salman/igny8
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Implement security enhancements and unified response formats across API endpoints. Update permission classes for various ViewSets to ensure proper tenant isolation and compliance with API standards. Refactor authentication endpoints to utilize success and error response helpers, improving error tracking and response consistency. Complete documentation updates reflecting these changes and achieving full compliance with API Standard v1.0.

Browse Source
This commit is contained in:
Desktop
2025-11-16 11:35:47 +05:00
parent d492b74d40
commit 64b8280bce
8 changed files with 739 additions and 93 deletions
Download Patch File Download Diff File Expand all files Collapse all files

109
backend/igny8_core/auth/urls.py
View File

@@ -8,6 +8,7 @@ from rest_framework.views import APIView
from rest_framework.response import Response
from rest_framework import status, permissions
from drf_spectacular.utils import extend_schema
from igny8_core.api.response import success_response, error_response
from .views import (
GroupsViewSet, UsersViewSet, AccountsViewSet, SubscriptionsViewSet,
SiteUserAccessViewSet, PlanViewSet, SiteViewSet, SectorViewSet,
@@ -47,15 +48,18 @@ class RegisterView(APIView):
if serializer.is_valid():
user = serializer.save()
user_serializer = UserSerializer(user)
return Response({
'success': True,
'message': 'Registration successful',
'user': user_serializer.data
}, status=status.HTTP_201_CREATED)
return Response({
'success': False,
'errors': serializer.errors
}, status=status.HTTP_400_BAD_REQUEST)
return success_response(
data={'user': user_serializer.data},
message='Registration successful',
status_code=status.HTTP_201_CREATED,
request=request
)
return error_response(
error='Validation failed',
errors=serializer.errors,
status_code=status.HTTP_400_BAD_REQUEST,
request=request
)
@extend_schema(
@@ -76,10 +80,11 @@ class LoginView(APIView):
try:
user = User.objects.get(email=email)
except User.DoesNotExist:
return Response({
'success': False,
'message': 'Invalid credentials'
}, status=status.HTTP_401_UNAUTHORIZED)
return error_response(
error='Invalid credentials',
status_code=status.HTTP_401_UNAUTHORIZED,
request=request
)
if user.check_password(password):
# Log the user in (create session for session authentication)
@@ -111,27 +116,32 @@ class LoginView(APIView):
'accessible_sites': [],
}
return Response({
'success': True,
'message': 'Login successful',
'user': user_data,
'tokens': {
'access': access_token,
'refresh': refresh_token,
'access_expires_at': access_expires_at.isoformat(),
'refresh_expires_at': refresh_expires_at.isoformat(),
}
})
return success_response(
data={
'user': user_data,
'tokens': {
'access': access_token,
'refresh': refresh_token,
'access_expires_at': access_expires_at.isoformat(),
'refresh_expires_at': refresh_expires_at.isoformat(),
}
},
message='Login successful',
request=request
)
return Response({
'success': False,
'message': 'Invalid credentials'
}, status=status.HTTP_401_UNAUTHORIZED)
return error_response(
error='Invalid credentials',
status_code=status.HTTP_401_UNAUTHORIZED,
request=request
)
return Response({
'success': False,
'errors': serializer.errors
}, status=status.HTTP_400_BAD_REQUEST)
return error_response(
error='Validation failed',
errors=serializer.errors,
status_code=status.HTTP_400_BAD_REQUEST,
request=request
)
@extend_schema(
@@ -148,23 +158,26 @@ class ChangePasswordView(APIView):
if serializer.is_valid():
user = request.user
if not user.check_password(serializer.validated_data['old_password']):
return Response({
'success': False,
'message': 'Current password is incorrect'
}, status=status.HTTP_400_BAD_REQUEST)
return error_response(
error='Current password is incorrect',
status_code=status.HTTP_400_BAD_REQUEST,
request=request
)
user.set_password(serializer.validated_data['new_password'])
user.save()
return Response({
'success': True,
'message': 'Password changed successfully'
})
return success_response(
message='Password changed successfully',
request=request
)
return Response({
'success': False,
'errors': serializer.errors
}, status=status.HTTP_400_BAD_REQUEST)
return error_response(
error='Validation failed',
errors=serializer.errors,
status_code=status.HTTP_400_BAD_REQUEST,
request=request
)
@extend_schema(
@@ -182,10 +195,10 @@ class MeView(APIView):
from .models import User as UserModel
user = UserModel.objects.select_related('account', 'account__plan').get(id=request.user.id)
serializer = UserSerializer(user)
return Response({
'success': True,
'user': serializer.data
})
return success_response(
data={'user': serializer.data},
request=request
)
urlpatterns = [

