6900..a59152338be5 100644 --- a/cvat/apps/iam/tests/test_rest_api.py +++ b/cvat/apps/iam/tests/test_rest_api.py @@ -11,6 +11,7 @@ from django.urls import path, re_path from allauth.account.views import ConfirmEmailView, EmailVerificationSentView + urlpatterns = iam_url_patterns + [ re_path(r'^account-confirm-email/(?P[-:\w]+)/$', ConfirmEmailView.as_view(), name='account_confirm_email'), @@ -19,40 +20,53 @@ ] -class AccountTests(APITestCase): +class UserRegisterAPITestCase(APITestCase): user_data = {'first_name': 'test_first', 'last_name': 'test_last', 'username': 'test_username', 'email': 'test_email@test.com', 'password1': '$Test357Test%', 'password2': '$Test357Test%', 'confirmations': []} - def get_register_response(self): + def _run_api_v1_user_register(self, data): url = reverse('rest_register') - response = self.client.post(url, self.user_data, format='json') + response = self.client.post(url, data, format='json') return response - def test_register_account_without_email_verification(self): + def _check_response(self, response, data): + self.assertEqual(response.status_code, status.HTTP_201_CREATED) + self.assertEqual(response.data, data) + + @override_settings(ACCOUNT_EMAIL_VERIFICATION='none') + def test_api_v1_user_register_with_email_verification_none(self): """ - Ensure we can register a user and get auth token key when email verification is turned off + Ensure we can register a user and get auth token key when email verification is not mandatory """ - response = self.get_register_response() - self.assertEqual(response.status_code, status.HTTP_201_CREATED) + response = self._run_api_v1_user_register(self.user_data) user_token = Token.objects.get(user__username=response.data['username']) - self.assertEqual(response.data, {'first_name': 'test_first', 'last_name': 'test_last', - 'username': 'test_username', 'email': 'test_email@test.com', - 'email_verification_required': False, 'key': user_token.key}) - - @override_settings(ACCOUNT_AUTHENTICATION_METHOD='username', ACCOUNT_CONFIRM_EMAIL_ON_GET=True, - ACCOUNT_EMAIL_REQUIRED=True, ACCOUNT_EMAIL_VERIFICATION='mandatory', - EMAIL_BACKEND='django.core.mail.backends.console.EmailBackend', - ACCOUNT_EMAIL_CONFIRMATION_HMAC=True, ROOT_URLCONF=__name__) - def test_register_account_with_email_verification(self): + self._check_response(response, {'first_name': 'test_first', 'last_name': 'test_last', + 'username': 'test_username', 'email': 'test_email@test.com', + 'email_verification_required': False, 'key': user_token.key}) + + # Since URLConf is executed before running the tests, so we have to manually configure the url patterns for + # the tests and pass it using ROOT_URLCONF in the override settings decorator + + @override_settings(ACCOUNT_EMAIL_VERIFICATION='optional', ROOT_URLCONF=__name__) + def test_api_v1_user_register_with_email_verification_optional(self): """ - Ensure we can register a user and it does not return auth token key when email verification is turned on + Ensure we can register a user and get auth token key when email verification is optional """ - # Since override settings is loaded after URLConf, 'account_confirm_email' url is not loaded, so we need to - # override ROOT_URLCONF to fix the issue - response = self.get_register_response() - self.assertEqual(response.status_code, status.HTTP_201_CREATED) - self.assertEqual(response.data, {'first_name': 'test_first', 'last_name': 'test_last', - 'username': 'test_username', 'email': 'test_email@test.com', - 'email_verification_required': True, 'key': None}) + response = self._run_api_v1_user_register(self.user_data) + user_token = Token.objects.get(user__username=response.data['username']) + self._check_response(response, {'first_name': 'test_first', 'last_name': 'test_last', + 'username': 'test_username', 'email': 'test_email@test.com', + 'email_verification_required': False, 'key': user_token.key}) + + @override_settings(ACCOUNT_EMAIL_REQUIRED=True, ACCOUNT_EMAIL_VERIFICATION='mandatory', + EMAIL_BACKEND='django.core.mail.backends.console.EmailBackend', ROOT_URLCONF=__name__) + def test_register_account_with_email_verification_mandatory(self): + """ + Ensure we can register a user and it does not return auth token key when email verification is mandatory + """ + response = self._run_api_v1_user_register(self.user_data) + self._check_response(response, {'first_name': 'test_first', 'last_name': 'test_last', + 'username': 'test_username', 'email': 'test_email@test.com', + 'email_verification_required': True, 'key': None}) From bcf3324f5cc60b55316a07cb411456b7a4e2cda3 Mon Sep 17 00:00:00 2001 From: karthik Date: Thu, 30 Dec 2021 19:04:32 +0530 Subject: [PATCH 09/10] Fix doc string --- cvat/apps/iam/tests/test_rest_api.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cvat/apps/iam/tests/test_rest_api.py b/cvat/apps/iam/tests/test_rest_api.py index a59152338be5..5e872ed03582 100644 --- a/cvat/apps/iam/tests/test_rest_api.py +++ b/cvat/apps/iam/tests/test_rest_api.py @@ -38,7 +38,7 @@ def _check_response(self, response, data): @override_settings(ACCOUNT_EMAIL_VERIFICATION='none') def test_api_v1_user_register_with_email_verification_none(self): """ - Ensure we can register a user and get auth token key when email verification is not mandatory + Ensure we can register a user and get auth token key when email verification is none """ response = self._run_api_v1_user_register(self.user_data) user_token = Token.objects.get(user__username=response.data['username']) From c947f34cd2831859f157560d28d296c7fa3ca471 Mon Sep 17 00:00:00 2001 From: Andrey Zhavoronkov Date: Fri, 14 Jan 2022 19:16:32 +0300 Subject: [PATCH 10/10] updated changelog --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index bde18926c59d..209a69ead642 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,7 +7,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## \[2.0.0] - Unreleased ### Added -- Fixed to return auth token key when registration without email verification () - Add additional environment variables for Nuclio configuration () - Add KITTI segmentation and detection format () - Add LFW format () @@ -49,6 +48,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Original pdf file is deleted when using share () - Order in an annotation file() - Fixed task data upload progressbar () +- Auth token key is not returned when registering without email verification () ### Security - Updated ELK to 6.8.22 which uses log4j 2.17.0 ()