Merge pull request #26 from AnimalFoodBank:feature/20231121-client-on…

…boarding

Refactor user registration and authentication process

.trunk/configs/.shellcheckrc

@@ -0,0 +1,7 @@
+enable=all
+source-path=SCRIPTDIR
+disable=SC2154
+
+# If you're having issues with shellcheck following source, disable the errors via:
+# disable=SC1090
+# disable=SC1091

.trunk/trunk.yaml

@@ -2,33 +2,36 @@
 # To learn more about the format of this file, see https://docs.trunk.io/reference/trunk-yaml
 version: 0.1
 cli:
-  version: 1.16.0
+  version: 1.17.2
 plugins:
   sources:
     - id: trunk
-      ref: v1.2.3
+      ref: v1.3.0
       uri: https://github.com/trunk-io/plugins
 runtimes:
   enabled:
+    - [email protected]
     - [email protected]
     - [email protected]
 lint:
   enabled:
-    - [email protected]
-    - [email protected]
+    - [email protected]
+    - [email protected]
+    - [email protected]
+    - [email protected]
     - [email protected]
     - [email protected]
     - [email protected]
-    - checkov@2.4.9
+    - checkov@3.1.9
     - git-diff-check
     - [email protected]
-    - markdownlint@0.36.0
-    - [email protected].0
-    - prettier@3.0.3
-    - ruff@0.0.290
-    - trivy@0.45.1
-    - trufflehog@3.56.1
-    - yamllint@1.32.0
+    - markdownlint@0.37.0
+    - [email protected].3
+    - prettier@3.1.0
+    - ruff@0.1.6
+    - trivy@0.47.0
+    - trufflehog@3.63.2-rc0
+    - yamllint@1.33.0
 actions:
   disabled:
     - trunk-announce

README.md

@@ -9,10 +9,13 @@
 https://cli.vuejs.org/guide/installation.html
 
 ```bash
+    <!-- trunk-ignore(markdownlint/MD014) -->
+    $ yarn install
 
-    # TODO: Update for Vite
-    $ npm install -g @vue/cli
+    $ npx vite
+    $ npx vite --help
 
+    $ npx vite --debug hmr
 ```
 
