Refactor user account system and remove moderation integration

- Remove first_name and last_name fields from User model - Add user deletion and social provider services - Restructure auth serializers into separate directory - Update avatar upload functionality and API endpoints - Remove django-moderation integration documentation - Add mandatory compliance enforcement rules - Update frontend documentation with API usage examples
2025-12-20 07:51:09 -05:00 · 2025-08-30 07:31:58 -04:00
parent bb7da85516
commit 04394b9976
31 changed files with 7200 additions and 1297 deletions
--- a/backend/apps/api/v1/auth/views.py
+++ b/backend/apps/api/v1/auth/views.py
@@ -6,6 +6,16 @@ login, signup, logout, password management, social authentication,
 user profiles, and top lists.
 """

+from .serializers.social import (
+    ConnectedProviderSerializer,
+    AvailableProviderSerializer,
+    SocialAuthStatusSerializer,
+    ConnectProviderInputSerializer,
+    ConnectProviderOutputSerializer,
+    DisconnectProviderOutputSerializer,
+    SocialProviderErrorSerializer,
+)
+from apps.accounts.services.social_provider_service import SocialProviderService
 from django.contrib.auth import authenticate, login, logout, get_user_model
 from django.contrib.sites.shortcuts import get_current_site
 from django.core.exceptions import ValidationError
@@ -19,7 +29,8 @@ from rest_framework.response import Response
 from rest_framework.permissions import AllowAny, IsAuthenticated
 from drf_spectacular.utils import extend_schema, extend_schema_view

-from .serializers import (
+# Import from the main serializers.py file (not the serializers package)
+from ..serializers import (
    # Authentication serializers
    LoginInputSerializer,
    LoginOutputSerializer,
@@ -168,13 +179,17 @@ class LoginAPIView(APIView):
                if getattr(user, "is_active", False):
                    # pass a real HttpRequest to Django login
                    login(_get_underlying_request(request), user)
-                    from rest_framework.authtoken.models import Token

-                    token, _ = Token.objects.get_or_create(user=user)
+                    # Generate JWT tokens
+                    from rest_framework_simplejwt.tokens import RefreshToken
+
+                    refresh = RefreshToken.for_user(user)
+                    access_token = refresh.access_token

                    response_serializer = LoginOutputSerializer(
                        {
-                            "token": token.key,
+                            "access": str(access_token),
+                            "refresh": str(refresh),
                            "user": user,
                            "message": "Login successful",
                        }
@@ -228,13 +243,17 @@ class SignupAPIView(APIView):
            user = serializer.save()
            # pass a real HttpRequest to Django login
            login(_get_underlying_request(request), user)  # type: ignore[arg-type]
-            from rest_framework.authtoken.models import Token

-            token, _ = Token.objects.get_or_create(user=user)
+            # Generate JWT tokens
+            from rest_framework_simplejwt.tokens import RefreshToken
+
+            refresh = RefreshToken.for_user(user)
+            access_token = refresh.access_token

            response_serializer = SignupOutputSerializer(
                {
-                    "token": token.key,
+                    "access": str(access_token),
+                    "refresh": str(refresh),
                    "user": user,
                    "message": "Registration successful",
                }
@@ -247,7 +266,7 @@ class SignupAPIView(APIView):
@extend_schema_view(
    post=extend_schema(
        summary="User logout",
-        description="Logout the current user and invalidate their token.",
+        description="Logout the current user and blacklist their refresh token.",
        responses={
            200: LogoutOutputSerializer,
            401: "Unauthorized",
@@ -263,7 +282,26 @@ class LogoutAPIView(APIView):

