chore(api): Update dj-rest-auth to 5.0.2 and django-allauth to 0.55.2

Part-of: <https://dev.funkwhale.audio/funkwhale/funkwhale/-/merge_requests/2670>

api/config/settings/common.py

@@ -1193,7 +1193,7 @@ if BROWSABLE_API_ENABLED:
         "rest_framework.renderers.BrowsableAPIRenderer",
     )
 
-REST_AUTH_SERIALIZERS = {
+REST_AUTH = {
     "PASSWORD_RESET_SERIALIZER": "funkwhale_api.users.serializers.PasswordResetSerializer",  # noqa
     "PASSWORD_RESET_CONFIRM_SERIALIZER": "funkwhale_api.users.serializers.PasswordResetConfirmSerializer",  # noqa
 }

api/funkwhale_api/common/authentication.py

@@ -1,4 +1,4 @@
-from allauth.account.utils import send_email_confirmation
+from allauth.account.models import EmailAddress
 from django.core.cache import cache
 from django.utils.translation import ugettext as _
 from oauth2_provider.contrib.rest_framework.authentication import (
@@ -20,9 +20,13 @@ def resend_confirmation_email(request, user):
     if cache.get(cache_key):
         return False
 
-    done = send_email_confirmation(request, user)
+    # We do the sending of the conformation by hand because we don't want to pass the request down
+    # to the email rendering, which would cause another UnverifiedEmail Exception and restarts the sending
+    # again and again
+    email = EmailAddress.objects.get_for_user(user, user.email)
+    email.send_confirmation()
     cache.set(cache_key, True, THROTTLE_DELAY)
-    return done
+    return True
 
 
 class OAuth2Authentication(BaseOAuth2Authentication):

api/funkwhale_api/users/serializers.py

@@ -340,4 +340,8 @@ class UserChangeEmailSerializer(serializers.Serializer):
             email=request.user.email,
             defaults={"verified": False, "primary": True},
         )
-        current.change(request, self.validated_data["email"], confirm=True)
+        if request.user.email != self.validated_data["email"]:
+            current.email = self.validated_data["email"]
+            current.verified = False
+            current.save()
+            current.send_confirmation()

api/funkwhale_api/users/views.py

@@ -1,6 +1,7 @@
 import json
 
 from allauth.account.adapter import get_adapter
+from allauth.account.utils import send_email_confirmation
 from dj_rest_auth import views as rest_auth_views
 from dj_rest_auth.registration import views as registration_views
 from django import http
@@ -11,7 +12,7 @@ from rest_framework import mixins, viewsets
 from rest_framework.decorators import action
 from rest_framework.response import Response
 
-from funkwhale_api.common import authentication, preferences, throttling
+from funkwhale_api.common import preferences, throttling
 
 from . import models, serializers, tasks
 
@@ -37,7 +38,7 @@ class RegisterView(registration_views.RegisterView):
         user = super().perform_create(serializer)
         if not user.is_active:
             # manual approval, we need to send the confirmation e-mail by hand
-            authentication.send_email_confirmation(self.request, user)
+            send_email_confirmation(self.request, user)
         if user.invitation:
             user.invitation.set_invited_user(user)
 

api/pyproject.toml

@@ -28,9 +28,9 @@ funkwhale-manage = 'funkwhale_api.main:main'
 python = "^3.8,<3.13"
 
 # Django
-dj-rest-auth = { extras = ["with_social"], version = "2.2.8" }
+dj-rest-auth = "5.0.2"
 django = "==3.2.23"
-django-allauth = "==0.42.0"
+django-allauth = "0.55.2"
 django-cache-memoize = "0.1.10"
 django-cacheops = "==6.1"
 django-cleanup = "==6.0.0"

api/tests/users/test_views.py

@@ -8,7 +8,27 @@ from funkwhale_api.moderation import tasks as moderation_tasks
 from funkwhale_api.users.models import User
 
 
-def test_can_create_user_via_api(preferences, api_client, db):
+def test_can_create_user_via_api(settings, preferences, api_client, db):
+    url = reverse("rest_register")
+    data = {
+        "username": "test1",
+        "email": "test1@test.com",
+        "password1": "thisismypassword",
+        "password2": "thisismypassword",
+    }
+    preferences["users__registration_enabled"] = True
+    settings.ACCOUNT_EMAIL_VERIFICATION = "mandatory"
+    response = api_client.post(url, data)
+    assert response.status_code == 201
+    assert response.data["detail"] == "Verification e-mail sent."
+
+    u = User.objects.get(email="test1@test.com")
+    assert u.username == "test1"
+
+
+def test_can_create_user_via_api_mail_verification_mandatory(
+    settings, preferences, api_client, db
+):
     url = reverse("rest_register")
     data = {
         "username": "test1",
@@ -18,7 +38,7 @@ def test_can_create_user_via_api(preferences, api_client, db):
     }
     preferences["users__registration_enabled"] = True
     response = api_client.post(url, data)
-    assert response.status_code == 201
+    assert response.status_code == 204
 
     u = User.objects.get(email="test1@test.com")
     assert u.username == "test1"
@@ -82,7 +102,7 @@ def test_can_signup_with_invitation(preferences, factories, api_client):
     }
     preferences["users__registration_enabled"] = False
     response = api_client.post(url, data)
-    assert response.status_code == 201
+    assert response.status_code == 204
     u = User.objects.get(email="test1@test.com")
     assert u.username == "test1"
     assert u.invitation == invitation
@@ -302,7 +322,7 @@ def test_creating_user_creates_actor_as_well(
     mocker.patch("funkwhale_api.users.models.create_actor", return_value=actor)
     response = api_client.post(url, data)
 
-    assert response.status_code == 201
+    assert response.status_code == 204
 
     user = User.objects.get(username="test1")
 
@@ -323,7 +343,7 @@ def test_creating_user_sends_confirmation_email(
     preferences["instance__name"] = "Hello world"
     response = api_client.post(url, data)
 
-    assert response.status_code == 201
+    assert response.status_code == 204
 
     confirmation_message = mailoutbox[-1]
     assert "Hello world" in confirmation_message.body
@@ -405,7 +425,7 @@ def test_signup_with_approval_enabled(
     }
     on_commit = mocker.patch("funkwhale_api.common.utils.on_commit")
     response = api_client.post(url, data, format="json")
-    assert response.status_code == 201
+    assert response.status_code == 204
     u = User.objects.get(email="test1@test.com")
     assert u.username == "test1"
     assert u.is_active is False

changes/changelog.d/allauth.enhancement

@@ -0,0 +1 @@
+Update dj-rest-auth to 5.0.2 and django-allauth to 0.55.2