[Auth Token] Implement user authentication (#109)

edu-python-course · Feb 13, 2024 · d8b8cc5 · d8b8cc5
2 parents daddd4a + 5e22648
commit d8b8cc5
Show file tree

Hide file tree

Showing 10 changed files with 136 additions and 13 deletions.
diff --git a/tasks/routes.py b/tasks/routes.py
@@ -3,15 +3,23 @@
 
 """
 
-from django.urls import include, path
-from rest_framework.routers import DefaultRouter
+from django.urls import path
 
 from tasks.resources import TaskModelViewSet
 
-router = DefaultRouter()
-router.register(r"tasks", TaskModelViewSet, basename="tasks")
+tasks_list = TaskModelViewSet.as_view({
+    "get": "list",
+    "post": "create",
+})
+tasks_detail = TaskModelViewSet.as_view({
+    "get": "retrieve",
+    "put": "update",
+    "patch": "partial_update",
+    "delete": "destroy",
+})
 
 app_name = "tasks"
 urlpatterns = [
-    path("", include(router.urls)),
+    path("tasks/", tasks_list, name="list"),
+    path("tasks/<uuid:pk>/", tasks_detail, name="detail"),
 ]
diff --git a/tasks/templates/tasks/_actions.html b/tasks/templates/tasks/_actions.html
@@ -1,12 +1,12 @@
 {% if object.completed %}
   <button class="btn btn-outline-warning mx-3 {{ update_permission }}"
-          hx-patch="{% url "api:tasks-detail" object.pk %}" hx-swap="none"
+          hx-patch="{% url "api:tasks:detail" object.pk %}" hx-swap="none"
           hx-vals="js:{completed:false}" hx-headers="js:{'X-CSRFToken': getCookieValue('csrftoken')}">
     Reopen
   </button>
 {% else %}
   <button class="btn btn-outline-success mx-3 {{ update_permission }}"
-          hx-patch="{% url "api:tasks-detail" object.pk %}" hx-swap="none"
+          hx-patch="{% url "api:tasks:detail" object.pk %}" hx-swap="none"
           hx-vals="js:{completed:true}" hx-headers="js:{'X-CSRFToken': getCookieValue('csrftoken')}">
     Complete
   </button>

diff --git a/tasks/templates/tasks/_task_tr.html b/tasks/templates/tasks/_task_tr.html
@@ -25,15 +25,15 @@
     <div class="d-flex flex-row justify-content-between align-items-center">
       {% if object.completed %}
         <i class="bi bi-arrow-repeat {{ update_permission }}" role="button"
-           hx-patch="{% url "api:tasks-detail" object.pk %}" hx-swap="none"
+           hx-patch="{% url "api:tasks:detail" object.pk %}" hx-swap="none"
            hx-vals="js:{completed:false}" hx-headers="js:{'X-CSRFToken': getCookieValue('csrftoken')}"></i>
       {% else %}
         <i class="bi bi-check-lg {{ update_permission }}" role="button"
-           hx-patch="{% url "api:tasks-detail" object.pk %}" hx-swap="none"
+           hx-patch="{% url "api:tasks:detail" object.pk %}" hx-swap="none"
            hx-vals="js:{completed:true}" hx-headers="js:{'X-CSRFToken': getCookieValue('csrftoken')}"></i>
       {% endif %}
       <i class="bi bi-trash {{ delete_permission }}" role="button"
-         hx-delete="{% url "api:tasks-detail" object.pk %}" hx-target="closest tr" hx-swap="outerHTML"
+         hx-delete="{% url "api:tasks:detail" object.pk %}" hx-target="closest tr" hx-swap="outerHTML"
          hx-headers="js:{'X-CSRFToken': getCookieValue('csrftoken')}"></i>
     </div>
   </td>

diff --git a/tasks/tests/unit/test_viewsets.py b/tasks/tests/unit/test_viewsets.py
@@ -15,8 +15,8 @@ class TestTaskModelViewSet(test.APITestCase):
 
     @classmethod
     def setUpTestData(cls) -> None:
-        cls.url_list = reverse("api:tasks-list")
-        cls.url_detail = reverse("api:tasks-detail", args=(PK_EXISTS,))
+        cls.url_list = reverse("api:tasks:list")
+        cls.url_detail = reverse("api:tasks:detail", args=(PK_EXISTS,))
         cls.data = {
             "summary": "Test task model view set",
             "reporter": 2,

diff --git a/tasktracker/settings.py b/tasktracker/settings.py
@@ -46,6 +46,7 @@
     "crispy_forms",
     "crispy_bootstrap5",
     "rest_framework",
+    "rest_framework.authtoken",
 
