From 2e5dd586574600810dae67501372d254ec917722 Mon Sep 17 00:00:00 2001 From: Tal Leibman Date: Fri, 25 Dec 2020 14:06:35 +0200 Subject: [PATCH] snapshot --- etebase_fastapi/app.py | 6 +++++ etebase_fastapi/authentication.py | 4 +-- etebase_fastapi/test_reset_view.py | 39 ++++++++++++++++++++++++++++++ 3 files changed, 46 insertions(+), 3 deletions(-) create mode 100644 etebase_fastapi/test_reset_view.py diff --git a/etebase_fastapi/app.py b/etebase_fastapi/app.py index acfb42f..449059a 100644 --- a/etebase_fastapi/app.py +++ b/etebase_fastapi/app.py @@ -3,6 +3,8 @@ import os from django.core.wsgi import get_wsgi_application from fastapi.middleware.cors import CORSMiddleware +from django.conf import settings + os.environ.setdefault("DJANGO_SETTINGS_MODULE", "etebase_server.settings") application = get_wsgi_application() from fastapi import FastAPI, Request @@ -17,6 +19,10 @@ VERSION = "v1" BASE_PATH = f"/api/{VERSION}" app.include_router(authentication_router, prefix=f"{BASE_PATH}/authentication") app.include_router(collection_router, prefix=f"{BASE_PATH}/collection") +if settings.DEBUG: + from .test_reset_view import test_reset_view_router + + app.include_router(test_reset_view_router, prefix=f"{BASE_PATH}/test/authentication") app.add_middleware( CORSMiddleware, allow_origin_regex="https?://.*", allow_credentials=True, allow_methods=["*"], allow_headers=["*"] ) diff --git a/etebase_fastapi/authentication.py b/etebase_fastapi/authentication.py index 287b46e..9c770d4 100644 --- a/etebase_fastapi/authentication.py +++ b/etebase_fastapi/authentication.py @@ -217,7 +217,6 @@ def validate_login_request( detail = 'Found wrong host name. Got: "{}" expected: "{}"'.format(validated_data.host, host_from_request) content = {"code": "wrong_host", "detail": detail} return MsgpackResponse(content, status_code=status.HTTP_400_BAD_REQUEST) - verify_key = nacl.signing.VerifyKey(bytes(user.userinfo.loginPubkey), encoder=nacl.encoding.RawEncoder) try: @@ -272,7 +271,6 @@ async def change_password(data: ChangePassword, request: Request, user: User = D return Response(status_code=status.HTTP_204_NO_CONTENT) -@sync_to_async def signup_save(data: SignupIn) -> User: user_data = data.user with transaction.atomic(): @@ -309,7 +307,7 @@ def send_user_signed_up_async(user: User, request): @authentication_router.post("/signup/") async def signup(data: SignupIn): - user = await signup_save(data) + user = await sync_to_async(signup_save)(data) # XXX-TOM data = await login_response_data(user) await send_user_signed_up_async(user, None) diff --git a/etebase_fastapi/test_reset_view.py b/etebase_fastapi/test_reset_view.py new file mode 100644 index 0000000..ee6a1c3 --- /dev/null +++ b/etebase_fastapi/test_reset_view.py @@ -0,0 +1,39 @@ +from django.conf import settings +from django.contrib.auth import get_user_model +from django.db import transaction +from django.shortcuts import get_object_or_404 +from fastapi import APIRouter, Response, status, Depends + +from django_etebase.utils import get_user_queryset +from etebase_fastapi.authentication import get_authenticated_user, SignupIn, signup_save +from etebase_fastapi.msgpack import MsgpackRoute + +test_reset_view_router = APIRouter(route_class=MsgpackRoute) +User = get_user_model() + + +@test_reset_view_router.post("/reset/") +def reset(data: SignupIn): + # Only run when in DEBUG mode! It's only used for tests + if not settings.DEBUG: + return Response("Only allowed in debug mode.", status_code=status.HTTP_400_BAD_REQUEST) + + with transaction.atomic(): + # XXX-TOM + user_queryset = get_user_queryset(User.objects.all(), None) + user = get_object_or_404(user_queryset, username=data.user.username) + # Only allow test users for extra safety + if not getattr(user, User.USERNAME_FIELD).startswith("test_user"): + return Response("Endpoint not allowed for user.", status_code=status.HTTP_400_BAD_REQUEST) + + if hasattr(user, "userinfo"): + user.userinfo.delete() + signup_save(data) + # Delete all of the journal data for this user for a clear test env + user.collection_set.all().delete() + user.collectionmember_set.all().delete() + user.incoming_invitations.all().delete() + + # FIXME: also delete chunk files!!! + + return Response(status_code=status.HTTP_204_NO_CONTENT)