Merge pull request #72 from PythonBulawayo/auth

Added authentication endpoints

Author: terrameijar

backend/Dockerfile

@@ -2,6 +2,12 @@ FROM python:3.10-slim
 
 WORKDIR /app
 COPY requirements.txt /app
+# Installing gcc and libc6-dev because docker removes them after building Python,
+# so it's impossible to build C extensions afterwards, wcwidth==0.2.6 and cwcwidth==0.1.8 in this case
+RUN apt-get update && apt-get install -y \
+    gcc \
+    libc6-dev \
+    && rm -rf /var/lib/apt/lists/*
 RUN pip install -r requirements.txt
 COPY . /app
 

backend/accounts/admin.py

@@ -1,6 +1,7 @@
 """
 Module for managing admin functionality related to accounts.
 """
+
 from django.contrib import admin
 from django.contrib.auth.admin import UserAdmin
 from django.contrib.auth.models import Group

backend/api/urls.py

@@ -25,4 +25,5 @@
     path("api/posts/<int:pk>/", views.PostDetail.as_view(), name="post-detail"),
     path("api/posts/delete/<int:pk>/", views.PostDelete.as_view(), name="post-delete"),
     path("api/signup", views.SignUpView.as_view(), name="signup-view"),
+    path("api/auth/", include("authentication.urls")),
 ]

backend/authentication/__init__.py

@@ -0,0 +1,6 @@
+from django.apps import AppConfig
+
+
+class AuthenticationConfig(AppConfig):
+    default_auto_field = "django.db.models.BigAutoField"
+    name = "authentication"

backend/authentication/apps.py

@@ -0,0 +1,36 @@
+from rest_framework_simplejwt.authentication import JWTAuthentication
+from django.conf import settings
+
+from rest_framework.authentication import CSRFCheck
+from rest_framework import exceptions
+
+
+def enforce_csrf(request):
+    """
+    Enforce CSRF validation.
+    """
+
+    def dummy_get_response(request):
+        return None
+
+    check = CSRFCheck(dummy_get_response)
+    check.process_request(request)
+    reason = check.process_view(request, None, (), {})
+    if reason:
+        raise exceptions.PermissionDenied("CSRF Failed: %s" % reason)
+
+
+class CustomAuthentication(JWTAuthentication):
+
+    def authenticate(self, request):
+        header = self.get_header(request)
+
+        if header is None:
+            raw_token = request.COOKIES.get(settings.SIMPLE_JWT["AUTH_COOKIE"]) or None
+        else:
+            raw_token = self.get_raw_token(header)
+        if raw_token is None:
+            return None
+
+        validated_token = self.get_validated_token(raw_token)
+        return self.get_user(validated_token), validated_token

backend/authentication/authenticate.py

@@ -0,0 +1,9 @@
+from rest_framework import serializers
+
+from accounts.models import CustomUser
+
+
+class AuthUserSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = CustomUser
+        fields = ["username", "password"]

backend/authentication/migrations/__init__.py

@@ -0,0 +1,55 @@
+from django.test import TestCase
+from rest_framework import status
+from rest_framework.test import APIClient
+from accounts.models import CustomUser
+from django.conf import settings
+
+
+class LoginViewTestCase(TestCase):
+    def setUp(self):
+        LOGIN_URL = "api/v2/auth/login/"
+        self.client = APIClient()
+        self.active_user = CustomUser.objects.create_user(
+            username="activeuser", password="password123"
+        )
+        self.active_user.is_active = True
+        self.active_user.save()
+
+        self.inactive_user = CustomUser.objects.create_user(
+            username="inactiveuser", password="password123"
+        )
+        self.inactive_user.is_active = False
+        self.inactive_user.save()
+
+        self.url = LOGIN_URL
+
+    def test_login_successful(self):
+        response = self.client.post(
+            self.url, {"username": "activeuser", "password": "password123"}
+        )
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertIn("access", response.data)
+        self.assertIn(settings.SIMPLE_JWT["AUTH_COOKIE"], response.cookies)
+
+    def test_login_inactive_user(self):
+        response = self.client.post(
+            self.url, {"username": "inactiveuser", "password": "password123"}
+        )
+        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
+        self.assertEqual(response.data, {"details": "This account is not active."})
+
+    def test_login_invalid_credentials(self):
+        response = self.client.post(
+            self.url, {"username": "wronguser", "password": "wrongpassword"}
+        )
+        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
+        self.assertEqual(
+            response.data, {"details": "Account with given credentials not found."}
+        )
+
+    def test_login_missing_fields(self):
+        response = self.client.post(self.url, {"username": "activeuser"})
+        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
+        self.assertEqual(
+            response.data, {"details": "Account with given credentials not found."}
+        )

backend/authentication/serializers.py

@@ -0,0 +1,7 @@
+from django.urls import path
+from . import views
+
+urlpatterns = [
+    path("login/", views.LoginView.as_view(), name="login"),
+    path("logout/", views.LogoutView.as_view(), name="logout"),
+]