    def post(self, request: Request) -> Response:
        try:
-            # Delete the token for token-based auth
+            # Get refresh token from request data with proper type handling
+            refresh_token = None
+            if hasattr(request, 'data') and request.data is not None:
+                data = getattr(request, 'data', {})
+                if hasattr(data, 'get'):
+                    refresh_token = data.get("refresh")
+
+            if refresh_token and isinstance(refresh_token, str):
+                # Blacklist the refresh token
+                from rest_framework_simplejwt.tokens import RefreshToken
+                try:
+                    # Create RefreshToken from string and blacklist it
+                    refresh_token_obj = RefreshToken(
+                        refresh_token)  # type: ignore[arg-type]
+                    refresh_token_obj.blacklist()
+                except Exception:
+                    # Token might be invalid or already blacklisted
+                    pass
+
+            # Also delete the old token for backward compatibility
            if hasattr(request.user, "auth_token"):
                request.user.auth_token.delete()

@@ -464,6 +502,236 @@ class AuthStatusAPIView(APIView):
        return Response(serializer.data)


+# === SOCIAL PROVIDER MANAGEMENT API VIEWS ===
+
+
+@extend_schema_view(
+    get=extend_schema(
+        summary="Get available social providers",
+        description="Retrieve list of available social authentication providers.",
+        responses={
+            200: AvailableProviderSerializer(many=True),
+        },
+        tags=["Social Authentication"],
+    ),
+)
+class AvailableProvidersAPIView(APIView):
+    """API endpoint to get available social providers."""
+
+    permission_classes = [AllowAny]
+    serializer_class = AvailableProviderSerializer
+
+    def get(self, request: Request) -> Response:
+        providers = [
+            {
+                "provider": "google",
+                "name": "Google",
+                "login_url": "/auth/social/google/",
+                "connect_url": "/auth/social/connect/google/",
+            },
+            {
+                "provider": "discord",
+                "name": "Discord",
+                "login_url": "/auth/social/discord/",
+                "connect_url": "/auth/social/connect/discord/",
+            }
+        ]
+
+        serializer = AvailableProviderSerializer(providers, many=True)
+        return Response(serializer.data)
+
+
+@extend_schema_view(
+    get=extend_schema(
+        summary="Get connected social providers",
+        description="Retrieve list of social providers connected to the user's account.",
+        responses={
+            200: ConnectedProviderSerializer(many=True),
+            401: "Unauthorized",
+        },
+        tags=["Social Authentication"],
+    ),
+)
+class ConnectedProvidersAPIView(APIView):
+    """API endpoint to get user's connected social providers."""
+
+    permission_classes = [IsAuthenticated]
+    serializer_class = ConnectedProviderSerializer
+
+    def get(self, request: Request) -> Response:
+        service = SocialProviderService()
+        providers = service.get_connected_providers(request.user)
+
+        serializer = ConnectedProviderSerializer(providers, many=True)
+        return Response(serializer.data)
+
+
+@extend_schema_view(
+    post=extend_schema(
+        summary="Connect social provider",
+        description="Connect a social authentication provider to the user's account.",
+        request=ConnectProviderInputSerializer,
+        responses={
+            200: ConnectProviderOutputSerializer,
+            400: SocialProviderErrorSerializer,
+            401: "Unauthorized",
+        },
+        tags=["Social Authentication"],
+    ),
+)
+class ConnectProviderAPIView(APIView):
+    """API endpoint to connect a social provider."""
+
+    permission_classes = [IsAuthenticated]
+    serializer_class = ConnectProviderInputSerializer
+
+    def post(self, request: Request, provider: str) -> Response:
+        # Validate provider
+        if provider not in ['google', 'discord']:
+            return Response(
+                {
+                    "success": False,
+                    "error": "INVALID_PROVIDER",
+                    "message": f"Provider '{provider}' is not supported",
+                    "suggestions": ["Use 'google' or 'discord'"]
+                },
+                status=status.HTTP_400_BAD_REQUEST
+            )
+
+        serializer = ConnectProviderInputSerializer(data=request.data)
+        if not serializer.is_valid():
+            return Response(
+                {
+                    "success": False,
+                    "error": "VALIDATION_ERROR",
+                    "message": "Invalid request data",
