From dc135abd783fb35180609a56de6cf51d287b8339 Mon Sep 17 00:00:00 2001 From: Mael Pedretti Date: Wed, 11 Dec 2024 10:04:30 +0100 Subject: [PATCH] Add: Specific permission for resend_activation --- djoser/conf.py | 6 ++++-- djoser/serializers.py | 2 +- djoser/views.py | 4 ++-- docs/source/settings.rst | 6 ++++-- .../testapp/tests/test_resend_activation.py | 18 ++++++++++++++++++ 5 files changed, 29 insertions(+), 7 deletions(-) diff --git a/djoser/conf.py b/djoser/conf.py index c6251ea1..25e302ee 100644 --- a/djoser/conf.py +++ b/djoser/conf.py @@ -45,14 +45,15 @@ def __getattribute__(self, item): "SERIALIZERS": ObjDict( { "activation": "djoser.serializers.ActivationSerializer", - "password_reset": "djoser.serializers.SendEmailResetSerializer", + "resend_activation": "djoser.serializers.SendEmailSerializer", + "password_reset": "djoser.serializers.SendEmailSerializer", "password_reset_confirm": "djoser.serializers.PasswordResetConfirmSerializer", "password_reset_confirm_retype": "djoser.serializers.PasswordResetConfirmRetypeSerializer", "set_password": "djoser.serializers.SetPasswordSerializer", "set_password_retype": "djoser.serializers.SetPasswordRetypeSerializer", "set_username": "djoser.serializers.SetUsernameSerializer", "set_username_retype": "djoser.serializers.SetUsernameRetypeSerializer", - "username_reset": "djoser.serializers.SendEmailResetSerializer", + "username_reset": "djoser.serializers.SendEmailSerializer", "username_reset_confirm": "djoser.serializers.UsernameResetConfirmSerializer", "username_reset_confirm_retype": "djoser.serializers.UsernameResetConfirmRetypeSerializer", "user_create": "djoser.serializers.UserCreateSerializer", @@ -86,6 +87,7 @@ def __getattribute__(self, item): "PERMISSIONS": ObjDict( { "activation": ["rest_framework.permissions.AllowAny"], + "resend_activation": ["rest_framework.permissions.AllowAny"], "password_reset": ["rest_framework.permissions.AllowAny"], "password_reset_confirm": ["rest_framework.permissions.AllowAny"], "set_password": ["djoser.permissions.CurrentUserOrAdmin"], diff --git a/djoser/serializers.py b/djoser/serializers.py index e201852a..16a1cc8b 100644 --- a/djoser/serializers.py +++ b/djoser/serializers.py @@ -147,7 +147,7 @@ def get_user(self, is_active=True): self.fail("email_not_found") -class SendEmailResetSerializer(serializers.Serializer, UserFunctionsMixin): +class SendEmailSerializer(serializers.Serializer, UserFunctionsMixin): default_error_messages = { "email_not_found": settings.CONSTANTS.messages.EMAIL_NOT_FOUND } diff --git a/djoser/views.py b/djoser/views.py index 09b9e46a..51b289da 100644 --- a/djoser/views.py +++ b/djoser/views.py @@ -68,7 +68,7 @@ def get_permissions(self): elif self.action == "activation": self.permission_classes = settings.PERMISSIONS.activation elif self.action == "resend_activation": - self.permission_classes = settings.PERMISSIONS.password_reset + self.permission_classes = settings.PERMISSIONS.resend_activation elif self.action == "list": self.permission_classes = settings.PERMISSIONS.user_list elif self.action == "reset_password": @@ -101,7 +101,7 @@ def get_serializer_class(self): elif self.action == "activation": return settings.SERIALIZERS.activation elif self.action == "resend_activation": - return settings.SERIALIZERS.password_reset + return settings.SERIALIZERS.resend_activation elif self.action == "reset_password": return settings.SERIALIZERS.password_reset elif self.action == "reset_password_confirm": diff --git a/docs/source/settings.rst b/docs/source/settings.rst index 6c3f3edb..3631c278 100644 --- a/docs/source/settings.rst +++ b/docs/source/settings.rst @@ -248,14 +248,15 @@ to update the defaults, so by providing, e.g. one key, all the others will stay { 'activation': 'djoser.serializers.ActivationSerializer', - 'password_reset': 'djoser.serializers.SendEmailResetSerializer', + 'resend_activation': 'djoser.serializers.ActivationSerializer', + 'password_reset': 'djoser.serializers.SendEmailSerializer', 'password_reset_confirm': 'djoser.serializers.PasswordResetConfirmSerializer', 'password_reset_confirm_retype': 'djoser.serializers.PasswordResetConfirmRetypeSerializer', 'set_password': 'djoser.serializers.SetPasswordSerializer', 'set_password_retype': 'djoser.serializers.SetPasswordRetypeSerializer', 'set_username': 'djoser.serializers.SetUsernameSerializer', 'set_username_retype': 'djoser.serializers.SetUsernameRetypeSerializer', - 'username_reset': 'djoser.serializers.SendEmailResetSerializer', + 'username_reset': 'djoser.serializers.SendEmailSerializer', 'username_reset_confirm': 'djoser.serializers.UsernameResetConfirmSerializer', 'username_reset_confirm_retype': 'djoser.serializers.UsernameResetConfirmRetypeSerializer', 'user_create': 'djoser.serializers.UserCreateSerializer', @@ -364,6 +365,7 @@ Dictionary that maps permissions to certain views across Djoser. { 'activation': ['rest_framework.permissions.AllowAny'], + 'resend_activation': ['rest_framework.permissions.AllowAny'], 'password_reset': ['rest_framework.permissions.AllowAny'], 'password_reset_confirm': ['rest_framework.permissions.AllowAny'], 'set_password': ['djoser.permissions.CurrentUserOrAdmin'], diff --git a/testproject/testapp/tests/test_resend_activation.py b/testproject/testapp/tests/test_resend_activation.py index c451b916..ae60c768 100644 --- a/testproject/testapp/tests/test_resend_activation.py +++ b/testproject/testapp/tests/test_resend_activation.py @@ -74,3 +74,21 @@ def test_post_should_return_no_content_if_user_does_not_exist(self): response = self.client.post(self.base_url, data) self.assert_status_equal(response, status.HTTP_204_NO_CONTENT) + + @override_settings( + DJOSER=dict( + settings.DJOSER, + **{ + "PERMISSIONS": { + "resend_activation": ["rest_framework.permissions.IsAuthenticated"] + } + }, + ) + ) + def test_dont_resend_activation_with_authenticated_user_permission(self): + user = create_user(is_active=False) + data = {"email": user.email} + response = self.client.post(self.base_url, data) + + self.assert_emails_in_mailbox(0) + self.assert_status_equal(response, status.HTTP_401_UNAUTHORIZED)