create authentication app to separate authentication from business api

8 months ago · 57ea6e8e78
parent 6b97eaf850
commit 57ea6e8e78
22 changed files with 269 additions and 148 deletions
--- a/api/serializers.py
+++ b/api/serializers.py
@ -1,8 +1,6 @@
 from rest_framework import serializers
 from tournaments.models.court import Court
 from tournaments.models import Club, LiveMatch, TeamScore, Tournament, CustomUser, Event, Round, GroupStage, Match, TeamRegistration, PlayerRegistration, Purchase, FailedApiCall, DateInterval, Log, DeviceToken, UnregisteredTeam, UnregisteredPlayer
-from django.contrib.auth import password_validation
-from django.utils.translation import gettext_lazy as _
 from django.db.utils import IntegrityError
 from django.conf import settings

@ -14,7 +12,6 @@ from django.core.mail import EmailMessage
 from django.contrib.sites.shortcuts import get_current_site

 from api.tokens import account_activation_token
-# from tournaments.models.data_access import DataAccess

 from shared.cryptography import encryption_util
 from tournaments.models.draw_log import DrawLog
@ -146,7 +143,7 @@ class RoundSerializer(serializers.ModelSerializer):
 class GroupStageSerializer(serializers.ModelSerializer):
    class Meta:
        model = GroupStage
-        fields = '__all__' # ['id', 'index', 'tournament_id', 'format']
+        fields = '__all__'

 class MatchSerializer(serializers.ModelSerializer):
    class Meta:
@ -156,7 +153,7 @@ class MatchSerializer(serializers.ModelSerializer):
 class TeamScoreSerializer(serializers.ModelSerializer):
    class Meta:
        model = TeamScore
-        fields = '__all__' # ['id', 'match_id', 'score', 'walk_out', 'lucky_loser', 'player_registrations']
+        fields = '__all__'

 class TeamRegistrationSerializer(serializers.ModelSerializer):
    class Meta:
@ -180,31 +177,6 @@ class PurchaseSerializer(serializers.ModelSerializer):
        validated_data['user'] = user
        return super().create(validated_data)

-class ChangePasswordSerializer(serializers.Serializer):
-    old_password = serializers.CharField(max_length=128, write_only=True, required=True)
-    new_password1 = serializers.CharField(max_length=128, write_only=True, required=True)
-    new_password2 = serializers.CharField(max_length=128, write_only=True, required=True)
-
-    def validate_old_password(self, value):
-        user = self.context['request'].user
-        if not user.check_password(value):
-            raise serializers.ValidationError(
-                _('Your old password was entered incorrectly. Please enter it again.')
-            )
-        return value
-
-    def validate(self, data):
-        if data['new_password1'] != data['new_password2']:
-            raise serializers.ValidationError({'new_password2': _("The two password fields didn't match.")})
-        password_validation.validate_password(data['new_password1'], self.context['request'].user)
-        return data
-
-    def save(self, **kwargs):
-        password = self.validated_data['new_password1']
-        user = self.context['request'].user
-        user.set_password(password)
-        user.save()
-        return user

 class LiveMatchSerializer(serializers.ModelSerializer):
    class Meta:
@ -237,7 +209,6 @@ class DeviceTokenSerializer(serializers.ModelSerializer):
        fields = '__all__'
        read_only_fields = ['user']

-
 class DrawLogSerializer(serializers.ModelSerializer):
    class Meta:
        model = DrawLog
--- a/api/urls.py
+++ b/api/urls.py
@ -4,6 +4,7 @@ from rest_framework.authtoken.views import obtain_auth_token

 from . import views
 from sync.views import SynchronizationApi, UserDataAccessApi, DataAccessViewSet
+from authentication.views import CustomAuthToken, Logout, ChangePasswordView

 router = routers.DefaultRouter()
 router.register(r'users', views.UserViewSet)
@ -36,10 +37,11 @@ urlpatterns = [

    path('api-token-auth/', obtain_auth_token, name='api_token_auth'),
    path("user-by-token/", views.user_by_token, name="user_by_token"),
-    path("change-password/", views.ChangePasswordView.as_view(), name="change_password"),

-    path('token-auth/', views.CustomAuthToken.as_view()),
-    path('api-token-logout/', views.Logout.as_view()),
+    # authentication
+    path("change-password/", ChangePasswordView.as_view(), name="change_password"),
+    path('token-auth/', CustomAuthToken.as_view()),
+    path('api-token-logout/', Logout.as_view()),

