See #187: API logic for password reset

2018-05-06 11:30:41 +02:00 · 2018-05-06 11:30:41 +02:00 · 22f0b1a2d8
commit 22f0b1a2d8
--- a/api/config/settings/common.py
+++ b/api/config/settings/common.py
@ -391,6 +391,11 @@ REST_FRAMEWORK = {
        'django_filters.rest_framework.DjangoFilterBackend',
    )
 }
+REST_AUTH_SERIALIZERS = {
+    'PASSWORD_RESET_SERIALIZER': 'funkwhale_api.users.serializers.PasswordResetSerializer'  # noqa
+}
+REST_SESSION_LOGIN = False
+REST_USE_JWT = True

 ATOMIC_REQUESTS = False
 USE_X_FORWARDED_HOST = True
--- a/api/funkwhale_api/users/rest_auth_urls.py
+++ b/api/funkwhale_api/users/rest_auth_urls.py
@ -1,16 +1,20 @@
 from django.views.generic import TemplateView
 from django.conf.urls import url

-from rest_auth.registration.views import VerifyEmailView
-from rest_auth.views import PasswordChangeView
+from rest_auth.registration import views as registration_views
+from rest_auth import views as rest_auth_views

-from .views import RegisterView
+from . import views


 urlpatterns = [
-    url(r'^$', RegisterView.as_view(), name='rest_register'),
-    url(r'^verify-email/$', VerifyEmailView.as_view(), name='rest_verify_email'),
-    url(r'^change-password/$', PasswordChangeView.as_view(), name='change_password'),
+    url(r'^$', views.RegisterView.as_view(), name='rest_register'),
+    url(r'^verify-email/$',
+        registration_views.VerifyEmailView.as_view(),
+        name='rest_verify_email'),
+    url(r'^change-password/$',
+        rest_auth_views.PasswordChangeView.as_view(),
+        name='change_password'),

    # This url is used by django-allauth and empty TemplateView is
    # defined just to allow reverse() call inside app, for example when email
--- a/api/funkwhale_api/users/serializers.py
+++ b/api/funkwhale_api/users/serializers.py
@ -1,5 +1,7 @@
-from rest_framework import serializers
+from django.conf import settings

+from rest_framework import serializers
+from rest_auth.serializers import PasswordResetSerializer as PRS
 from funkwhale_api.activity import serializers as activity_serializers

 from . import models
@ -63,3 +65,12 @@ class UserReadSerializer(serializers.ModelSerializer):
                'status': o.has_perm(internal_codename)
            }
        return perms
+
+
+class PasswordResetSerializer(PRS):
+    def get_email_options(self):
+        return {
+            'extra_email_context': {
+                'funkwhale_url': settings.FUNKWHALE_URL
+            }
+        }
--- a/api/tests/users/test_views.py
+++ b/api/tests/users/test_views.py
@ -136,6 +136,20 @@ def test_changing_password_updates_secret_key(logged_in_client):
    assert user.password != password


+def test_can_request_password_reset(
+        factories, api_client, mailoutbox):
+    user = factories['users.User']()
+    payload = {
+        'email': user.email,
+    }
+    emails = len(mailoutbox)
+    url = reverse('rest_password_reset')
+
+    response = api_client.post(url, payload)
+    assert response.status_code == 200
+    assert len(mailoutbox) > emails
+
+
 def test_user_can_patch_his_own_settings(logged_in_api_client):
    user = logged_in_api_client.user
    payload = {