chore(api): Update dj-rest-auth to 5.0.2 and django-allauth to 0.55.2

Part-of: <https://dev.funkwhale.audio/funkwhale/funkwhale/-/merge_requests/2670>
2023-12-06 09:27:43 +00:00 · 2023-12-06 09:27:43 +00:00 · 06d135875b
parent de41545ab3
commit 06d135875b
8 changed files with 553 additions and 478 deletions
--- a/api/config/settings/common.py
+++ b/api/config/settings/common.py
@ -1193,7 +1193,7 @@ if BROWSABLE_API_ENABLED:
        "rest_framework.renderers.BrowsableAPIRenderer",
    )

-REST_AUTH_SERIALIZERS = {
+REST_AUTH = {
    "PASSWORD_RESET_SERIALIZER": "funkwhale_api.users.serializers.PasswordResetSerializer",  # noqa
    "PASSWORD_RESET_CONFIRM_SERIALIZER": "funkwhale_api.users.serializers.PasswordResetConfirmSerializer",  # noqa
 }
--- a/api/funkwhale_api/common/authentication.py
+++ b/api/funkwhale_api/common/authentication.py
@ -1,4 +1,4 @@
-from allauth.account.utils import send_email_confirmation
+from allauth.account.models import EmailAddress
 from django.core.cache import cache
 from django.utils.translation import ugettext as _
 from oauth2_provider.contrib.rest_framework.authentication import (
@ -20,9 +20,13 @@ def resend_confirmation_email(request, user):
    if cache.get(cache_key):
        return False

-    done = send_email_confirmation(request, user)
+    # We do the sending of the conformation by hand because we don't want to pass the request down
+    # to the email rendering, which would cause another UnverifiedEmail Exception and restarts the sending
+    # again and again
+    email = EmailAddress.objects.get_for_user(user, user.email)
+    email.send_confirmation()
    cache.set(cache_key, True, THROTTLE_DELAY)
-    return done
+    return True


 class OAuth2Authentication(BaseOAuth2Authentication):
--- a/api/funkwhale_api/users/serializers.py
+++ b/api/funkwhale_api/users/serializers.py
@ -340,4 +340,8 @@ class UserChangeEmailSerializer(serializers.Serializer):
            email=request.user.email,
            defaults={"verified": False, "primary": True},
        )
-        current.change(request, self.validated_data["email"], confirm=True)
+        if request.user.email != self.validated_data["email"]:
+            current.email = self.validated_data["email"]
+            current.verified = False
+            current.save()
+            current.send_confirmation()
--- a/api/funkwhale_api/users/views.py
+++ b/api/funkwhale_api/users/views.py
@ -1,6 +1,7 @@
 import json

 from allauth.account.adapter import get_adapter
+from allauth.account.utils import send_email_confirmation
 from dj_rest_auth import views as rest_auth_views
 from dj_rest_auth.registration import views as registration_views
 from django import http
@ -11,7 +12,7 @@ from rest_framework import mixins, viewsets
 from rest_framework.decorators import action
 from rest_framework.response import Response

-from funkwhale_api.common import authentication, preferences, throttling
+from funkwhale_api.common import preferences, throttling

 from . import models, serializers, tasks

@ -37,7 +38,7 @@ class RegisterView(registration_views.RegisterView):
        user = super().perform_create(serializer)
        if not user.is_active:
            # manual approval, we need to send the confirmation e-mail by hand
-            authentication.send_email_confirmation(self.request, user)
+            send_email_confirmation(self.request, user)
        if user.invitation:
            user.invitation.set_invited_user(user)

--- a/api/poetry.lock
+++ b/api/poetry.lock
--- a/api/pyproject.toml
+++ b/api/pyproject.toml
@ -28,9 +28,9 @@ funkwhale-manage = 'funkwhale_api.main:main'
 python = "^3.8,<3.13"

 # Django
-dj-rest-auth = { extras = ["with_social"], version = "2.2.8" }
+dj-rest-auth = "5.0.2"
 django = "==3.2.23"
-django-allauth = "==0.42.0"
+django-allauth = "0.55.2"
 django-cache-memoize = "0.1.10"
 django-cacheops = "==6.1"
 django-cleanup = "==6.0.0"
--- a/api/tests/users/test_views.py
+++ b/api/tests/users/test_views.py
@ -8,7 +8,27 @@ from funkwhale_api.moderation import tasks as moderation_tasks
 from funkwhale_api.users.models import User


-def test_can_create_user_via_api(preferences, api_client, db):
+def test_can_create_user_via_api(settings, preferences, api_client, db):
+    url = reverse("rest_register")
+    data = {
+        "username": "test1",
+        "email": "test1@test.com",
+        "password1": "thisismypassword",
+        "password2": "thisismypassword",
+    }
+    preferences["users__registration_enabled"] = True
+    settings.ACCOUNT_EMAIL_VERIFICATION = "mandatory"
+    response = api_client.post(url, data)
+    assert response.status_code == 201
+    assert response.data["detail"] == "Verification e-mail sent."
+
+    u = User.objects.get(email="test1@test.com")
+    assert u.username == "test1"
+
+
+def test_can_create_user_via_api_mail_verification_mandatory(
+    settings, preferences, api_client, db
+):
    url = reverse("rest_register")
    data = {
        "username": "test1",
@ -18,7 +38,7 @@ def test_can_create_user_via_api(preferences, api_client, db):
    }
    preferences["users__registration_enabled"] = True
    response = api_client.post(url, data)
-    assert response.status_code == 201
+    assert response.status_code == 204

    u = User.objects.get(email="test1@test.com")
    assert u.username == "test1"
@ -82,7 +102,7 @@ def test_can_signup_with_invitation(preferences, factories, api_client):
    }
    preferences["users__registration_enabled"] = False
    response = api_client.post(url, data)
-    assert response.status_code == 201
+    assert response.status_code == 204
    u = User.objects.get(email="test1@test.com")
    assert u.username == "test1"
    assert u.invitation == invitation
@ -302,7 +322,7 @@ def test_creating_user_creates_actor_as_well(
    mocker.patch("funkwhale_api.users.models.create_actor", return_value=actor)
    response = api_client.post(url, data)

-    assert response.status_code == 201
+    assert response.status_code == 204

    user = User.objects.get(username="test1")

@ -323,7 +343,7 @@ def test_creating_user_sends_confirmation_email(
    preferences["instance__name"] = "Hello world"
    response = api_client.post(url, data)

-    assert response.status_code == 201
+    assert response.status_code == 204

    confirmation_message = mailoutbox[-1]
    assert "Hello world" in confirmation_message.body
@ -405,7 +425,7 @@ def test_signup_with_approval_enabled(
    }
    on_commit = mocker.patch("funkwhale_api.common.utils.on_commit")
    response = api_client.post(url, data, format="json")
-    assert response.status_code == 201
+    assert response.status_code == 204
    u = User.objects.get(email="test1@test.com")
    assert u.username == "test1"
    assert u.is_active is False
--- a/changes/changelog.d/allauth.enhancement
+++ b/changes/changelog.d/allauth.enhancement
@ -0,0 +1 @@
+Update dj-rest-auth to 5.0.2 and django-allauth to 0.55.2
				`@ -0,0 +1 @@`
				`Update dj-rest-auth to 5.0.2 and django-allauth to 0.55.2`