     "tasks.apps.TasksAppConfig",
     "users.apps.UsersAppConfig",
@@ -157,3 +158,11 @@
 CRISPY_ALLOWED_TEMPLATE_PACKS = "bootstrap5"
 
 CRISPY_TEMPLATE_PACK = "bootstrap5"
+
+# Django REST framework settings
+
+REST_FRAMEWORK = {
+    "DEFAULT_AUTHENTICATION_CLASSES": (
+        "rest_framework.authentication.TokenAuthentication",
+    ),
+}
diff --git a/tasktracker/urls.py b/tasktracker/urls.py
@@ -26,9 +26,15 @@
 from django.contrib import admin
 from django.urls import include, path
 
+api_urlpatterns = [
+    path("", include("users.routes", namespace="users")),
+    path("", include("tasks.routes", namespace="tasks")),
+]
+api_routes = (api_urlpatterns, "api")
+
 urlpatterns = [
     path("admin/", admin.site.urls),
-    path("api/", include("tasks.routes", namespace="api")),
+    path("api/", include(api_routes, namespace="api")),
     path("", include("users.urls", namespace="users")),
     path("", include("tasks.urls", namespace="tasks")),
 ]

diff --git a/users/resources.py b/users/resources.py
@@ -0,0 +1,22 @@
+"""
+Users application API resources
+
+"""
+
+from rest_framework.authtoken.models import Token
+from rest_framework.authtoken.views import ObtainAuthToken
+from rest_framework.response import Response
+
+
+class AuthTokenAPIView(ObtainAuthToken):
+    def post(self, request, *args, **kwargs):
+        ctx = {"request": request}
+        serializer = self.serializer_class(data=request.data, context=ctx)
+        serializer.is_valid(raise_exception=True)
+        user = serializer.validated_data["user"]
+        token, _ = Token.objects.get_or_create(user=user)
+
+        return Response({
+            "user_pk": user.pk,
+            "token": token.key,
+        })
diff --git a/users/routes.py b/users/routes.py
@@ -0,0 +1,13 @@
+"""
+Users application API routes
+
+"""
+
+from django.urls import path
+
+from users.resources import AuthTokenAPIView
+
+app_name = "users"
+urlpatterns = [
+    path("auth-token/", AuthTokenAPIView.as_view(), name="auth-token"),
+]
diff --git a/users/tests/integration/test_auth_api.py b/users/tests/integration/test_auth_api.py
@@ -0,0 +1,35 @@
+from http import HTTPStatus
+
+from rest_framework import test
+from rest_framework.reverse import reverse
+
+
+class TestAuthTokenAPIView(test.APITestCase):
+    fixtures = ["users"]
+
+    @classmethod
+    def setUpTestData(cls) -> None:
+        cls.url_path = reverse("api:users:auth-token")
+        cls.credentials = {
+            "username": "prombery87",
+            "password": "ieZeiSh5k",
+        }
+
+    def setUp(self) -> None:
+        self.client = test.APIClient()
+
+    def test_valid_credentials(self):
+        response = self.client.post(self.url_path, self.credentials)
+        self.assertIn(b"user_pk", response.content)
+        self.assertIn(b"token", response.content)
+
+    def test_invalid_credentials(self):
+        credentials = self.credentials.copy()
+        credentials["username"] = "invalid"
+        response = self.client.post(self.url_path, credentials)
+        self.assertEqual(response.status_code, HTTPStatus.BAD_REQUEST)
+
+        credentials = self.credentials.copy()
+        credentials["password"] = "invalid"
+        response = self.client.post(self.url_path, credentials)
+        self.assertEqual(response.status_code, HTTPStatus.BAD_REQUEST)
diff --git a/users/tests/unit/test_auth_api.py b/users/tests/unit/test_auth_api.py
@@ -0,0 +1,30 @@
+from django.contrib.auth import get_user_model
+from rest_framework import test
+from rest_framework.authtoken.models import Token
+from rest_framework.reverse import reverse
+
+from users.resources import AuthTokenAPIView
+
+UserModel = get_user_model()
+
+
+class TestAuthTokenAPIView(test.APITestCase):
+    fixtures = ["users"]
+
+    @classmethod
+    def setUpTestData(cls) -> None:
+        cls.url_path = reverse("api:users:auth-token")
+        cls.credentials = {
+            "username": "prombery87",
+            "password": "ieZeiSh5k",
+        }
+        cls.user = UserModel.objects.get(pk=2)
+
+    def setUp(self) -> None:
+        self.factory = test.APIRequestFactory()
+        self.view = AuthTokenAPIView.as_view()
+
+    def test_auth_token_created(self):
+        request = self.factory.post(self.url_path, self.credentials)
+        self.view(request)
+        self.assertTrue(Token.objects.filter(user=self.user).exists())