Skip to content

Commit

Permalink
Add: Specific permission for resend_activation
Browse files Browse the repository at this point in the history
  • Loading branch information
73VW committed Dec 11, 2024
1 parent 9deaa63 commit a125ecd
Show file tree
Hide file tree
Showing 5 changed files with 38 additions and 7 deletions.
6 changes: 4 additions & 2 deletions djoser/conf.py
Original file line number Diff line number Diff line change
Expand Up @@ -45,14 +45,15 @@ def __getattribute__(self, item):
"SERIALIZERS": ObjDict(
{
"activation": "djoser.serializers.ActivationSerializer",
"password_reset": "djoser.serializers.SendEmailResetSerializer",
"resend_activation": "djoser.serializers.SendEmailSerializer",
"password_reset": "djoser.serializers.SendEmailSerializer",
"password_reset_confirm": "djoser.serializers.PasswordResetConfirmSerializer",
"password_reset_confirm_retype": "djoser.serializers.PasswordResetConfirmRetypeSerializer",
"set_password": "djoser.serializers.SetPasswordSerializer",
"set_password_retype": "djoser.serializers.SetPasswordRetypeSerializer",
"set_username": "djoser.serializers.SetUsernameSerializer",
"set_username_retype": "djoser.serializers.SetUsernameRetypeSerializer",
"username_reset": "djoser.serializers.SendEmailResetSerializer",
"username_reset": "djoser.serializers.SendEmailSerializer",
"username_reset_confirm": "djoser.serializers.UsernameResetConfirmSerializer",
"username_reset_confirm_retype": "djoser.serializers.UsernameResetConfirmRetypeSerializer",
"user_create": "djoser.serializers.UserCreateSerializer",
Expand Down Expand Up @@ -86,6 +87,7 @@ def __getattribute__(self, item):
"PERMISSIONS": ObjDict(
{
"activation": ["rest_framework.permissions.AllowAny"],
"resend_activation": ["rest_framework.permissions.AllowAny"],
"password_reset": ["rest_framework.permissions.AllowAny"],
"password_reset_confirm": ["rest_framework.permissions.AllowAny"],
"set_password": ["djoser.permissions.CurrentUserOrAdmin"],
Expand Down
2 changes: 1 addition & 1 deletion djoser/serializers.py
Original file line number Diff line number Diff line change
Expand Up @@ -147,7 +147,7 @@ def get_user(self, is_active=True):
self.fail("email_not_found")


class SendEmailResetSerializer(serializers.Serializer, UserFunctionsMixin):
class SendEmailSerializer(serializers.Serializer, UserFunctionsMixin):
default_error_messages = {
"email_not_found": settings.CONSTANTS.messages.EMAIL_NOT_FOUND
}
Expand Down
4 changes: 2 additions & 2 deletions djoser/views.py
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ def get_permissions(self):
elif self.action == "activation":
self.permission_classes = settings.PERMISSIONS.activation
elif self.action == "resend_activation":
self.permission_classes = settings.PERMISSIONS.password_reset
self.permission_classes = settings.PERMISSIONS.resend_activation
elif self.action == "list":
self.permission_classes = settings.PERMISSIONS.user_list
elif self.action == "reset_password":
Expand Down Expand Up @@ -101,7 +101,7 @@ def get_serializer_class(self):
elif self.action == "activation":
return settings.SERIALIZERS.activation
elif self.action == "resend_activation":
return settings.SERIALIZERS.password_reset
return settings.SERIALIZERS.resend_activation
elif self.action == "reset_password":
return settings.SERIALIZERS.password_reset
elif self.action == "reset_password_confirm":
Expand Down
6 changes: 4 additions & 2 deletions docs/source/settings.rst
Original file line number Diff line number Diff line change
Expand Up @@ -248,14 +248,15 @@ to update the defaults, so by providing, e.g. one key, all the others will stay
{
'activation': 'djoser.serializers.ActivationSerializer',
'password_reset': 'djoser.serializers.SendEmailResetSerializer',
'resend_activation': 'djoser.serializers.ActivationSerializer',
'password_reset': 'djoser.serializers.SendEmailSerializer',
'password_reset_confirm': 'djoser.serializers.PasswordResetConfirmSerializer',
'password_reset_confirm_retype': 'djoser.serializers.PasswordResetConfirmRetypeSerializer',
'set_password': 'djoser.serializers.SetPasswordSerializer',
'set_password_retype': 'djoser.serializers.SetPasswordRetypeSerializer',
'set_username': 'djoser.serializers.SetUsernameSerializer',
'set_username_retype': 'djoser.serializers.SetUsernameRetypeSerializer',
'username_reset': 'djoser.serializers.SendEmailResetSerializer',
'username_reset': 'djoser.serializers.SendEmailSerializer',
'username_reset_confirm': 'djoser.serializers.UsernameResetConfirmSerializer',
'username_reset_confirm_retype': 'djoser.serializers.UsernameResetConfirmRetypeSerializer',
'user_create': 'djoser.serializers.UserCreateSerializer',
Expand Down Expand Up @@ -364,6 +365,7 @@ Dictionary that maps permissions to certain views across Djoser.
{
'activation': ['rest_framework.permissions.AllowAny'],
'resend_activation': ['rest_framework.permissions.AllowAny'],
'password_reset': ['rest_framework.permissions.AllowAny'],
'password_reset_confirm': ['rest_framework.permissions.AllowAny'],
'set_password': ['djoser.permissions.CurrentUserOrAdmin'],
Expand Down
27 changes: 27 additions & 0 deletions testproject/testapp/tests/test_resend_activation.py
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
from testapp.tests.common import create_user, mock

from djoser.compat import get_user_email
from djoser.conf import settings as djoser_settings


class TestResendActivationEmail(
Expand Down Expand Up @@ -74,3 +75,29 @@ def test_post_should_return_no_content_if_user_does_not_exist(self):
response = self.client.post(self.base_url, data)

self.assert_status_equal(response, status.HTTP_204_NO_CONTENT)

def test_dont_resend_activation_with_authenticated_user_permission(self):
old_value = djoser_settings.PERMISSIONS["resend_activation"]
with override_settings(
DJOSER=dict(
settings.DJOSER,
**{
"PERMISSIONS": {
"resend_activation": [
"rest_framework.permissions.IsAuthenticated"
]
}
},
)
):
user = create_user(is_active=False)
data = {"email": user.email}
response = self.client.post(self.base_url, data)

self.assert_emails_in_mailbox(0)
self.assert_status_equal(response, status.HTTP_401_UNAUTHORIZED)
override_settings(
DJOSER=dict(
settings.DJOSER, **{"PERMISSIONS": {"resend_activation": old_value}}
)
).enable()

0 comments on commit a125ecd

Please sign in to comment.