    # forgotten password
    path('dj-rest-auth/', include('dj_rest_auth.urls')),
--- a/api/utils.py
+++ b/api/utils.py
@ -1,9 +1,3 @@
-import re
-
-def is_valid_email(email):
-    email_regex = r'^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$'
-    return re.match(email_regex, email) is not None
-
 def check_version_smaller_than_1_1_12(version_str):
    # Remove the parentheses part if it exists, example of version: 1.1.12 (2)
    version_str = version_str.split()[0]
--- a/api/views.py
+++ b/api/views.py
@ -1,102 +1,20 @@
-from pandas.io.feather_format import pd
-from .serializers import ClubSerializer, CourtSerializer, DateIntervalSerializer, DrawLogSerializer, TournamentSerializer, UserSerializer, ChangePasswordSerializer, EventSerializer, RoundSerializer, GroupStageSerializer, MatchSerializer, TeamScoreSerializer, TeamRegistrationSerializer, PlayerRegistrationSerializer, LiveMatchSerializer, PurchaseSerializer, ShortUserSerializer, FailedApiCallSerializer, LogSerializer, DeviceTokenSerializer, CustomUserSerializer, UnregisteredTeamSerializer, UnregisteredPlayerSerializer
+from .serializers import ClubSerializer, CourtSerializer, DateIntervalSerializer, DrawLogSerializer, TournamentSerializer, UserSerializer, EventSerializer, RoundSerializer, GroupStageSerializer, MatchSerializer, TeamScoreSerializer, TeamRegistrationSerializer, PlayerRegistrationSerializer, PurchaseSerializer, ShortUserSerializer, FailedApiCallSerializer, LogSerializer, DeviceTokenSerializer, CustomUserSerializer, UnregisteredTeamSerializer, UnregisteredPlayerSerializer
 from tournaments.models import Club, Tournament, CustomUser, Event, Round, GroupStage, Match, TeamScore, TeamRegistration, PlayerRegistration, Court, DateInterval, Purchase, FailedApiCall, Log, DeviceToken, DrawLog, UnregisteredTeam, UnregisteredPlayer

 from rest_framework import viewsets, permissions
-from rest_framework.authtoken.models import Token
 from rest_framework.response import Response
 from rest_framework.decorators import api_view
 from rest_framework import status
-from rest_framework.generics import UpdateAPIView
 from rest_framework.exceptions import MethodNotAllowed
-from rest_framework.permissions import IsAuthenticated
-from rest_framework.views import APIView

 from django.http import Http404
-from django.contrib.auth import authenticate
 from django.db.models import Q
-from django.core.exceptions import ObjectDoesNotExist
-from django.utils import timezone
-from django.apps import apps
-from django.views.decorators.csrf import csrf_exempt
-from django.utils.decorators import method_decorator
-
-from collections import defaultdict

 from .permissions import IsClubOwner
-from .utils import is_valid_email, check_version_smaller_than_1_1_12
-
-from sync.models import Device
+from .utils import check_version_smaller_than_1_1_12

 from shared.discord import send_discord_log_message

-@method_decorator(csrf_exempt, name='dispatch')
-class CustomAuthToken(APIView):
-    permission_classes = []
-
-    def post(self, request, *args, **kwargs):
-        username = request.data.get('username')
-        password = request.data.get('password')
-        device_id = request.data.get('device_id')
-
-        user = authenticate(username=username, password=password)
-
-        if user is None and is_valid_email(username) == True:
-            true_username = self.get_username_from_email(username)
-            user = authenticate(username=true_username, password=password)
-
-        if user:
-            # user.device_id = device_id
-            # user.save()
-            # self.create_or_update_device(user, device_id)
-
-            # token, created = Token.objects.get_or_create(user=user)
-            # return Response({'token': token.key})
-
-            if user.device_id is None or user.device_id == device_id or user.username == 'apple-test':
-                user.device_id = device_id
-                user.save()
-
-                self.create_or_update_device(user, device_id)
-
-                token, created = Token.objects.get_or_create(user=user)
-                return Response({'token': token.key})
-            else:
-                return Response({'error': 'Vous ne pouvez pour l\'instant vous connecter sur plusieurs appareils en même temps. Veuillez vous déconnecter du précédent appareil. Autrement, veuillez contacter le support.'}, status=status.HTTP_403_FORBIDDEN)
-
-        else:
-            return Response({'error': 'L\'utilisateur et le mot de passe de correspondent pas'}, status=status.HTTP_401_UNAUTHORIZED)
-
-    def create_or_update_device(self, user, device_id):
-        Device.objects.update_or_create(
-                id=device_id,
-                defaults={
-                    'user': user
-                }
-            )
-
-    def get_username_from_email(self, email):
-        try:
-            user = CustomUser.objects.get(email=email)
-            return user.username
-        except ObjectDoesNotExist:
-            return None
-
-class Logout(APIView):
-    permission_classes = (IsAuthenticated,)
-
-    def post(self, request, *args, **kwargs):
-        # request.user.auth_token.delete()
-
-        device_id = request.data.get('device_id')
-        if request.user.device_id == device_id:
-            request.user.device_id = None
-            request.user.save()
-
-        Device.objects.filter(id=device_id).delete()
-
-        return Response(status=status.HTTP_200_OK)
-
@api_view(['GET'])
 def user_by_token(request):
    serializer = UserSerializer(request.user)
@ -174,20 +92,6 @@ class PurchaseViewSet(SoftDeleteViewSet):
    def delete(self, request, pk):
        raise MethodNotAllowed('DELETE')

