Giter VIP home page Giter VIP logo

fundraisee-api's Introduction

Fundraisee

Build Status Coverage Status Python 3.6 Contributions welcome

Quick Start

First, clone the repository

git clone https://github.com/Kindev/fundraisee-api.git
cd fundraisee-api

Create a virtualenv to isolate our package dependencies locally

python3.6 -m venv env
source env/bin/activate

Install all required dependencies

pip install -r requirements.txt

Create database, superuser and run the server, check http://localhost:8000 for swagger

python manage.py migrate
python manage.py createsuperuser
python manage.py runserver

Contributing

Read our contributing guide to learn about our development process, how to propose bugfixes and improvements, and how to submit a pull request.

fundraisee-api's People

Contributors

endiliey avatar fiennyangeln avatar michjk avatar

Stargazers

avatar avatar

Watchers

avatar avatar avatar avatar

Forkers

fiennyangeln endiliey jjasont michjk dafaulkens nicksadjoli

fundraisee-api's Issues

Allow user to login with email & password

Motivation

The current rest api use username and password as authentication system. When user post their username and password, they will receive a bearer Token. This Token will be used as an authentication identifier when using other provided API

Related:

fundraisee-api/accounts/serializers.py

Lines 176 to 200 in ca93370

class UserTokenSerializer(serializers.Serializer):
username = serializers.CharField(label=_("Username"))
password = serializers.CharField(
label=_("Password"),
style={'input_type': 'password'},
trim_whitespace=False
)
def validate(self, attrs):
username = attrs.get('username')
password = attrs.get('password')
if username and password:
user = authenticate(request=self.context.get('request'),
username=username, password=password)
# The authenticate call simply returns None for is_active=False
# users. (Assuming the default ModelBackend authentication
# backend.)
if not user:
msg = _('Unable to log in with provided credentials.')
raise serializers.ValidationError(msg, code='authorization')
else:
msg = _('Must include "username" and "password".')
raise serializers.ValidationError(msg, code='authorization')

We should allow user to login with email and password as well.
One of the solution is quite simple, if user sent in an email & password as identifier, we search for the username related to that email & authenticate with that username & password.

Note that we don't have to worry about the email being related to more than one account because it is ensured unique when registering.

Related:

fundraisee-api/accounts/serializers.py

Lines 114 to 142 in ca93370

class UserCreateSerializer(serializers.ModelSerializer):
username = serializers.SlugField(
min_length=4,
max_length=32,
help_text=_(
'Required. 4-32 characters. Letters, numbers, underscores or hyphens only.'
),
validators=[UniqueValidator(
queryset=User.objects.all(),
message='has already been taken by other user'
)],
required=True
)
password = serializers.CharField(
min_length=4,
max_length=32,
write_only=True,
help_text=_(
'Required. 4-32 characters.'
),
required=True
)
email = serializers.EmailField(
required=True,
validators=[UniqueValidator(
queryset=User.objects.all(),
message='has already been taken by other user'
)]
)

Implement password reset api

Motivation

The current accounts api is still very simple. We should implement a way for user to reset their password.

Example in production:

  1. Send an email to user's email with some cryptic link
  2. If they click the link, they will be redirected to an URL where they can reset their password

Authorized user cannot access endpoints

What is this issue about

Authorized user cannot access endpoints /api/user/ and /api/user/logout.

Steps to Reproduce

(Write your steps here:)

  1. Run the server
python manage.py runserver
  1. Login with your user account.
curl -H "Content-Type: application/json" --request POST --data '{"username": "username", "password": "password"}' http://localhost:8000/api/user/login/
  1. Use authorization token to access endpoint /api/user/ or /api/user/logout/
curl -H "Authorization: Token token_string" --request GET http://localhost:8000/api/user/logout/

Expected Behavior

Should get HTTP 200 response

Actual Behavior

Get JSON

{"detail":"Authentication credentials were not provided."}

Possible solution

Add this code in fundraisee-api/fundraisee/setting.py

REST_FRAMEWORK = {
   'DEFAULT_AUTHENTICATION_CLASSES': (
       'rest_framework.authentication.TokenAuthentication',
   ),
   'DEFAULT_PERMISSION_CLASSES': (
        'rest_framework.permissions.IsAdminUser'
   ),
}

Add more tests for accounts

Motivation

The current test cases for accounts / user profile coverage is only 76%. I think we can do better by adding more test.

Example:

fundraisee-api/accounts/tests.py

Lines 7 to 27 in ca93370

class AccountsTestCase(APITestCase):
def setUp(self):
# We want to go ahead and originally create a user.
self.test_user = User.objects.create_user('test', '[email protected]', 'anythingcanlah')
# URL for creating an account.
self.create_url = reverse('user-register')
def test_create_user(self):
data = {
'username': 'endiliey',
'email': '[email protected]',
'password': 'somepassword'
}
response = self.client.post(self.create_url , data, format='json')
self.assertEqual(User.objects.count(), 2)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
self.assertEqual(response.data['username'], data['username'])
self.assertEqual(response.data['email'], data['email'])
self.assertFalse('password' in response.data)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.