+                    "details": serializer.errors,
+                    "suggestions": ["Provide a valid access_token"]
+                },
+                status=status.HTTP_400_BAD_REQUEST
+            )
+
+        access_token = serializer.validated_data['access_token']
+
+        try:
+            service = SocialProviderService()
+            result = service.connect_provider(request.user, provider, access_token)
+
+            response_serializer = ConnectProviderOutputSerializer(result)
+            return Response(response_serializer.data)
+
+        except Exception as e:
+            return Response(
+                {
+                    "success": False,
+                    "error": "CONNECTION_FAILED",
+                    "message": str(e),
+                    "suggestions": [
+                        "Verify the access token is valid",
+                        "Ensure the provider account is not already connected to another user"
+                    ]
+                },
+                status=status.HTTP_400_BAD_REQUEST
+            )
+
+
+@extend_schema_view(
+    post=extend_schema(
+        summary="Disconnect social provider",
+        description="Disconnect a social authentication provider from the user's account.",
+        responses={
+            200: DisconnectProviderOutputSerializer,
+            400: SocialProviderErrorSerializer,
+            401: "Unauthorized",
+        },
+        tags=["Social Authentication"],
+    ),
+)
+class DisconnectProviderAPIView(APIView):
+    """API endpoint to disconnect a social provider."""
+
+    permission_classes = [IsAuthenticated]
+    serializer_class = DisconnectProviderOutputSerializer
+
+    def post(self, request: Request, provider: str) -> Response:
+        # Validate provider
+        if provider not in ['google', 'discord']:
+            return Response(
+                {
+                    "success": False,
+                    "error": "INVALID_PROVIDER",
+                    "message": f"Provider '{provider}' is not supported",
+                    "suggestions": ["Use 'google' or 'discord'"]
+                },
+                status=status.HTTP_400_BAD_REQUEST
+            )
+
+        try:
+            service = SocialProviderService()
+
+            # Check if disconnection is safe
+            can_disconnect, reason = service.can_disconnect_provider(
+                request.user, provider)
+            if not can_disconnect:
+                return Response(
+                    {
+                        "success": False,
+                        "error": "UNSAFE_DISCONNECTION",
+                        "message": reason,
+                        "suggestions": [
+                            "Set up email/password authentication before disconnecting",
+                            "Connect another social provider before disconnecting this one"
+                        ]
+                    },
+                    status=status.HTTP_400_BAD_REQUEST
+                )
+
+            # Perform disconnection
+            result = service.disconnect_provider(request.user, provider)
+
+            response_serializer = DisconnectProviderOutputSerializer(result)
+            return Response(response_serializer.data)
+
+        except Exception as e:
+            return Response(
+                {
+                    "success": False,
+                    "error": "DISCONNECTION_FAILED",
+                    "message": str(e),
+                    "suggestions": [
+                        "Verify the provider is currently connected",
+                        "Ensure you have alternative authentication methods"
+                    ]
+                },
+                status=status.HTTP_400_BAD_REQUEST
+            )
+
+
+@extend_schema_view(
+    get=extend_schema(
+        summary="Get social authentication status",
+        description="Get comprehensive social authentication status for the user.",
+        responses={
+            200: SocialAuthStatusSerializer,
+            401: "Unauthorized",
+        },
+        tags=["Social Authentication"],
+    ),
+)
+class SocialAuthStatusAPIView(APIView):
+    """API endpoint to get social authentication status."""
+
+    permission_classes = [IsAuthenticated]
+    serializer_class = SocialAuthStatusSerializer
+
+    def get(self, request: Request) -> Response:
+        service = SocialProviderService()
+        auth_status = service.get_auth_status(request.user)
+
+        serializer = SocialAuthStatusSerializer(auth_status)
+        return Response(serializer.data)
+
+
 # Note: User Profile, Top List, and Top List Item ViewSets are now handled
 # by the dedicated accounts app at backend/apps/api/v1/accounts/views.py
 # to avoid duplication and maintain clean separation of concerns.