-class ChangePasswordView(UpdateAPIView):
-    serializer_class = ChangePasswordSerializer
-
-    def update(self, request, *args, **kwargs):
-        serializer = self.get_serializer(data=request.data)
-        serializer.is_valid(raise_exception=True)
-        user = serializer.save()
-        # if using drf authtoken, create a new token
-        if hasattr(user, 'auth_token'):
-            user.auth_token.delete()
-        token, created = Token.objects.get_or_create(user=user)
-        # return new token
-        return Response({'token': token.key}, status=status.HTTP_200_OK)
-
 class EventViewSet(SoftDeleteViewSet):
    queryset = Event.objects.all()
    serializer_class = EventSerializer
--- a/authentication/init.py
+++ b/authentication/init.py
--- a/authentication/admin.py
+++ b/authentication/admin.py
@ -0,0 +1,15 @@
+from django.contrib import admin
+
+from .models import Device, LoginLog
+
+class DeviceAdmin(admin.ModelAdmin):
+    list_display = ['user', 'device_model', 'last_login', 'id']
+    readonly_fields = ('last_login',)
+    ordering = ['-last_login']
+
+class LoginLogAdmin(admin.ModelAdmin):
+    list_display = ['user', 'device', 'date']
+    ordering = ['-date']
+
+admin.site.register(Device, DeviceAdmin)
+admin.site.register(LoginLog, LoginLogAdmin)
--- a/authentication/apps.py
+++ b/authentication/apps.py
@ -0,0 +1,6 @@
+from django.apps import AppConfig
+
+
+class AuthenticationConfig(AppConfig):
+    default_auto_field = 'django.db.models.BigAutoField'
+    name = 'authentication'
--- a/authentication/migrations/0001_initial.py
+++ b/authentication/migrations/0001_initial.py
@ -0,0 +1,36 @@
+# Generated by Django 5.1 on 2025-03-20 14:49
+
+import django.db.models.deletion
+import uuid
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='Device',
+            fields=[
+                ('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)),
+                ('last_login', models.DateTimeField(auto_now=True)),
+                ('model_name', models.CharField(blank=True, max_length=100, null=True)),
+                ('user', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='devices', to=settings.AUTH_USER_MODEL)),
+            ],
+        ),
+        migrations.CreateModel(
+            name='LoginLog',
+            fields=[
+                ('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)),
+                ('date', models.DateTimeField(auto_now=True)),
+                ('device', models.ForeignKey(null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='login_logs', to='authentication.device')),
+                ('user', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='login_logs', to=settings.AUTH_USER_MODEL)),
+            ],
+        ),
+    ]
--- a/authentication/migrations/0002_rename_model_name_device_device_model.py
+++ b/authentication/migrations/0002_rename_model_name_device_device_model.py
@ -0,0 +1,18 @@
+# Generated by Django 5.1 on 2025-03-20 15:42
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('authentication', '0001_initial'),
+    ]
+
+    operations = [
+        migrations.RenameField(
+            model_name='device',
+            old_name='model_name',
+            new_name='device_model',
+        ),
+    ]
--- a/authentication/migrations/init.py
+++ b/authentication/migrations/init.py
--- a/authentication/models/init.py
+++ b/authentication/models/init.py
@ -0,0 +1,2 @@
+from .device import Device
+from .login_log import LoginLog
--- a/authentication/models/device.py
+++ b/authentication/models/device.py
@ -6,6 +6,7 @@ class Device(models.Model):
    id = models.UUIDField(primary_key=True, default=uuid.uuid4, editable=True)
    user = models.ForeignKey(settings.AUTH_USER_MODEL, on_delete=models.CASCADE, related_name='devices')
    last_login = models.DateTimeField(auto_now=True)
+    device_model = models.CharField(max_length=100, blank=True, null=True)

