Implement security enhancements and unified response formats across API endpoints. Update permission classes for various ViewSets to ensure proper tenant isolation and compliance with API standards. Refactor authentication endpoints to utilize success and error response helpers, improving error tracking and response consistency. Complete documentation updates reflecting these changes and achieving full compliance with API Standard v1.0.
This commit is contained in:
Desktop
@@ -8,6 +8,7 @@ from rest_framework.views import APIView
|
||||
from rest_framework.response import Response
|
||||
from rest_framework import status, permissions
|
||||
from drf_spectacular.utils import extend_schema
|
||||
from igny8_core.api.response import success_response, error_response
|
||||
from .views import (
|
||||
GroupsViewSet, UsersViewSet, AccountsViewSet, SubscriptionsViewSet,
|
||||
SiteUserAccessViewSet, PlanViewSet, SiteViewSet, SectorViewSet,
|
||||
@@ -47,15 +48,18 @@ class RegisterView(APIView):
|
||||
if serializer.is_valid():
|
||||
user = serializer.save()
|
||||
user_serializer = UserSerializer(user)
|
||||
return Response({
|
||||
'success': True,
|
||||
'message': 'Registration successful',
|
||||
'user': user_serializer.data
|
||||
}, status=status.HTTP_201_CREATED)
|
||||
return Response({
|
||||
'success': False,
|
||||
'errors': serializer.errors
|
||||
}, status=status.HTTP_400_BAD_REQUEST)
|
||||
return success_response(
|
||||
data={'user': user_serializer.data},
|
||||
message='Registration successful',
|
||||
status_code=status.HTTP_201_CREATED,
|
||||
request=request
|
||||
)
|
||||
return error_response(
|
||||
error='Validation failed',
|
||||
errors=serializer.errors,
|
||||
status_code=status.HTTP_400_BAD_REQUEST,
|
||||
request=request
|
||||
)
|
||||
|
||||
|
||||
@extend_schema(
|
||||
@@ -76,10 +80,11 @@ class LoginView(APIView):
|
||||
try:
|
||||
user = User.objects.get(email=email)
|
||||
except User.DoesNotExist:
|
||||
return Response({
|
||||
'success': False,
|
||||
'message': 'Invalid credentials'
|
||||
}, status=status.HTTP_401_UNAUTHORIZED)
|
||||
return error_response(
|
||||
error='Invalid credentials',
|
||||
status_code=status.HTTP_401_UNAUTHORIZED,
|
||||
request=request
|
||||
)
|
||||
|
||||
if user.check_password(password):
|
||||
# Log the user in (create session for session authentication)
|
||||
@@ -111,27 +116,32 @@ class LoginView(APIView):
|
||||
'accessible_sites': [],
|
||||
}
|
||||
|
||||
return Response({
|
||||
'success': True,
|
||||
'message': 'Login successful',
|
||||
'user': user_data,
|
||||
'tokens': {
|
||||
'access': access_token,
|
||||
'refresh': refresh_token,
|
||||
'access_expires_at': access_expires_at.isoformat(),
|
||||
'refresh_expires_at': refresh_expires_at.isoformat(),
|
||||
}
|
||||
})
|
||||
return success_response(
|
||||
data={
|
||||
'user': user_data,
|
||||
'tokens': {
|
||||
'access': access_token,
|
||||
'refresh': refresh_token,
|
||||
'access_expires_at': access_expires_at.isoformat(),
|
||||
'refresh_expires_at': refresh_expires_at.isoformat(),
|
||||
}
|
||||
},
|
||||
message='Login successful',
|
||||
request=request
|
||||
)
|
||||
|
||||
return Response({
|
||||
'success': False,
|
||||
'message': 'Invalid credentials'
|
||||
}, status=status.HTTP_401_UNAUTHORIZED)
|
||||
return error_response(
|
||||
error='Invalid credentials',
|
||||
status_code=status.HTTP_401_UNAUTHORIZED,
|
||||
request=request
|
||||
)
|
||||
|
||||
return Response({
|
||||
'success': False,
|
||||
'errors': serializer.errors
|
||||
}, status=status.HTTP_400_BAD_REQUEST)
|
||||
return error_response(
|
||||
error='Validation failed',
|
||||
errors=serializer.errors,
|
||||
status_code=status.HTTP_400_BAD_REQUEST,
|
||||
request=request
|
||||
)
|
||||
|
||||
|
||||
@extend_schema(
|
||||
@@ -148,23 +158,26 @@ class ChangePasswordView(APIView):
|
||||
if serializer.is_valid():
|
||||
user = request.user
|
||||
if not user.check_password(serializer.validated_data['old_password']):
|
||||
return Response({
|
||||
'success': False,
|
||||
'message': 'Current password is incorrect'
|
||||
}, status=status.HTTP_400_BAD_REQUEST)
|
||||
return error_response(
|
||||
error='Current password is incorrect',
|
||||
status_code=status.HTTP_400_BAD_REQUEST,
|
||||
request=request
|
||||
)
|
||||
|
||||
user.set_password(serializer.validated_data['new_password'])
|
||||
user.save()
|
||||
|
||||
return Response({
|
||||
'success': True,
|
||||
'message': 'Password changed successfully'
|
||||
})
|
||||
return success_response(
|
||||
message='Password changed successfully',
|
||||
request=request
|
||||
)
|
||||
|
||||
return Response({
|
||||
'success': False,
|
||||
'errors': serializer.errors
|
||||
}, status=status.HTTP_400_BAD_REQUEST)
|
||||
return error_response(
|
||||
error='Validation failed',
|
||||
errors=serializer.errors,
|
||||
status_code=status.HTTP_400_BAD_REQUEST,
|
||||
request=request
|
||||
)
|
||||
|
||||
|
||||
@extend_schema(
|
||||
@@ -182,10 +195,10 @@ class MeView(APIView):
|
||||
from .models import User as UserModel
|
||||
user = UserModel.objects.select_related('account', 'account__plan').get(id=request.user.id)
|
||||
serializer = UserSerializer(user)
|
||||
return Response({
|
||||
'success': True,
|
||||
'user': serializer.data
|
||||
})
|
||||
return success_response(
|
||||
data={'user': serializer.data},
|
||||
request=request
|
||||
)
|
||||
|
||||
|
||||
urlpatterns = [
|
||||
|
||||
Reference in New Issue
Block a user