def managing(self, request):
"""
Handle listing and updating account user is currently managing
"""
mgr = get_object_or_404(models.Account, pk=request.user.id)
method = request.method
response_data = None
response_status = status.HTTP_500_INTERNAL_SERVER_ERROR
if method == Methods.GET:
mngn = models.Account.objects.filter(pk__in=mgr.managing)
serializer = self.get_serializer(mngn, many=True)
response_data = serializer.data
response_status = status.HTTP_200_OK
elif method == Methods.POST:
if utils.has_required(request.data.keys(), {"code"}):
auth_code = request.data["code"]
auth = get_object_or_404(models.Auth,
code=auth_code,
owner_id=mgr.id)
auth.activate()
response_data = self.get_serializer(auth.user).data
response_status = status.HTTP_200_OK
else:
utils.raise_api_exc(
APIException("no authorization code supplied"),
status.HTTP_400_BAD_REQUEST,
)
else:
# DELETE
if utils.has_required(request.data.keys(), {"email"}):
usr_email = request.data["email"]
user = get_object_or_404(models.Account, email=usr_email)
deauth_manager(user=user, mgr=mgr)
response_status = status.HTTP_204_NO_CONTENT
else:
utils.raise_api_exc(APIException("no email supplied"),
status.HTTP_400_BAD_REQUEST)
return Response(data=response_data, status=response_status)
def auth_user(request):
"""
Authenticate user using email and password
"""
data = request.data
if utils.has_required(data.keys(), {"email", "password"}):
user = get_object_or_404(models.Account, email=data["email"])
if user.check_password(data["password"]):
response = JsonResponse(serializers.AccountSerializer(user).data)
else:
utils.raise_api_exc(APIException("invalid credentials"),
status.HTTP_400_BAD_REQUEST)
else:
utils.raise_api_exc(APIException("incomplete information"),
status.HTTP_400_BAD_REQUEST)
return response
def auth_reset(request):
"""
Control user account password reset
"""
if request.method == Methods.GET:
email = request.query_params.get("email")
if email:
user = get_object_or_404(models.Account, email=email)
reset_code = get_random_string(128)
user.set_reset_code(reset_code, True)
_send_reset_request_mail(request, user, reset_code)
response = Response(
data={"detail": "reset code has been sent to your email"},
status=status.HTTP_200_OK,
)
else:
utils.raise_api_exc(
APIException("email is required to request a reset"),
status.HTTP_400_BAD_REQUEST,
)
else:
# POST
data = request.data
if utils.has_required(data.keys(), {"email", "code", "password"}):
user = get_object_or_404(models.Account, email=data["email"])
if user.check_reset_code(data["code"]):
user.set_password(data["password"])
user.clear_reset_code()
user.save()
_send_reset_confirm_mail(request, user)
response = Response(
data={"detail": "password reset successfully"},
status=status.HTTP_200_OK,
)
else:
utils.raise_api_exc(APIException("invalid reset code"),
status.HTTP_400_BAD_REQUEST)
else:
utils.raise_api_exc(APIException("incomplete reset details"),
status.HTTP_400_BAD_REQUEST)
return response
def managers(self, request):
"""
Handle listing and adding accounts that can manage user
"""
user = get_object_or_404(models.Account, pk=request.user.id)
method = request.method
response_data = None
response_status = status.HTTP_500_INTERNAL_SERVER_ERROR
if method == Methods.GET:
mgrs = models.Account.objects.filter(pk__in=user.managers)
serializer = self.get_serializer(mgrs, many=True)
response_data = serializer.data
response_status = status.HTTP_200_OK
else:
# POST & DELETE
if utils.has_required(request.data.keys(), {"email"}):
mgr_email = request.data["email"]
if user.email == mgr_email:
utils.raise_api_exc(
APIException("you are signed with this email"),
status.HTTP_400_BAD_REQUEST,
)
mgr = get_object_or_404(models.Account, email=mgr_email)
if method == Methods.POST:
auth = auth_manager(user=user, mgr=mgr)
self._send_manage_request_mail(user, mgr_email, auth)
response_data = self.get_serializer(mgr).data
response_status = status.HTTP_202_ACCEPTED
else:
# DELETE
deauth_manager(user=user, mgr=mgr)
response_status = status.HTTP_204_NO_CONTENT
else:
utils.raise_api_exc(APIException("no email supplied"),
status.HTTP_400_BAD_REQUEST)
return Response(data=response_data, status=response_status)
def test_has_required(self):
"""
Test utils.has_required function
"""
self.assertTrue(has_required({1, 2, 3, 4}, {2, 3}))
self.assertFalse(has_required({1, 2, 3, 4}, {2, 3, 99}))