    def __str__(self):
-        return f"{self.id} > {self.user.username}"
+        return f"{self.user.username} : {self.device_model}"
--- a/authentication/models/login_log.py
+++ b/authentication/models/login_log.py
@ -0,0 +1,13 @@
+from django.db import models
+import uuid
+from django.conf import settings
+from . import Device
+
+class LoginLog(models.Model):
+    id = models.UUIDField(primary_key=True, default=uuid.uuid4, editable=True)
+    user = models.ForeignKey(settings.AUTH_USER_MODEL, on_delete=models.CASCADE, related_name='login_logs')
+    device = models.ForeignKey(Device, on_delete=models.SET_NULL, related_name='login_logs', null=True)
+    date = models.DateTimeField(auto_now=True)
+
+    def __str__(self):
+        return f"{self.id} > {self.user.username}"
--- a/authentication/serializers.py
+++ b/authentication/serializers.py
@ -0,0 +1,29 @@
+from django.contrib.auth import password_validation
+
+from rest_framework import serializers
+
+class ChangePasswordSerializer(serializers.Serializer):
+    old_password = serializers.CharField(max_length=128, write_only=True, required=True)
+    new_password1 = serializers.CharField(max_length=128, write_only=True, required=True)
+    new_password2 = serializers.CharField(max_length=128, write_only=True, required=True)
+
+    def validate_old_password(self, value):
+        user = self.context['request'].user
+        if not user.check_password(value):
+            raise serializers.ValidationError(
+                _('Your old password was entered incorrectly. Please enter it again.')
+            )
+        return value
+
+    def validate(self, data):
+        if data['new_password1'] != data['new_password2']:
+            raise serializers.ValidationError({'new_password2': _("The two password fields didn't match.")})
+        password_validation.validate_password(data['new_password1'], self.context['request'].user)
+        return data
+
+    def save(self, **kwargs):
+        password = self.validated_data['new_password1']
+        user = self.context['request'].user
+        user.set_password(password)
+        user.save()
+        return user
--- a/authentication/tests.py
+++ b/authentication/tests.py
@ -0,0 +1,3 @@
+from django.test import TestCase
+
+# Create your tests here.
--- a/authentication/utils.py
+++ b/authentication/utils.py
@ -0,0 +1,5 @@
+import re
+
+def is_valid_email(email):
+    email_regex = r'^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$'
+    return re.match(email_regex, email) is not None
--- a/authentication/views.py
+++ b/authentication/views.py
@ -0,0 +1,109 @@
+from django.shortcuts import render
+from django.views.decorators.csrf import csrf_exempt
+from django.contrib.auth import authenticate
+from django.utils.decorators import method_decorator
+from django.core.exceptions import ObjectDoesNotExist
+from django.conf import settings
+
+from rest_framework.views import APIView
+from rest_framework.response import Response
+from rest_framework.permissions import IsAuthenticated
+from rest_framework.authtoken.models import Token
+from rest_framework import status
+from rest_framework.generics import UpdateAPIView
+
+from .utils import is_valid_email
+from .models import Device, LoginLog
+
+from .serializers import ChangePasswordSerializer
+
+CustomUser=settings.AUTH_USER_MODEL
+
+@method_decorator(csrf_exempt, name='dispatch')
+class CustomAuthToken(APIView):
+    permission_classes = []
+
+    def post(self, request, *args, **kwargs):
+        username = request.data.get('username')
+        password = request.data.get('password')
+        device_id = request.data.get('device_id')
+
+        user = authenticate(username=username, password=password)
+
+        if user is None and is_valid_email(username) == True:
+            true_username = self.get_username_from_email(username)
+            user = authenticate(username=true_username, password=password)
+
+        if user:
+            # user.device_id = device_id
+            # user.save()
+            # self.create_or_update_device(user, device_id)
+
+            # token, created = Token.objects.get_or_create(user=user)
+            # return Response({'token': token.key})
+
+            if user.device_id is None or user.device_id == device_id or user.username == 'apple-test':
+                user.device_id = device_id
+                user.save()
+
+                device_model = request.data.get('device_model')
+
+                device = self.create_or_update_device(user, device_id, device_model)
+                self.create_login_log(user, device)
+
+                token, created = Token.objects.get_or_create(user=user)
+                return Response({'token': token.key})
+            else:
+                return Response({'error': 'Vous ne pouvez pour l\'instant vous connecter sur plusieurs appareils en même temps. Veuillez vous déconnecter du précédent appareil. Autrement, veuillez contacter le support.'}, status=status.HTTP_403_FORBIDDEN)
+
+        else:
+            return Response({'error': 'L\'utilisateur et le mot de passe de correspondent pas'}, status=status.HTTP_401_UNAUTHORIZED)
+
+    def create_or_update_device(self, user, device_id, device_model):
+        obj, created = Device.objects.update_or_create(
+                id=device_id,
+                device_model=device_model,
+                defaults={
+                    'user': user
+                }
+            )
+        return obj
+
+    def create_login_log(self, user, device):
+        LoginLog.objects.create(user=user, device=device)
+
+    def get_username_from_email(self, email):
+        try:
+            user = CustomUser.objects.get(email=email)
+            return user.username
+        except ObjectDoesNotExist:
+            return None
+
+class Logout(APIView):
+    permission_classes = (IsAuthenticated,)
+
+    def post(self, request, *args, **kwargs):
+        # request.user.auth_token.delete()
+
+        device_id = request.data.get('device_id')
+        if request.user.device_id == device_id:
+            request.user.device_id = None
+            request.user.save()
+
+        Device.objects.filter(id=device_id).delete()
+
+        return Response(status=status.HTTP_200_OK)
+
+class ChangePasswordView(UpdateAPIView):
+    serializer_class = ChangePasswordSerializer
+
+    def update(self, request, *args, **kwargs):
+        serializer = self.get_serializer(data=request.data)
+        serializer.is_valid(raise_exception=True)
+        user = serializer.save()
+        # if using drf authtoken, create a new token
+        if hasattr(user, 'auth_token'):
+            user.auth_token.delete()
+        token, created = Token.objects.get_or_create(user=user)
+        # return new token
+        return Response({'token': token.key}, status=status.HTTP_200_OK)
--- a/padelclub_backend/settings.py
+++ b/padelclub_backend/settings.py
@ -33,6 +33,7 @@ ALLOWED_HOSTS = ['*']