13
backend/igny8_core/auth/views.py
View File

@@ -16,6 +16,7 @@ from igny8_core.api.authentication import JWTAuthentication, CSRFExemptSessionAu
from igny8_core.api.response import success_response, error_response
from igny8_core.api.throttles import DebugScopedRateThrottle
from igny8_core.api.pagination import CustomPageNumberPagination
from igny8_core.api.permissions import IsAuthenticatedAndActive, HasTenantAccess
from .models import User, Account, Plan, Subscription, Site, Sector, SiteUserAccess, Industry, IndustrySector, SeedKeyword
from .serializers import (
UserSerializer, AccountSerializer, PlanSerializer, SubscriptionSerializer,
@@ -140,7 +141,7 @@ class UsersViewSet(AccountModelViewSet):
"""
queryset = User.objects.all()
serializer_class = UserSerializer
permission_classes = [IsOwnerOrAdmin]
permission_classes = [IsAuthenticatedAndActive, HasTenantAccess, IsOwnerOrAdmin]
pagination_class = CustomPageNumberPagination
throttle_scope = 'auth'
throttle_classes = [DebugScopedRateThrottle]
@@ -274,7 +275,7 @@ class AccountsViewSet(AccountModelViewSet):
"""
queryset = Account.objects.all()
serializer_class = AccountSerializer
permission_classes = [IsOwnerOrAdmin]
permission_classes = [IsAuthenticatedAndActive, HasTenantAccess, IsOwnerOrAdmin]
pagination_class = CustomPageNumberPagination
throttle_scope = 'auth'
throttle_classes = [DebugScopedRateThrottle]
@@ -338,7 +339,7 @@ class SubscriptionsViewSet(AccountModelViewSet):
Unified API Standard v1.0 compliant
"""
queryset = Subscription.objects.all()
permission_classes = [IsOwnerOrAdmin]
permission_classes = [IsAuthenticatedAndActive, HasTenantAccess, IsOwnerOrAdmin]
pagination_class = CustomPageNumberPagination
throttle_scope = 'auth'
throttle_classes = [DebugScopedRateThrottle]
@@ -400,7 +401,7 @@ class SiteUserAccessViewSet(AccountModelViewSet):
Unified API Standard v1.0 compliant
"""
serializer_class = SiteUserAccessSerializer
permission_classes = [IsOwnerOrAdmin]
permission_classes = [IsAuthenticatedAndActive, HasTenantAccess, IsOwnerOrAdmin]
pagination_class = CustomPageNumberPagination
throttle_scope = 'auth'
throttle_classes = [DebugScopedRateThrottle]
@@ -472,7 +473,7 @@ class PlanViewSet(viewsets.ReadOnlyModelViewSet):
class SiteViewSet(AccountModelViewSet):
"""ViewSet for managing Sites."""
serializer_class = SiteSerializer
permission_classes = [IsEditorOrAbove]
permission_classes = [IsAuthenticatedAndActive, HasTenantAccess, IsEditorOrAbove]
authentication_classes = [JWTAuthentication, CSRFExemptSessionAuthentication]
def get_permissions(self):
@@ -715,7 +716,7 @@ class SiteViewSet(AccountModelViewSet):
class SectorViewSet(AccountModelViewSet):
"""ViewSet for managing Sectors."""
serializer_class = SectorSerializer
permission_classes = [IsEditorOrAbove]
permission_classes = [IsAuthenticatedAndActive, HasTenantAccess, IsEditorOrAbove]
authentication_classes = [JWTAuthentication, CSRFExemptSessionAuthentication]
def get_queryset(self):