From 777f296d442dc687fabb42b6f9d5288f291693e0 Mon Sep 17 00:00:00 2001 From: Mael Pedretti Date: Wed, 11 Dec 2024 10:04:30 +0100 Subject: [PATCH] Add: Specific permission for resend_activation --- djoser/conf.py | 6 +++-- djoser/serializers.py | 2 +- djoser/views.py | 4 +-- docs/source/settings.rst | 6 +++-- .../testapp/tests/test_resend_activation.py | 27 +++++++++++++++++++ 5 files changed, 38 insertions(+), 7 deletions(-) diff --git a/djoser/conf.py b/djoser/conf.py index c6251ea1..25e302ee 100644 --- a/djoser/conf.py +++ b/djoser/conf.py @@ -45,14 +45,15 @@ def __getattribute__(self, item): "SERIALIZERS": ObjDict( { "activation": "djoser.serializers.ActivationSerializer", - "password_reset": "djoser.serializers.SendEmailResetSerializer", + "resend_activation": "djoser.serializers.SendEmailSerializer", + "password_reset": "djoser.serializers.SendEmailSerializer", "password_reset_confirm": "djoser.serializers.PasswordResetConfirmSerializer", "password_reset_confirm_retype": "djoser.serializers.PasswordResetConfirmRetypeSerializer", "set_password": "djoser.serializers.SetPasswordSerializer", "set_password_retype": "djoser.serializers.SetPasswordRetypeSerializer", "set_username": "djoser.serializers.SetUsernameSerializer", "set_username_retype": "djoser.serializers.SetUsernameRetypeSerializer", - "username_reset": "djoser.serializers.SendEmailResetSerializer", + "username_reset": "djoser.serializers.SendEmailSerializer", "username_reset_confirm": "djoser.serializers.UsernameResetConfirmSerializer", "username_reset_confirm_retype": "djoser.serializers.UsernameResetConfirmRetypeSerializer", "user_create": "djoser.serializers.UserCreateSerializer", @@ -86,6 +87,7 @@ def __getattribute__(self, item): "PERMISSIONS": ObjDict( { "activation": ["rest_framework.permissions.AllowAny"], + "resend_activation": ["rest_framework.permissions.AllowAny"], "password_reset": ["rest_framework.permissions.AllowAny"], "password_reset_confirm": ["rest_framework.permissions.AllowAny"], "set_password": ["djoser.permissions.CurrentUserOrAdmin"], diff --git a/djoser/serializers.py b/djoser/serializers.py index e201852a..16a1cc8b 100644 --- a/djoser/serializers.py +++ b/djoser/serializers.py @@ -147,7 +147,7 @@ def get_user(self, is_active=True): self.fail("email_not_found") -class SendEmailResetSerializer(serializers.Serializer, UserFunctionsMixin): +class SendEmailSerializer(serializers.Serializer, UserFunctionsMixin): default_error_messages = { "email_not_found": settings.CONSTANTS.messages.EMAIL_NOT_FOUND } diff --git a/djoser/views.py b/djoser/views.py index 09b9e46a..51b289da 100644 --- a/djoser/views.py +++ b/djoser/views.py @@ -68,7 +68,7 @@ def get_permissions(self): elif self.action == "activation": self.permission_classes = settings.PERMISSIONS.activation elif self.action == "resend_activation": - self.permission_classes = settings.PERMISSIONS.password_reset + self.permission_classes = settings.PERMISSIONS.resend_activation elif self.action == "list": self.permission_classes = settings.PERMISSIONS.user_list elif self.action == "reset_password": @@ -101,7 +101,7 @@ def get_serializer_class(self): elif self.action == "activation": return settings.SERIALIZERS.activation elif self.action == "resend_activation": - return settings.SERIALIZERS.password_reset + return settings.SERIALIZERS.resend_activation elif self.action == "reset_password": return settings.SERIALIZERS.password_reset elif self.action == "reset_password_confirm": diff --git a/docs/source/settings.rst b/docs/source/settings.rst index 6c3f3edb..296fdae3 100644 --- a/docs/source/settings.rst +++ b/docs/source/settings.rst @@ -248,14 +248,15 @@ to update the defaults, so by providing, e.g. one key, all the others will stay { 'activation': 'djoser.serializers.ActivationSerializer', - 'password_reset': 'djoser.serializers.SendEmailResetSerializer', + 'resend_activation': 'djoser.serializers.SendEmailSerializer', + 'password_reset': 'djoser.serializers.SendEmailSerializer', 'password_reset_confirm': 'djoser.serializers.PasswordResetConfirmSerializer', 'password_reset_confirm_retype': 'djoser.serializers.PasswordResetConfirmRetypeSerializer', 'set_password': 'djoser.serializers.SetPasswordSerializer', 'set_password_retype': 'djoser.serializers.SetPasswordRetypeSerializer', 'set_username': 'djoser.serializers.SetUsernameSerializer', 'set_username_retype': 'djoser.serializers.SetUsernameRetypeSerializer', - 'username_reset': 'djoser.serializers.SendEmailResetSerializer', + 'username_reset': 'djoser.serializers.SendEmailSerializer', 'username_reset_confirm': 'djoser.serializers.UsernameResetConfirmSerializer', 'username_reset_confirm_retype': 'djoser.serializers.UsernameResetConfirmRetypeSerializer', 'user_create': 'djoser.serializers.UserCreateSerializer', @@ -364,6 +365,7 @@ Dictionary that maps permissions to certain views across Djoser. { 'activation': ['rest_framework.permissions.AllowAny'], + 'resend_activation': ['rest_framework.permissions.AllowAny'], 'password_reset': ['rest_framework.permissions.AllowAny'], 'password_reset_confirm': ['rest_framework.permissions.AllowAny'], 'set_password': ['djoser.permissions.CurrentUserOrAdmin'], diff --git a/testproject/testapp/tests/test_resend_activation.py b/testproject/testapp/tests/test_resend_activation.py index c451b916..17ba138c 100644 --- a/testproject/testapp/tests/test_resend_activation.py +++ b/testproject/testapp/tests/test_resend_activation.py @@ -8,6 +8,7 @@ from testapp.tests.common import create_user, mock from djoser.compat import get_user_email +from djoser.conf import settings as djoser_settings class TestResendActivationEmail( @@ -74,3 +75,29 @@ def test_post_should_return_no_content_if_user_does_not_exist(self): response = self.client.post(self.base_url, data) self.assert_status_equal(response, status.HTTP_204_NO_CONTENT) + + def test_dont_resend_activation_with_authenticated_user_permission(self): + old_value = djoser_settings.PERMISSIONS["resend_activation"] + with override_settings( + DJOSER=dict( + settings.DJOSER, + **{ + "PERMISSIONS": { + "resend_activation": [ + "rest_framework.permissions.IsAuthenticated" + ] + } + }, + ) + ): + user = create_user(is_active=False) + data = {"email": user.email} + response = self.client.post(self.base_url, data) + + self.assert_emails_in_mailbox(0) + self.assert_status_equal(response, status.HTTP_401_UNAUTHORIZED) + override_settings( + DJOSER=dict( + settings.DJOSER, **{"PERMISSIONS": {"resend_activation": old_value}} + ) + ).enable()