 INSTALLED_APPS = [
    'daphne',
+    'authentication',
    'sync',
    'tournaments',
    # 'crm',
--- a/sync/admin.py
+++ b/sync/admin.py
@ -1,8 +1,8 @@
 from django.contrib import admin
-from .models import BaseModel, ModelLog, DataAccess, Device
-
 from django.utils import timezone

+from .models import BaseModel, ModelLog, DataAccess
+
 class SyncedObjectAdmin(admin.ModelAdmin):
    def save_model(self, request, obj, form, change):
        if isinstance(obj, BaseModel):
@ -25,10 +25,6 @@ class ModelLogAdmin(admin.ModelAdmin):
    ordering = ['-date']
    search_fields = ['model_id']

-class DeviceAdmin(admin.ModelAdmin):
-    list_display = ['user', 'last_login', 'id']
-    readonly_fields = ('last_login',)
-
 class DataAccessAdmin(SyncedObjectAdmin):
    list_display = ['related_user', 'get_shared_users', 'model_name', 'model_id']
    list_filter = ['related_user', 'shared_with']
@ -41,4 +37,3 @@ class DataAccessAdmin(SyncedObjectAdmin):
 # Register your models here.
 admin.site.register(ModelLog, ModelLogAdmin)
 admin.site.register(DataAccess, DataAccessAdmin)
-admin.site.register(Device, DeviceAdmin)
--- a/sync/migrations/0004_delete_device.py
+++ b/sync/migrations/0004_delete_device.py
@ -0,0 +1,16 @@
+# Generated by Django 5.1 on 2025-03-20 14:49
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('sync', '0003_device'),
+    ]
+
+    operations = [
+        migrations.DeleteModel(
+            name='Device',
+        ),
+    ]
--- a/sync/models/init.py
+++ b/sync/models/init.py
@ -1,4 +1,3 @@
 from .base import BaseModel, SideStoreModel
 from .model_log import ModelLog, ModelOperation
 from .data_access import DataAccess
-from .device import Device
--- a/sync/signals.py
+++ b/sync/signals.py
@ -2,7 +2,9 @@ from django.db.models.signals import pre_save, post_save, pre_delete, post_delet
 from django.db import models, transaction
 from django.dispatch import receiver

-from .models import DataAccess, ModelLog, ModelOperation, BaseModel, SideStoreModel, Device
+from .models import DataAccess, ModelLog, ModelOperation, BaseModel, SideStoreModel
+from authentication.models import Device
+
 from django.contrib.auth import get_user_model
 from django.utils import timezone