See #187: API logic for password reset

22f0b1a2 · Eliot Berriot · 929b5018 · 22f0b1a2 · 22f0b1a2 · 22f0b1a2
Verified Commit 22f0b1a2 authored 6 years ago by Eliot Berriot
--- a/api/config/settings/common.py
+++ b/api/config/settings/common.py
@@ -391,6 +391,11 @@ REST_FRAMEWORK = {
        'django_filters.rest_framework.DjangoFilterBackend',
    )
 }
+REST_AUTH_SERIALIZERS = {
+    'PASSWORD_RESET_SERIALIZER': 'funkwhale_api.users.serializers.PasswordResetSerializer'  # noqa
+}
+REST_SESSION_LOGIN = False
+REST_USE_JWT = True
 ATOMIC_REQUESTS = False
 USE_X_FORWARDED_HOST = True

--- a/api/funkwhale_api/users/rest_auth_urls.py
+++ b/api/funkwhale_api/users/rest_auth_urls.py
 from django.views.generic import TemplateView
 from django.conf.urls import url
-from rest_auth.registration.views import VerifyEmailView
+from rest_auth.registration import views as registration_views
-from rest_auth.views import PasswordChangeView
+from rest_auth import views as rest_auth_views
-from .views import RegisterView
+from . import views
 urlpatterns = [
-    url(r'^$', RegisterView.as_view(), name='rest_register'),
+    url(r'^$', views.RegisterView.as_view(), name='rest_register'),
-    url(r'^verify-email/$', VerifyEmailView.as_view(), name='rest_verify_email'),
+    url(r'^verify-email/$',
-    url(r'^change-password/$', PasswordChangeView.as_view(), name='change_password'),
+        registration_views.VerifyEmailView.as_view(),
+        name='rest_verify_email'),
+    url(r'^change-password/$',
+        rest_auth_views.PasswordChangeView.as_view(),
+        name='change_password'),
    # This url is used by django-allauth and empty TemplateView is
    # defined just to allow reverse() call inside app, for example when email

--- a/api/funkwhale_api/users/serializers.py
+++ b/api/funkwhale_api/users/serializers.py
-from rest_framework import serializers
+from django.conf import settings
+from rest_framework import serializers
+from rest_auth.serializers import PasswordResetSerializer as PRS
 from funkwhale_api.activity import serializers as activity_serializers
 from . import models
@@ -63,3 +65,12 @@ class UserReadSerializer(serializers.ModelSerializer):
                'status': o.has_perm(internal_codename)
            }
        return perms
+class PasswordResetSerializer(PRS):
+    def get_email_options(self):
+        return {
+            'extra_email_context': {
+                'funkwhale_url': settings.FUNKWHALE_URL
+            }
+        }
--- a/api/tests/users/test_views.py
+++ b/api/tests/users/test_views.py
@@ -136,6 +136,20 @@ def test_changing_password_updates_secret_key(logged_in_client):
    assert user.password != password
+def test_can_request_password_reset(
+        factories, api_client, mailoutbox):
+    user = factories['users.User']()
+    payload = {
+        'email': user.email,
+    }
+    emails = len(mailoutbox)
+    url = reverse('rest_password_reset')
+    response = api_client.post(url, payload)
+    assert response.status_code == 200
+    assert len(mailoutbox) > emails
 def test_user_can_patch_his_own_settings(logged_in_api_client):
    user = logged_in_api_client.user
    payload = {