 
@@ -111,6 +114,9 @@ http://localhost:8025
     # development server with Werkzeug's debugger.
     # https://werkzeug.palletsprojects.com/en/3.0.x/
     $ ./manage.py runserver_plus
+
+    # Rollback to an empty DB
+    $  ./manage.py migrate afbcore zero
 ```
 
 
@@ -181,3 +187,26 @@ https://github.com/unfoldadmin/django-unfold#installation
 ## Links nov 19
 
 https://httptoolkit.com/blog/how-to-debug-cors-errors/
+
+
+### Email Server (from cookiecutter-django)
+
+In development, it is often nice to be able to see emails that are being sent from your application. If you choose to use [Mailpit](https://github.com/axllent/mailpit) when generating the project a local SMTP server with a web interface will be available.
+
+1. [Download the latest Mailpit release](https://github.com/axllent/mailpit/releases) for your OS.
+
+2. Copy the binary file to the project root.
+
+3. Make it executable:
+
+```bash
+        $ chmod +x mailpit
+```
+
+4. Spin up another terminal window and start it there:
+
+```bash
+    ./mailpit
+```
+
+5. Check out http://127.0.0.1:8025/ to see how it goes.

apps/README.md

@@ -3,5 +3,7 @@
 
 * `api/` - A Django application running the REST API.
 * `ui/` - A Vite+Vue+Tailwind application for the frontend UI.
+* `vvs/` - A Vueform+Vite+Tailwind via [cloned starter repo](https://github.com/vueform/vite-starter#installation)
+  * See further instructions in the [Vueform docs](https://vueform.com/docs/installation)
 
 In dev, the apps run separately. In prod the Django app static directory hosts the generated build files.

apps/api/afb/settings.py

@@ -58,12 +58,36 @@
     "django_extensions",  # add this for 'python manage.py runserver_plus'
     "rest_framework",  # add DRF
     "rest_framework.authtoken",
+    "drf_registration",
     "django_filters",  # add DRF filters
     "phonenumber_field",
     "django_vite",  # May not need this? If using Vite/Vue for frontend via API.
     "afbcore",
 ]
 
+MIDDLEWARE = [
+    "django.middleware.security.SecurityMiddleware",
+    "django.contrib.sessions.middleware.SessionMiddleware",
+    "corsheaders.middleware.CorsMiddleware",
+    # 'afbcore.middleware.DebugCorsMiddleware',
+    "django.middleware.common.CommonMiddleware",
+    "django.middleware.csrf.CsrfViewMiddleware",
+    "django.contrib.auth.middleware.AuthenticationMiddleware",
+    "django.contrib.messages.middleware.MessageMiddleware",
+    "django.middleware.clickjacking.XFrameOptionsMiddleware",
+]
+
+if DEBUG:
+    INSTALLED_APPS += [
+        "django.contrib.admindocs",
+        "debug_toolbar",
+    ]
+
+    MIDDLEWARE += [
+        "debug_toolbar.middleware.DebugToolbarMiddleware",
+    ]
+
+
 VITE_APP_DIR = BASE_DIR.parent / "ui"
 
 # https://github.com/adamchainz/django-cors-headers
@@ -167,34 +191,55 @@
     # Use Django's standard `django.contrib.auth` permissions,
     # or allow read-only access for unauthenticated users.
     "DEFAULT_PERMISSION_CLASSES": [
-        "rest_framework.permissions.DjangoModelPermissionsOrAnonReadOnly"
+        # "rest_framework.permissions.DjangoModelPermissionsOrAnonReadOnly",
+        # 'rest_framework.permissions.AllowAny',
+        "rest_framework.permissions.IsAuthenticated",
     ],
     "DEFAULT_PAGINATION_CLASS": "rest_framework.pagination.PageNumberPagination",
     "PAGE_SIZE": 10,
     "DEFAULT_FILTER_BACKENDS": ["django_filters.rest_framework.DjangoFilterBackend"],
     "DEFAULT_AUTHENTICATION_CLASSES": [
-        # "rest_framework.authentication.SessionAuthentication",
+        "rest_framework.authentication.SessionAuthentication",
         "rest_framework.authentication.TokenAuthentication",
     ],
 }
 
+# For the default settings see:
+# https://drf-registration.readthedocs.io/en/latest/settings/index.html
+DRF_REGISTRATION = {
+    # General settings
+    "PROJECT_NAME": "AFB Requests",
+    "PROJECT_BASE_URL": "",
+    # User fields to register and respond to profile
+    "USER_FIELDS": (
+        "id",
+        "email",
+        # "password",
+        "name",
+        "is_active",
+    ),
+    "USER_READ_ONLY_FIELDS": (
+        "is_superuser",
+        "is_staff",
+        "is_active",
+    ),
+    "USER_SERIALIZER": "afbcore.serializers.UserSerializer",
+    "REGISTER_SERIALIZER": "afbcore.serializers.RegisterSerializer",
+    "USER_WRITE_ONLY_FIELDS": ("password",),
+    "REGISTER_SEND_WELCOME_EMAIL_ENABLED": True,
+    # For custom login username fields
+    "LOGIN_USERNAME_FIELDS": [
+        "email",
+    ],
+    "LOGOUT_REMOVE_TOKEN": True,
+}
+
+
 PHONENUMBER_DB_FORMAT = "INTERNATIONAL"
 PHONENUMBER_DEFAULT_FORMAT = "E164"
 PHONENUMBER_DEFAULT_REGION = "CA"
 
 
-MIDDLEWARE = [
-    "django.middleware.security.SecurityMiddleware",
-    "django.contrib.sessions.middleware.SessionMiddleware",
-    "corsheaders.middleware.CorsMiddleware",
-    # 'afbcore.middleware.DebugCorsMiddleware',
-    "django.middleware.common.CommonMiddleware",
-    "django.middleware.csrf.CsrfViewMiddleware",
-    "django.contrib.auth.middleware.AuthenticationMiddleware",
-    "django.contrib.messages.middleware.MessageMiddleware",
-    "django.middleware.clickjacking.XFrameOptionsMiddleware",
-]
-
 ROOT_URLCONF = "afb.urls"
 
 # Django-Tailwind
@@ -204,6 +249,10 @@
 
 AUTH_USER_MODEL = "afbcore.User"
 
+AUTHENTICATION_BACKENDS = [
+    "drf_registration.auth.MultiFieldsModelBackend",
+]
+
 INTERNAL_IPS = [
     # Add local IP addresses here for tailwind to work, then run:
     # * (Dev) `python manage.py tailwind install`
@@ -233,6 +282,18 @@
 WSGI_APPLICATION = "afb.wsgi.application"
 
 
+# EMAIL
+# https://docs.djangoproject.com/en/4.2/ref/settings/#email-backend
+#
+EMAIL_BACKEND = "django.core.mail.backends.smtp.EmailBackend"
+#
+EMAIL_TIMEOUT = 5
+#
+EMAIL_HOST = "localhost"
+#
+EMAIL_PORT = 1025
+
+
 # Database
 # https://docs.djangoproject.com/en/4.2/ref/settings/#databases
 
@@ -247,6 +308,7 @@
 # Password validation
 # https://docs.djangoproject.com/en/4.2/ref/settings/#auth-password-validators
 
+
 AUTH_PASSWORD_VALIDATORS = [
     {
         "NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator",
@@ -279,3 +341,26 @@
 # https://docs.djangoproject.com/en/4.2/ref/settings/#default-auto-field
 
 DEFAULT_AUTO_FIELD = "django.db.models.BigAutoField"
+
+# LOGGING
+# ------------------------------------------------------------------------------
+# https://docs.djangoproject.com/en/dev/ref/settings/#logging
+# See https://docs.djangoproject.com/en/dev/topics/logging for
+# more details on how to customize your logging configuration.
+LOGGING = {
+    "version": 1,
+    "disable_existing_loggers": False,
+    "formatters": {
+        "verbose": {
+            "format": "%(levelname)s %(asctime)s %(module)s %(process)d %(thread)d %(message)s",
+        },
+    },
+    "handlers": {
+        "console": {
+            "level": "DEBUG",
+            "class": "logging.StreamHandler",
+            "formatter": "verbose",
+        }
+    },
+    "root": {"level": "INFO", "handlers": ["console"]},
+}